IETF Logo Mail Archive

Re: [rtcweb] Resolving RTP/SDES question in Paris

"Ravindran, Parthasarathi" <pravindran@sonusnet.com> Sat, 17 March 2012 04:13 UTC

Return-Path: <pravindran@sonusnet.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3171A21E805D for <rtcweb@ietfa.amsl.com>; Fri, 16 Mar 2012 21:13:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.752
X-Spam-Level:
X-Spam-Status: No, score=-4.752 tagged_above=-999 required=5 tests=[AWL=1.847, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pelad-IVcXnf for <rtcweb@ietfa.amsl.com>; Fri, 16 Mar 2012 21:13:38 -0700 (PDT)
Received: from na3sys010aog106.obsmtp.com (na3sys010aog106.obsmtp.com [74.125.245.80]) by ietfa.amsl.com (Postfix) with ESMTP id 3796A21E800F for <rtcweb@ietf.org>; Fri, 16 Mar 2012 21:13:38 -0700 (PDT)
Received: from USMA-EX-HUB2.sonusnet.com ([69.147.176.212]) (using TLSv1) by na3sys010aob106.postini.com ([74.125.244.12]) with SMTP ID DSNKT2QPcQfeSJyX0mV1vJJYmE7mH3dmaEAV@postini.com; Fri, 16 Mar 2012 21:13:38 PDT
Received: from INBA-HUB01.sonusnet.com (10.70.51.86) by USMA-EX-HUB2.sonusnet.com (66.203.90.17) with Microsoft SMTP Server (TLS) id 14.2.247.3; Sat, 17 Mar 2012 00:13:49 -0400
Received: from INBA-MAIL01.sonusnet.com ([fe80::8d0f:e4f9:a74f:3daf]) by inba-hub01.sonusnet.com ([fe80::5cbc:2823:f6cc:9ce7%11]) with mapi id 14.01.0355.002; Sat, 17 Mar 2012 09:43:32 +0530
From: "Ravindran, Parthasarathi" <pravindran@sonusnet.com>
To: Randell Jesup <randell-ietf@jesup.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: [rtcweb] Resolving RTP/SDES question in Paris
Thread-Index: AQHM8te6ZBG/XYsMg0C4SE+GOqsWNpZtZpyg///aqgCAAJauUA==
Date: Sat, 17 Mar 2012 04:13:31 +0000
Message-ID: <387F9047F55E8C42850AD6B3A7A03C6C0E1FEC15@inba-mail01.sonusnet.com>
References: <4F4759DC.7060303@ericsson.com> <387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com> <4F63BA4E.305@jesup.org>
In-Reply-To: <4F63BA4E.305@jesup.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [121.242.142.186]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 Mar 2012 04:13:39 -0000

Randell,

In my usecase, the application will not be able to access the website without VPN connection . Please explain your bid-down attack in my usecase. 

You can speculate that all intranet in the world shall be broken in a moment if they use HTTP but IMO, it is just speculation. IETF specification has to be generic enough to serve all the deployment rather than handling some specific mechanism or application only.

Thanks
Partha
>-----Original Message-----
>From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf
>Of Randell Jesup
>Sent: Saturday, March 17, 2012 3:40 AM
>To: rtcweb@ietf.org
>Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
>
>On 3/16/2012 3:25 PM, Ravindran, Parthasarathi wrote:
>> Magnus,
>>
>> As I mentioned in earlier mail thread (http://www.ietf.org/mail-
>archive/web/rtcweb/current/msg03148.html), RTP has to be supported by
>RTCWeb client with local user consent.
>
>That is your stipulation.  Thus far this does not have consensus.
>
>> To clarify why RTP is not harmful in some usage, VPN access of
>intranet RTCWeb client in public internet usecase is as follows:
>>
>> Usecase details: Enterprise employee Alice access enterprise (HTTP&
>WebRTC compliant) intranet with VPN connection using Airport WiFi
>internet connection, Alice will have the mechanism to call another
>employee Bob in the same enterprise using WebRTC session and the session
>between Alice and bob will be plain RTP in VPN network.
>>
>> Security aspect: Here, accessing (HTTP) intranet browsing today is
>safe even though Alice is using Airport Wifi internet connection as he
>has VPN connection (IPSec) and no dependency on HTTPS. In the same way,
>WebRTC mechanism should not mandate for SRTP-DTLS in media and MUST
>allow RTP.  The local user consent (configuration) is required to
>restrict this usage by Dr Evil website.
>
>This says the media is in theory 'safe' as RTP over a VPN.  Similar
>arguments were used for "inside the corporate network" in previous
>discussions.  That doesn't mean that the spec should allow for RTP; for
>example it might create bid-down attack possibilities - and the
>application has lots of trouble knowing if hte link really is secure
>(and doesn't transition off security anywhere after leaving the
>machine).
>
>--
>Randell Jesup
>randell-ietf@jesup.org
>
>_______________________________________________
>rtcweb mailing list
>rtcweb@ietf.org
>https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email