Re: [rtcweb] Resolving RTP/SDES question in Paris
"Dan Wing" <dwing@cisco.com> Fri, 23 March 2012 15:02 UTC
Return-Path: <dwing@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2076C21F857F for <rtcweb@ietfa.amsl.com>; Fri, 23 Mar 2012 08:02:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.407
X-Spam-Level:
X-Spam-Status: No, score=-109.407 tagged_above=-999 required=5 tests=[AWL=1.192, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RthhL8-XQ7N4 for <rtcweb@ietfa.amsl.com>; Fri, 23 Mar 2012 08:01:59 -0700 (PDT)
Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id CB74D21F8572 for <rtcweb@ietf.org>; Fri, 23 Mar 2012 08:01:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=5600; q=dns/txt; s=iport; t=1332514919; x=1333724519; h=from:to:cc:references:in-reply-to:subject:date: message-id:mime-version:content-transfer-encoding; bh=fbPp4rlyGPC7jUufDOzIMpeePiEM9zZnsKV5Prw2eKE=; b=jliJ5ujvEPoJcXPMUHCTayEBhofR3x6VeGFCgBl9OdYsZnH3Kq6EXF72 qH2Oz80K6yc6yAaqNRFsOPzH5Jrmxb72Eo66OeU4HIzQO7fxvWYW1mX0V KmyqkRV3NOKtlRDGTP/UnBrfYJBSZnoFLpwZqOrBAkZA7mzgsDrfEORGQ M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFADCQbE+rRDoI/2dsb2JhbAA7Cqgjj2WBB4IJAQEBAwEBAQEFCgEXEC4GCwUHAQMCCQ8CBAEBKAcZDhUKAwEFCAIEARILEAeHYwQMmgGNUZE2ilqGKwSIV4UTljqBaIMH
X-IronPort-AV: E=Sophos;i="4.73,636,1325462400"; d="scan'208";a="34807195"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-3.cisco.com with ESMTP; 23 Mar 2012 15:01:58 +0000
Received: from dwingWS ([10.32.240.196]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id q2NF1vKO025683; Fri, 23 Mar 2012 15:01:57 GMT
From: Dan Wing <dwing@cisco.com>
To: "'Ravindran, Parthasarathi'" <pravindran@sonusnet.com>, 'Roman Shpount' <roman@telurix.com>, 'Harald Alvestrand' <harald@alvestrand.no>, 'Ted Hardie' <ted.ietf@gmail.com>
References: <4F4759DC.7060303@ericsson.com> <387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com> <CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com> <CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com> <CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com> <CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com> <CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com> <4F64FE98.3070605@alcatel-lucent.com> <4F685ED9.2050109@alvestrand.no> <CAD5OKxsVp7px9bHAgxgdqPMxRgppcVUDKt8JHBhyq9qqW3pAMg@mail.gmail.com> <4F68A4CC.9090306@alvestrand.no> <CAD5OKxuiApLKRASc2YuBfkM_8h8wGDPPQ3TdOYGum2yauidA5A@mail.gmail.com> <4F6AECC6.8020004@alvestrand.no> <CAD5OKxsSUeMFYXZMZVqQFWdeEB=30HJuJ=mP9GaYkksBmp1mOA@mail.gmail.com> <03fa01cd087d$57899120$069cb360$@com> <387F9047F55E8C42850AD6B3A7A03C6C0E21E8F5@inba-mail01.sonusnet.com>
In-Reply-To: <387F9047F55E8C42850AD6B3A7A03C6C0E21E8F5@inba-mail01.sonusnet.com>
Date: Fri, 23 Mar 2012 08:01:57 -0700
Message-ID: <062901cd0905$e48bb520$ada31f60$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AQHM8te6ZBG/XYsMg0C4SE+GOqsWNpZtZpyg///nIgCAAAs3AIAASYaAgADU1wCAAESDgIAACAYAgAQGRYCAADINgIAAIVYAgAAIfACAAq+sAIAAVeAAgACNQICAANeboIAAkS2w
Content-Language: en-us
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Mar 2012 15:02:04 -0000
> -----Original Message----- > From: Ravindran, Parthasarathi [mailto:pravindran@sonusnet.com] > Sent: Thursday, March 22, 2012 11:40 PM > To: Dan Wing; 'Roman Shpount'; 'Harald Alvestrand'; 'Ted Hardie' > Cc: rtcweb@ietf.org > Subject: RE: [rtcweb] Resolving RTP/SDES question in Paris > > Even in case disabling encryption is not the desired behavior, I don't > see the problem in using RTP-IPSec instead of SRTP-DTLS. Several. IPsec ESP tunnel or transport mode? With NAT-T support? Is there an API for applications to determine if the underlying OS provides IPsec ESP for that flow (I know for Cisco IOS, the answer to that API question is 'no'. And that was my understanding in the version of Windows Server that we used to use for our call control system, although of course that could have changed with Windows 7 or 8). RTP over IPsec breaks link header compression (cRTP and ROHC), which are used by some networks. > I understand > that web-browser has no standard way to identify whether plain IP or > IPsec in Layer 3. So, it shall be configured by browser-user and it > shall be considered as user consent. This approach helps in case in > avoiding double encryption technically wherein IPSec is mandated. I > know the argument that double encryption is not problem in the endpoint > as it has huge CPU and memory resources but in case web-browser as part > of access devices, it will have impact on performance. My issue is with > mandating to use SRTP-DTLS in WebRTC and not with mandate to implement > SRTP-DTLS. 'Double encryption' is done because it's the only way to achieve security at various layers. Let's take a simple example: someone is using their PC at a coffee shop or a conference, and (because the person is using a possibly-hostile network, and the person is ostensibly working) they bring up a VPN. All of the person's traffic goes into their VPN. The person then accesses paypal (or gmail, or hundreds of other example sites), which forces them to use HTTPS. They are now "double encrypted". Can you see the difficulty in removing the HTTPS connection to Paypal (or gmail, etc.). Can you see the difficulty in the PC determining the HTTPS connection is "good enough" and routing that outside the VPN -- it can't be done simply by port number or else someone could accidentally run un-encrypted traffic on port 443. And this person may well even be triple encryption, if the WiFi access point uses wireless encryption. Taking your argument further, if we are running IPsec we should have a way to disable the WiFi encryption? But the WiFi encryption is being used to protect that layer -- just like the IPsec is used in the VPN to protect that layer and the HTTPS to PayPal is used to protect that layer. > Also, AFAIK HTTPS certificate is not free of cost. Whereever the cost > matters like social welfare site, educational site and some free blogs, > the tendency will be towards HTTP Ok. (Separate problem.) > and user of those sites will have the > consent to use RTP. I don't see why those sites cannot use SRTP. -d > Thanks > Partha > > >-----Original Message----- > >From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On > Behalf > >Of Dan Wing > >Sent: Friday, March 23, 2012 4:14 AM > >To: 'Roman Shpount'; 'Harald Alvestrand'; 'Ted Hardie' > >Cc: rtcweb@ietf.org > >Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris > > > >> -----Original Message----- > >> From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On > >> Behalf Of Roman Shpount > >> Sent: Thursday, March 22, 2012 7:19 AM > >> To: Harald Alvestrand > >> Cc: rtcweb@ietf.org > >> Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris > >... > >> Yes, I was worried about supporting the interceptor. This is all > >> related to my question of support of WebRTC applications in > military, > >> prisons, or financial organizations. I think WebRTC would be > >> completely disabled in such locations unless web browser can be > >> configured to confirm to some sort of communications and monitoring > >> policy. I do not think enabling only certain applications is a > >> sustainable solution, since application can only be enabled based on > >> its URL, but this in no way implies that the actual protocol used > for > >> signaling exchange by this application will stay the same. In the > best > >> case this will result in tens of specialized monitoring rules that > >> will need to be maintained. In the worst case, WebRTC would be > simply > >> disabled. At this point the only workable solution that I see is > some > >> sort of media proxy protocol. > > > >The SIPREC working group, formed in March 2010, has solutions for this > >problem. The problem is not created by RTCWEB. Disabling encryption > is > >not necessary -- nor desirable. "Jails" get brought up in this > context > >often, so using that same example, consider a prisoner at a jail > >communicating with their lawyer. The prisoner needs secure > >communications with their lawyer without the risk of the > communications > >being leaked to the press by anyone along the media path. For details > >see http://tools.ietf.org/wg/siprec/ > > > >We will have a brietf presentation on SIPREC during my session at > >RTCWEB, explaining how it can work with RTCWEB. > > > >-d > > > > > > > >_______________________________________________ > >rtcweb mailing list > >rtcweb@ietf.org > >https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] Resolving RTP/SDES question in Paris Magnus Westerlund
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ravindran, Parthasarathi
- Re: [rtcweb] Resolving RTP/SDES question in Paris Randell Jesup
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Eric Rescorla
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ravindran, Parthasarathi
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ravindran, Parthasarathi
- Re: [rtcweb] Resolving RTP/SDES question in Paris Eric Rescorla
- Re: [rtcweb] Resolving RTP/SDES question in Paris Randell Jesup
- Re: [rtcweb] Resolving RTP/SDES question in Paris Tim Panton
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ravindran, Parthasarathi
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Eric Rescorla
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Martin Thomson
- Re: [rtcweb] Resolving RTP/SDES question in Paris Igor Faynberg
- Re: [rtcweb] Resolving RTP/SDES question in Paris Bernard Aboba
- Re: [rtcweb] Resolving RTP/SDES question in Paris Martin Thomson
- Re: [rtcweb] Resolving RTP/SDES question in Paris Igor Faynberg
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ejzak, Richard P (Richard)
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ravindran, Parthasarathi
- Re: [rtcweb] Resolving RTP/SDES question in Paris Randell Jesup
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Bernard Aboba
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ted Hardie
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ted Hardie
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Cameron Byrne
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ejzak, Richard P (Richard)
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ejzak, Richard P (Richard)
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Cameron Byrne
- Re: [rtcweb] Resolving RTP/SDES question in Paris Tim Panton
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ted Hardie
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Tim Panton
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Igor Faynberg
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Lorenzo Miniero
- Re: [rtcweb] Resolving RTP/SDES question in Paris Lorenzo Miniero
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Tim Panton
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Hadriel Kaplan
- Re: [rtcweb] Resolving RTP/SDES question in Paris Hadriel Kaplan
- Re: [rtcweb] Resolving RTP/SDES question in Paris Jim Barnett
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Eric Rescorla
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ravindran, Parthasarathi
- [rtcweb] RTP-IPSec vs SRTP-DTLS [was RE: Resolvin… Ravindran, Parthasarathi
- Re: [rtcweb] RTP-IPSec vs SRTP-DTLS [was RE: Reso… Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Hadriel Kaplan
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ravindran, Parthasarathi
- Re: [rtcweb] Resolving RTP/SDES question in Paris Hutton, Andrew
- Re: [rtcweb] Resolving RTP/SDES question in Paris Harald Alvestrand
- [rtcweb] Telling the user the connection is secur… Harald Alvestrand
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Bernard Aboba
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Telling the user the connection is s… Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Iñaki Baz Castillo
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ravindran, Parthasarathi
- Re: [rtcweb] Resolving RTP/SDES question in Paris Eric Rescorla
- Re: [rtcweb] Resolving RTP/SDES question in Paris Harald Alvestrand
- Re: [rtcweb] Telling the user the connection is s… Igor Faynberg
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Igor Faynberg
- Re: [rtcweb] Resolving RTP/SDES question in Paris Jim Barnett
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ravindran, Parthasarathi
- Re: [rtcweb] Resolving RTP/SDES question in Paris Igor Faynberg
- Re: [rtcweb] Resolving RTP/SDES question in Paris Harald Alvestrand
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Martin Thomson
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Martin Thomson
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ted Hardie
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ted Hardie
- Re: [rtcweb] Resolving RTP/SDES question in Paris Dan Wing
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Hadriel Kaplan
- Re: [rtcweb] Resolving RTP/SDES question in Paris Hadriel Kaplan
- Re: [rtcweb] Resolving RTP/SDES question in Paris Ravindran, Parthasarathi
- Re: [rtcweb] Resolving RTP/SDES question in Paris Hutton, Andrew
- Re: [rtcweb] Resolving RTP/SDES question in Paris Dan Wing
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Dan Wing
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Harald Alvestrand
- Re: [rtcweb] Resolving RTP/SDES question in Paris Harald Alvestrand
- Re: [rtcweb] Resolving RTP/SDES question in Paris Hadriel Kaplan
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Richard L. Barnes
- Re: [rtcweb] Resolving RTP/SDES question in Paris Magnus Westerlund
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount
- Re: [rtcweb] Resolving RTP/SDES question in Paris Harald Alvestrand
- Re: [rtcweb] Resolving RTP/SDES question in Paris Roman Shpount