Re: [rtcweb] Summary of ICE discussion

[Randell Jesup <randell-ietf@jesup.org>]

On 10/4/2011 10:33 AM, Magnus Westerlund wrote:
> Major requirements
>
> - Need for data transmission consent for protocols using UDP as the
> traffic receiver needs to consent to receiving the data
>
> - Perform NAT and FW traversal when ever needed
>
> - Support IPv4 to IPv6 transition
>
> Desired behavior:
>
> - Be interoperable with deployed legacy systems as SIP Trunk, PSTN
> gateways, VoIP phones.
>
> WG chairs conclusion of discussion so far:
>
> - ICE is so far the only solution that provides the security goals and
> have any legacy deployment.
>
> - ICE usage will require that STUN connectivity MUST have succeeded
> prior to any data transmission to fulfill security goals.
>
>    * The Browser will enforce this requirement to prevent being an attack
> vector in all cases.
>
> - If anyone can find a solution that fulfill the security goals and have
> improved legacy interoperability people would be interested in that
> solution. So far RTCP has been discarded as insufficient.

I've been discussing some options on this with Cullen on the side.  No 
breakthroughs yet, though there may still be some hope.  If there's 
something there I'll post it soon, otherwise assume it didn't pan out.

One observation about the security/attack-vector side of this:  Any 
objection that includes "if an attacker is in a MITM position they could 
trick the rtcweb client into sending media" is an invalid objection.  A 
MITM attacker could inject or re-route any amount of traffic they wanted 
already if they're in the media path.  I'll also note that an attacker 
could be in MITM on the signalling side or DNS, but not MITM on the 
media/ICE routing; those are valid cases to consider.  And DNS poisoning 
doesn't require MITM.


-- 
Randell Jesup
randell-ietf@jesup.org