IETF Logo Mail Archive

Re: [rtcweb] No a=ice-lite in JSEP-04

Christer Holmberg <christer.holmberg@ericsson.com> Thu, 03 October 2013 19:22 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BD8221F9AB4 for <rtcweb@ietfa.amsl.com>; Thu, 3 Oct 2013 12:22:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.043
X-Spam-Level:
X-Spam-Status: No, score=-4.043 tagged_above=-999 required=5 tests=[AWL=-1.445, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id earZeVVHhYWM for <rtcweb@ietfa.amsl.com>; Thu, 3 Oct 2013 12:22:07 -0700 (PDT)
Received: from sesbmg20.ericsson.net (sesbmg20.ericsson.net [193.180.251.56]) by ietfa.amsl.com (Postfix) with ESMTP id C6A4A21F9D12 for <rtcweb@ietf.org>; Thu, 3 Oct 2013 12:08:28 -0700 (PDT)
X-AuditID: c1b4fb38-b7fcf8e0000062b8-ad-524dc0ab6e65
Received: from ESESSHC005.ericsson.se (Unknown_Domain [153.88.253.125]) by sesbmg20.ericsson.net (Symantec Mail Security) with SMTP id 84.3A.25272.BA0CD425; Thu, 3 Oct 2013 21:08:28 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.146]) by ESESSHC005.ericsson.se ([153.88.183.33]) with mapi id 14.02.0328.009; Thu, 3 Oct 2013 21:08:27 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Justin Uberti <juberti@google.com>, Harald Alvestrand <harald@alvestrand.no>
Thread-Topic: [rtcweb] No a=ice-lite in JSEP-04
Thread-Index: Ac698bCDm/FvoM3PQXG8Sb8kVVaquv//37SAgAB0oAD/+7OiAIAIfEKAgAABegCAAAYXAIAAEvsAgAAINACAACYZFP///4TN///uqgAAAku8AAAEq8cm///+dQQ=
Date: Thu, 03 Oct 2013 19:08:26 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1C4B4051@ESESSMB209.ericsson.se>
References: <56C2F665D49E0341B9DF5938005ACDF811144C@DEMUMBX005.nsn-intra.net> <CALiegfn+u-LD=W1S2te6UB1+u6yd7xAbpKO_U=qUEsD-aWv6cw@mail.gmail.com> <CAOJ7v-2UHjitspwzJ_nzdDXwN_ZoVAk=86O98khhhoOdAtVhiA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1C4B37B8@ESESSMB209.ericsson.se> <2F515906-BEC6-4ACA-BF2B-172E6ADBDAF1@phonefromhere.com> <CALiegf=EmbKX7KPffa79eDn4zFxuZBkNFNsh-aX-iTecob7v6Q@mail.gmail.com> <54B5DF36-6BEE-4FA4-ACA1-D4912F9A49AB@nostrum.com> <524D94E0.7020801@matthew.at> <7594FB04B1934943A5C02806D1A2204B1C4B3AEC@ESESSMB209.ericsson.se> <7594FB04B1934943A5C02806D1A2204B1C4B3C06@ESESSMB209.ericsson.se> <524DACC4.8060901@alvestrand.no>, <CAOJ7v-1_HH3UScKoApow9xd8XBzckpDnCNBV1y=-CE6k+Qv1kA@mail.gmail.com>
In-Reply-To: <CAOJ7v-1_HH3UScKoApow9xd8XBzckpDnCNBV1y=-CE6k+Qv1kA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.20]
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B1C4B4051ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrNLMWRmVeSWpSXmKPExsUyM+Jvre6aA75BBlO2sVsc6+tis9g6Vchi 7b92dgdmjysTrrB6LNhU6rFkyU+mAOYoLpuU1JzMstQifbsErozby6YwFewvqjjz7zhjA+P1 hC5GTg4JAROJVRt6mCBsMYkL99azdTFycQgJHGWU+LDyIQuEs5hRYte2x0BVHBxsAhYS3f+0 QRpEBIIkvv+5xQJiMwuoS9xZfI4dxBYW0JP4++oPO0SNvsS6jQfBhooIdDFKLNo0hw0kwSKg IrFv8WqwIl4BX4mPm66wQix7xiqxfdImsKmcAoESXVs/gjUwAp33/dQaJoht4hK3nsyHOltA Ysme88wQtqjEy8f/WCFsRYmr05dD1edLrHx7ghFimaDEyZlPWCYwis5CMmoWkrJZSMog4noS N6ZOYYOwtSWWLXzNDGHrSsz4dwiqxlqi42MTC7KaBYwcqxg5ilOLk3LTjQw2MQIj8OCW3xY7 GC//tTnEKM3BoiTO+/Gtc5CQQHpiSWp2ampBalF8UWlOavEhRiYOTqkGRqdrloXLrFLj+R6U W0iV5RXsYlu6QebqnQWZm769Wfd7SZ1xz+myQrVuT17Pmdc1w8olbpx5lPW8QeEsk5qPktyX lEvtqQ+Ulxoe1sncFaYbJH28bKt6SMkCq4NT4n9zzEnc8XlVMxPj1qRX377/nf3YxvnAj5ys K10y9qkL839ML06PfHtcQ4mlOCPRUIu5qDgRACwbESeOAgAA
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] No a=ice-lite in JSEP-04
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2013 19:22:19 -0000

Hi,



Why does the exposure of a WebRTC API determine whether the application must support full ICE or not? Shouldn't it depend on whether the application code is considered "trusted" or not.



For example, assume I would implement a gateway using node.js and WebRTP API. The gateway platform isn't downloading the JavaScript code from a webserver - it is "manually" installed, which means it can be reviewed before it is executed.



Regards,



Christer





________________________________
From: rtcweb-bounces@ietf.org [rtcweb-bounces@ietf.org] on behalf of Justin Uberti [juberti@google.com]
Sent: Thursday, 03 October 2013 9:49 PM
To: Harald Alvestrand
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] No a=ice-lite in JSEP-04

Agree with Harald, although I don't like the terms "browser"/"non-browser", since many folks (us included) are making native versions of the WebRTC APIs available, which should conform to the same rules as their web brethren.

WebRTC implementations (basically, anything exposing a WebRTC API) MUST support full ICE, and MUST not support ICE Lite.
WebRTC-compatible endpoints (e.g. gateways) MAY support ICE Lite.




On Thu, Oct 3, 2013 at 10:43 AM, Harald Alvestrand <harald@alvestrand.no<mailto:harald@alvestrand.no>> wrote:
On 10/03/2013 06:48 PM, Christer Holmberg wrote:

What I think we DO need to say (eventhough someone may think it's obvious) , in the continous consent spec, is that ICE-lite entities do not send cc STUN requests.

Hm. If correct: What are the consequences of that?

It seems to me that the entity sending cc STUN requests is the one asking for permission (although I may have misremembered something). So this means that if there are no cc STUN requests coming from the ice-lite end, the ice-lite end is neither requesting permission to contine to send, nor is it going to stop sending when the WebRTC end tries to revoke permission.

With the security guarantees we've been trying to work in here, where it's safe to execute Javascript because there's a limit to how much damage you can do with it.... I reach this conclusion:

Entities that implement the WebRTC API, and allow others' Javascript to access that API (for brevity's sake, let's call them "browsers", even though W3C tends to call them "UAs") MUST NOT implement ice-lite. No matter whether they have a public IP address or not; if they implement ice-lite, they can't offer the security guarantees we want.

Entities that don't offer an API that allows third parties to start connections from it (for brevity, "non-browsers") have to be taken over in other ways in order to perform an attack anyway, in which case all the WebRTC guarantees are shot - so there's no harm in allowing them to implement ice-lite.






Regards,



Christer



________________________________
From: rtcweb-bounces@ietf.org<mailto:rtcweb-bounces@ietf.org> [rtcweb-bounces@ietf.org<mailto:rtcweb-bounces@ietf.org>] on behalf of Christer Holmberg [christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>]
Sent: Thursday, 03 October 2013 7:30 PM
To: Matthew Kaufman; rtcweb@ietf.org<mailto:rtcweb@ietf.org>
Subject: Re: [rtcweb] No a=ice-lite in JSEP-04


Hi,



Do we really need to say more than the ICE RFC already says? I think it explains when ICE-lite is appropriate, and when it isn't.



Regards,



Christer





________________________________
From: rtcweb-bounces@ietf.org<mailto:rtcweb-bounces@ietf.org> [rtcweb-bounces@ietf.org<mailto:rtcweb-bounces@ietf.org>] on behalf of Matthew Kaufman [matthew@matthew.at<mailto:matthew@matthew.at>]
Sent: Thursday, 03 October 2013 7:01 PM
To: rtcweb@ietf.org<mailto:rtcweb@ietf.org>
Subject: Re: [rtcweb] No a=ice-lite in JSEP-04

On 10/3/2013 7:53 AM, Adam Roach wrote:
> On Oct 3, 2013, at 9:31, Iñaki Baz Castillo <ibc@aliax.net><mailto:ibc@aliax.net> wrote:
>
>> If I implement my own WebRTC stack in a smartphone app, am I disallowed to do ICE-lite in my side??
> I would hope so, yes. The chance that your smartphone app would have any hope if working if it did ice lite are as close to zero as to make no difference.
>
> The fact that implementors apparently don't see this as an obvious fact tells me that we need pretty strong language around this prohibition, and "browser" is clearly too narrow a scope.
>
>

The spec should say that:
1. The prohibition on sending media prior to completing a STUN
connectivity test is a MUST
2. A full ICE implementation is a SHOULD

If I'm building a system with clients at one end and gateways with
public addresses at the other, a full ICE implementation isn't required
anywhere in order to make calls through those gateways. But keeping the
browser from being able to spew media at something that hasn't consented
*is* required.

Matthew Kaufman
_______________________________________________
rtcweb mailing list
rtcweb@ietf.org<mailto:rtcweb@ietf.org>
https://www.ietf.org/mailman/listinfo/rtcweb



_______________________________________________
rtcweb mailing list
rtcweb@ietf.org<mailto:rtcweb@ietf.org>
https://www.ietf.org/mailman/listinfo/rtcweb




--
Surveillance is pervasive. Go Dark.


_______________________________________________
rtcweb mailing list
rtcweb@ietf.org<mailto:rtcweb@ietf.org>
https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email