Re: [rtcweb] STUN for keep-alive - RTCP-less applications

"Olle E. Johansson" <oej@edvina.net> Sat, 24 September 2011 11:49 UTC

Return-Path: <oej@edvina.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E531221F8B3A for <rtcweb@ietfa.amsl.com>; Sat, 24 Sep 2011 04:49:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.948
X-Spam-Level:
X-Spam-Status: No, score=-1.948 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QJcq11iF543g for <rtcweb@ietfa.amsl.com>; Sat, 24 Sep 2011 04:49:23 -0700 (PDT)
Received: from smtp7.webway.se (smtp7.webway.se [212.3.14.205]) by ietfa.amsl.com (Postfix) with ESMTP id 14A6221F8B39 for <rtcweb@ietf.org>; Sat, 24 Sep 2011 04:49:23 -0700 (PDT)
Received: from [10.135.234.23] (213-205-77-102.static.net.novis.pt [213.205.77.102]) by smtp7.webway.se (Postfix) with ESMTPA id 35854754BCE4; Sat, 24 Sep 2011 11:51:53 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1244.3)
Content-Type: multipart/alternative; boundary="Apple-Mail=_ED103BF4-3318-43D9-833A-12F8EC55983C"
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <CALiegfmxjP5ojZeAoz6sYUkKwE7XOtTSGJAOydbX+sm23hrwjg@mail.gmail.com>
Date: Sat, 24 Sep 2011 13:51:52 +0200
Message-Id: <7DEACFFC-8AF3-4450-8844-FF6E187AE4D2@edvina.net>
References: <7F2072F1E0DE894DA4B517B93C6A05852233EDB21D@ESESSCMS0356.eemea.ericsson.se> <4E70D2E6.1000809@alvestrand.no> <CABcZeBORi5NLSsztnMfkwL43p9oKG9mi6e1WWOaiafAO_DpTVg@mail.gmail.com> <7F2072F1E0DE894DA4B517B93C6A05852233D45FA3@ESESSCMS0356.eemea.ericsson.se> <CABcZeBO9hUSYZhLrcfbaK9HLGXq-q1EvqWOy6-gAN5xom6Z2-A@mail.gmail.com> <092401cc749b$8fd64940$af82dbc0$@com> <CABcZeBPgRD6kb2gg=m9NckSa1wrzwzJS6527nYqFG34b0cjfgQ@mail.gmail.com> <4E765E4A.3050801@alvestrand.no> <7532C74D-D0D7-474D-80C7-61C07E9290AA@edvina.net> <7D7982AF-7478-4AFD-9F39-ED04A43FEF53@edvina.net> <673BCA71-B624-4DCA-B681-7012E6F9D202@acmepacket.com> <4E799E18.30000@ericsson.com> <855B9078-A81F-45D9-B12F-46CC46C15B60@acmepacket.com> <4E79D5DF.4050402@ericsson.com> <68121E70-4363-47F8-8761-23728C56D003@acmepacket.com> <9348BF4A-8674-4888-9DDC-C734FB935A28@csperkins.org> <7B9A57BB-A585-487D-9655-D835C527059B@acmepacket.com> <4E7AE83E.9090508@ericsson.com> <0C42CC63-CA1A-4F64-B522-BC1DAB477471@acmepacket.com > <CALiegfmxjP5ojZeAoz6sYUkKwE7XOtTSGJAOydbX+sm23hrwjg@mail.gmail.com>
To: =?iso-8859-1?Q?I=F1aki_Baz_Castillo?= <ibc@aliax.net>
X-Mailer: Apple Mail (2.1244.3)
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>, Colin Perkins <csp@csperkins.org>
Subject: Re: [rtcweb] STUN for keep-alive - RTCP-less applications
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Sep 2011 11:49:24 -0000

22 sep 2011 kl. 13:08 skrev Iñaki Baz Castillo:

> I can understand that some requirements can be imposed to RTCweb
> environments in the media plane, but try at least to make it
> compatible with VoIP networks out there. For example, requiring SRTP o
> ZRTP could make sense (anyhow I don't see why that should be a
> requirement in a local intranet in which plain-RTP is already used for
> SIP communication).

This is where you get it wrong. You are pushing the decision to the user. They have to evaluate the network
their browser is currently attached to and make a decision on what kind of security they 
need for this particular network. Even in the office, the iPad on your desk might be connected
to 3G because it lost contact with the wifi. 

I think we can not require that users are able to perform a security evaluation of each and
every network the device their browser is running on connects to. Make it secure by default.
I mean, this is the year 2011 and we do have CPUs that can handle it. People walk around
with dual core in their pockets.

/O