Re: [rtcweb] Requiring ICE for RTC calls

Hadriel Kaplan <> Thu, 29 September 2011 22:16 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3CEF521F8B5D for <>; Thu, 29 Sep 2011 15:16:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.515
X-Spam-Status: No, score=-2.515 tagged_above=-999 required=5 tests=[AWL=0.083, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Hz3-XlvVEjyL for <>; Thu, 29 Sep 2011 15:16:54 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 384D021F8B5A for <>; Thu, 29 Sep 2011 15:16:54 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Thu, 29 Sep 2011 18:19:45 -0400
Received: from ([]) by ([]) with mapi id 14.01.0270.001; Thu, 29 Sep 2011 18:19:45 -0400
From: Hadriel Kaplan <>
To: Roman Shpount <>
Thread-Topic: [rtcweb] Requiring ICE for RTC calls
Thread-Index: AQHMfvXk4XpbhPaZh0C9QPYrDhTyvQ==
Date: Thu, 29 Sep 2011 22:19:44 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_BC17B533F7E343FA8EA91B715BE9CC9Facmepacketcom_"
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAWE=
Cc: Randell Jesup <>, "<>" <>
Subject: Re: [rtcweb] Requiring ICE for RTC calls
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 29 Sep 2011 22:16:55 -0000

If you built a "phone" which used an RTCWeb model, you would simply ignore the requirement to mandate ICE.  And that's ok.  First, there's no protocol police - nothing forces even Web Browsers to follow these rules, they just will because they're concerned about their Browser's reputations.  And second, presumably your phone wouldn't accept Javascript blindly from any random website, but rather only from something trustworthy and verifiable by the phone… something which couldn't/wouldn't easily be subverted nor unintentionally allowed by the users using the phone.


On Sep 28, 2011, at 3:44 PM, Roman Shpount wrote:

On Wed, Sep 28, 2011 at 1:04 PM, Cullen Jennings <<>> wrote:
I agree with you point that the majority of deployed phones don't support ICE. But so what, what do you propose to do. One thing that is not going to happen is browser vendors do something which makes browsers such a security threat that the browsers are banned from every corporate network. Solutions like CORS solve the problem but short of something like that, I don't see browser vendors deciding that remove same origin policy is a good idea.

As I wrote before, you can use RTC not only in the desktop browser but also in the desktop phone. It is not unreasonable to use the same CPU platform being used in mobile phones and build a desk IP phone which primarily runs the web browser to control its screen and uses RTC to setup voice/video calls. This phone can be a much better and more extendable standard platform for building UC solutions then most of the current SIP phones. The problem is if standard requires ICE/SRTP this phone will not be able to work with most of the current enterprise phones. Once again, since this can be considered a marginal use case, we don't need to cover it in the standard and the phone vendor can just ignore that ICE requirement since it knows that the phone is located in the fully controlled network.
Roman Shpount

rtcweb mailing list<>