Re: [rtcweb] Requiring ICE for RTC calls

Roman Shpount <roman@telurix.com> Tue, 27 September 2011 16:28 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A60021F8E24 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 09:28:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.66
X-Spam-Level:
X-Spam-Status: No, score=-1.66 tagged_above=-999 required=5 tests=[AWL=-0.644, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oeJeIvn-E3Hr for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 09:28:15 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 5E26D21F8C89 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 09:28:15 -0700 (PDT)
Received: by ywa6 with SMTP id 6so6859742ywa.31 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 09:31:01 -0700 (PDT)
Received: by 10.150.171.4 with SMTP id t4mr7273939ybe.408.1317141060967; Tue, 27 Sep 2011 09:31:00 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by mx.google.com with ESMTPS id z6sm80029724anf.22.2011.09.27.09.30.59 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 27 Sep 2011 09:31:00 -0700 (PDT)
Received: by gyd12 with SMTP id 12so6682746gyd.31 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 09:30:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.31.4 with SMTP id w4mr9259452pbh.20.1317141059169; Tue, 27 Sep 2011 09:30:59 -0700 (PDT)
Received: by 10.68.55.39 with HTTP; Tue, 27 Sep 2011 09:30:59 -0700 (PDT)
In-Reply-To: <4E81E8AB.2080404@skype.net>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <CAD5OKxvUOadaU0dnB7-Ho9cZ92VY+4Owuhj7oKPCx9Jy1iwT1Q@mail.gmail.com> <C2DF2C51-B3F7-443D-A047-7E6FB03E6D20@phonefromhere.com> <CAD5OKxsy2eKx5Bc8iayYazSyyykZZTGx9UO7NEE=fxYYdouy0w@mail.gmail.com> <4E81E8AB.2080404@skype.net>
Date: Tue, 27 Sep 2011 12:30:59 -0400
Message-ID: <CAD5OKxukiZzhotpjhmH6y6XCRYsBWUjzYAUYX9bGy+n=D-V31g@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Matthew Kaufman <matthew.kaufman@skype.net>
Content-Type: multipart/alternative; boundary=bcaec520f27df36f3a04adeecc95
Cc: Randell Jesup <randell-ietf@jesup.org>, rtcweb@ietf.org
Subject: Re: [rtcweb] Requiring ICE for RTC calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 16:28:16 -0000

Matthew,

One possible solution would be to have a slow rate RTP start, if remote end
point does not indicate ICE support. Instead of sending real media, RTC end
point will send no-media RTP packets at the rate of 2-3 per second for 10-15
seconds. If it receives a valid RTP packet back from the destination IP, it
will consider RTP flow verified and switch to sending media at normal rate,
otherwise media stream is terminated. We can have a better timing mechanism
for RTP packets to match the number of packets in the initial STUN handshake
in ICE, but the general idea is to get interoperability with existing
networks at the cost of 20 packet handshake. I do realize that the problem
with this that the RTP packets can be spoofed to force the web end point to
transmit, but this is the best solution I see so far.

If we do decide that ICE is a requirement, we can also have a local policy,
web site can be specified for which the calls are allowed without ICE.

Independently from all of this, SRTP should be optional. It does present
privacy concerns, but they are no different then privacy concerns over HTTP.
_____________
Roman Shpount


On Tue, Sep 27, 2011 at 11:15 AM, Matthew Kaufman <matthew.kaufman@skype.net
> wrote:

> On 9/27/2011 7:46 AM, Roman Shpount wrote:
>
>>
>> How real or big do you think this problem is going to be? None of the
>> current SIP/VoIP clients address this now, and we have quite a number of
>> them out there. I understand that this is an attack vector but how big of an
>> attack vector is this going to be if we ask for user confirmation?
>>
>>
> There is no plan to ask for user confirmation to open a connection, receive
> media, or send and receive data. The only user confirmation that is expected
> would be for camera and/or microphone access.
>
> I've seen a dozen messages from you arguing that the requirement for a STUN
> connectivity check is a barrier and should be removed, but I have not yet
> seen an alternative proposal that meets the requirements of browser authors
> with regard to preventing attacks on behind-firewall infrastructure from the
> browser platform.
>
> Matthew Kaufman
>