IETF Logo Mail Archive

Re: [rtcweb] WG Last Call for draft-ietf-rtcweb-stun-consent-freshness

"Parthasarathi R" <partha@parthasarathi.co.in> Fri, 22 August 2014 21:24 UTC

Return-Path: <partha@parthasarathi.co.in>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7848A1A0977 for <rtcweb@ietfa.amsl.com>; Fri, 22 Aug 2014 14:24:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LUuwlk0viHe0 for <rtcweb@ietfa.amsl.com>; Fri, 22 Aug 2014 14:24:27 -0700 (PDT)
Received: from outbound.mailhostbox.com (outbound.mailhostbox.com [162.222.225.29]) by ietfa.amsl.com (Postfix) with ESMTP id CA54E1A06E1 for <rtcweb@ietf.org>; Fri, 22 Aug 2014 14:24:26 -0700 (PDT)
Received: from userPC (unknown [122.178.206.71]) (Authenticated sender: partha@parthasarathi.co.in) by outbound.mailhostbox.com (Postfix) with ESMTPA id 0CC593C0014; Fri, 22 Aug 2014 21:24:14 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=parthasarathi.co.in; s=20120823; t=1408742662; bh=lT8SmOsIQ0UOkEYJKj3t4cWKZSW107Aq5Us0a8OpYIw=; h=From:To:Cc:References:In-Reply-To:Subject:Date:Message-ID: MIME-Version:Content-Type; b=kjGYic0+qV9/htRJAHi4XfZfSTSxz1KiofTwj3/1YIGe9iMNX9j9P71EzDHDet3K8 Lrv00Dob/hH9dMaReokBxkyPuSdHkWmOagE1GkSemrvM/KaYZRTG8sV+WqbfiypnJ8 gInA/l1IGZtEHJYptRi5w8rPdURZ8N05rnYka2kE=
From: Parthasarathi R <partha@parthasarathi.co.in>
To: "'Ram Mohan R (rmohanr)'" <rmohanr@cisco.com>, 'Muthu Arul Mozhi Perumal' <muthu.arul@gmail.com>
References: <CA+9kkMCZT1XW4LLaJ4Nq2DbrxD59cYnjLo5JXn9fjEb8pyamaQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D41CDC3@ESESSMB209.ericsson.se> <CAKz0y8zycsyr9m4BA=-8xOaWkU+Sog5Mbz7K-oN3woqi++mVzg@mail.gmail.com> <53F451CF.10705@alvestrand.no> <001b01cfbc94$fccd5310$f667f930$@co.in> <CAKz0y8zNM3rc3XC6JqrK+d4hXiT5TomhNM+W2twg0+-83-pFow@mail.gmail.com> <CABkgnnUnfB5bskH4zWRfBMdHbSoqftV5Fo_GEXoLt9XCH9Tt_w@mail.gmail.com> <CAD5OKxsT9Vdm0=tjk9WsLAH4ekbAizgyjm--168TrOf8UAYGZw@mail.gmail.com> <CABkgnnXUpibu8kWYmbJJJT2J3RNGXFV8LbceLijgG0U-pGY2xQ@mail.gmail.com> <CAKz0y8z_oBf2efavfOLgzqE1R8sZstefZ1tvwwJLkhRskXZERQ@mail.gmail.com> <CAD5OKxsSqA=cki_fSaqAPP0GXCv_kHr6571C+K9ze4ceHCGYdQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D427B68@ESESSMB209.ericsson.se> <D01D6B42.104F8%rmohanr@cisco.com>
In-Reply-To: <D01D6B42.104F8%rmohanr@cisco.com>
Date: Sat, 23 Aug 2014 02:54:03 +0530
Message-ID: <009001cfbe4f$6b92f280$42b8d780$@co.in>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0091_01CFBE7D.854B2E80"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AQHPviSytsP8Fi+4skKmwMIEhdYf8JvdHVSA
Content-Language: en-us
X-CTCH-RefID: str=0001.0A020209.53F7B506.0095, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0
X-CTCH-VOD: Unknown
X-CTCH-Spam: Unknown
X-CTCH-Score: 0.000
X-CTCH-Rules:
X-CTCH-Flags: 0
X-CTCH-ScoreCust: 0.000
X-CTCH-SenderID: partha@parthasarathi.co.in
X-CTCH-SenderID-TotalMessages: 1
X-CTCH-SenderID-TotalSpam: 0
X-CTCH-SenderID-TotalSuspected: 0
X-CTCH-SenderID-TotalBulk: 0
X-CTCH-SenderID-TotalConfirmed: 0
X-CTCH-SenderID-TotalRecipients: 0
X-CTCH-SenderID-TotalVirus: 0
X-CTCH-SenderID-BlueWhiteFlag: 0
X-Scanned-By: MIMEDefang 2.72 on 172.18.214.93
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/MhVIQLA4ips2whFwoemdUo6iDGM
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] WG Last Call for draft-ietf-rtcweb-stun-consent-freshness
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Aug 2014 21:24:30 -0000

Hi Ram/Muthu,

 

There is a terminology variation here. As per the current overview document,
WebRTC device supports full WebRTC protocol requirement which includes
consent-check. In case consent check is excluded from WebRTC device,  the
new definition has to be provided for "WebRTC device" in -overview draft. I
don't think that WebRTC device definition has to be changed now.

 

IMO, WebRTC device & WebRTC browser MUST support consent check. As discussed
in another mail thread, there is an need to define "WebRTC endpoint" which
relaxes the lot of WebRTC protocol requirement based on the specific
deployment like Enterprise, LTE EPC. "WebRTC Endpoint" & "WebRTC Gateway"
MAY support consent check.

 

I have highlighted Full ICE as a criteria for "WebRTC Endpoint" & "WebRTC
Gateway" in
http://www.ietf.org/mail-archive/web/rtcweb/current/msg12938.html as it
helps the implementers to decide whether consent check has to be implemented
in their "WebRTC Endpoint"/ "WebRTC Gateway" or not. As "WebRTC Endpoint" is
yet to defined and "WebRTC gateway" is just now proposed in -11 overview
draft,  I have proposed the text as

 

"Full ICE supporting WebRTC entities  MUST support consent freshness." 

 

Please let me your opinion on the same. 

 

Also, I agree with Muthu's statement to indicates the other requirement for
WebRTC entities to include consent check are:

"to use the mechanism to make it more secure or compute RTT or carry network
information" 

 

 

Thanks

Partha

 

 

 

From: rtcweb [mailto:rtcweb-bounces@ietf.org] On Behalf Of Ram Mohan R
(rmohanr)
Sent: Friday, August 22, 2014 9:48 PM
To: Christer Holmberg; Roman Shpount; Muthu Arul Mozhi Perumal
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] WG Last Call for
draft-ietf-rtcweb-stun-consent-freshness

 

Right. I think we had discussed this in the past and added the below text in
the draft

 

" WebRTC endpoints are required to support full ICE as specified in

   section 3.4 of [I-D.ietf-rtcweb-transports
<http://tools.ietf.org/html/draft-ietf-rtcweb-stun-consent-freshness-05#ref-
I-D.ietf-rtcweb-transports> ].  However, when WebRTC
   endpoints interwork with other endpoints that support only ICE-lite
   (e.g. gateways) those endpoints will not generate consent checks, but
   just respond to consent checks they receive"


Isn't this sufficient ?


Ram

 

From: Christer Holmberg <christer.holmberg@ericsson.com>
Date: Friday, 22 August 2014 9:29 pm
To: Roman Shpount <roman@telurix.com>, Muthu Arul Mozhi Perumal
<muthu.arul@gmail.com>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] WG Last Call for
draft-ietf-rtcweb-stun-consent-freshness

 

Hi,

 

An ICE-lite endpoint must already today *REPLY* to STUN requests - consent
freshness does not change that.

 

But, I don't think an ICE-lite endpoint shall be mandated to *SEND* consent
freshness requests.

 

Regards,

 

Christer

 

 

  _____  

From: rtcweb [rtcweb-bounces@ietf.org] on behalf of Roman Shpount
[roman@telurix.com]
Sent: Friday, 22 August 2014 4:37 PM
To: Muthu Arul Mozhi Perumal
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] WG Last Call for
draft-ietf-rtcweb-stun-consent-freshness

On Fri, Aug 22, 2014 at 1:25 AM, Muthu Arul Mozhi Perumal
<muthu.arul@gmail.com> wrote:

draft-ietf-rtcweb-stun-consent-freshness is about making the WebRTC browser
more secure. It however allows an RTP endpoint (that also does ICE) to use
the mechanism to make it more secure or compute RTT or carry network
information or whatever. However, requiring every RTP endpoint perform it
seems asking too much.

 

My take:

WebRTC browser - MUST

WebRTC devide - SHOULD

Other RTP entities (including WebRTC gateway) - MAY

 

 

 I would say that all full ICE endpoint interworking with WebRTC MUST
implement consent freshness. ICE-LITE will not implement, but MUST respond
(unless someone defines it, but once you start sending STUN request you
might as well do full ICE, so I do not see much point in it). And to
conclude strongly encourage full ICE implementation for security and other
reasons.

_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email