IETF Logo Mail Archive

Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-channel-12.txt> (WebRTC Data Channels) to Proposed Standard

Randell Jesup <randell-ietf@jesup.org> Tue, 21 October 2014 22:18 UTC

Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB7601A8796 for <rtcweb@ietfa.amsl.com>; Tue, 21 Oct 2014 15:18:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.799
X-Spam-Level:
X-Spam-Status: No, score=0.799 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JBAe2tZGOfuH for <rtcweb@ietfa.amsl.com>; Tue, 21 Oct 2014 15:18:52 -0700 (PDT)
Received: from relay.mailchannels.net (si-002-i157.relay.mailchannels.net [108.178.49.169]) by ietfa.amsl.com (Postfix) with ESMTP id 3E48C1A8745 for <rtcweb@ietf.org>; Tue, 21 Oct 2014 15:18:50 -0700 (PDT)
X-Sender-Id: wwwh|x-authuser|randell@jesup.org
Received: from r2-chicago.webserversystems.com (ip-10-237-13-110.us-west-2.compute.internal [10.237.13.110]) by relay.mailchannels.net (Postfix) with ESMTPA id B0573278E99 for <rtcweb@ietf.org>; Tue, 21 Oct 2014 22:18:48 +0000 (UTC)
X-Sender-Id: wwwh|x-authuser|randell@jesup.org
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [10.248.11.136]) (using TLSv1 with cipher DHE-RSA-AES256-SHA) by 0.0.0.0:2500 (trex/5.3.1); Tue, 21 Oct 2014 22:18:49 GMT
X-MC-Relay: Neutral
X-MailChannels-SenderId: wwwh|x-authuser|randell@jesup.org
X-MailChannels-Auth-Id: wwwh
X-MC-Loop-Signature: 1413929928942:811510354
X-MC-Ingress-Time: 1413929928942
Received: from pool-71-175-4-200.phlapa.fios.verizon.net ([71.175.4.200]:64534 helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.82) (envelope-from <randell-ietf@jesup.org>) id 1XghlP-0002W7-GD for rtcweb@ietf.org; Tue, 21 Oct 2014 17:18:47 -0500
Message-ID: <5446DBB1.7090801@jesup.org>
Date: Tue, 21 Oct 2014 18:18:25 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <20141010004836.12666.88765.idtracker@ietfa.amsl.com> <abdfd3ef58dd40028e8d5e2248b5a995@CY1PR0501MB1579.namprd05.prod.outlook.com> <543A5570.7060208@alvestrand.no> <B53499C4-6B51-4E8E-87C2-C8E5C10DBC34@lurchi.franken.de> <543A9E11.2030605@alvestrand.no> <F5C54F5E-C301-4EC7-9536-E43EA3A16863@lurchi.franken.de> <543ABE69.8030104@alvestrand.no> <99078EA5-5FE7-431F-9C70-EEA882F4C3C6@lurchi.franken.de> <E1FE4C082A89A246A11D7F32A95A17828E5DA2AC@US70UWXCHMBA02.zam.alcatel-lucent.com> <71e2b21516cb496eb4d1ad2b26e53a29@CY1PR0501MB1579.namprd05.prod.outlook.com> <543CD1CD.3000001@alvestrand.no> <5440E38F.9070809@jesup.org> <c4ff2fdcd48f4388b67f3e1ffed8edfe@CY1PR0501MB1579.namprd05.prod.outlook.com> <5442B41D.6040307@jesup.org> <514191b6e7 764d30be7ea17d324d8739@CY1PR0501MB1579.namprd05.prod.outlook.com> <AE750B7B-A920-4ECF-8E35-F0E583CD65A9@phonefromhere.com> <46b327b5be5a4fbcb508f664aea6cba2@CY1PR0501MB1579.namprd05.prod.outlook.com>
In-Reply-To: <46b327b5be5a4fbcb508f664aea6cba2@CY1PR0501MB1579.namprd05.prod.outlook.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AuthUser: randell@jesup.org
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/POh9TpRlsqvxUQ0x7SImm6je_B4
Subject: Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-channel-12.txt> (WebRTC Data Channels) to Proposed Standard
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 22:18:54 -0000

On 10/21/2014 4:58 PM, Wyss, Felix wrote:
>>> Yes, that's the intended use-case: The middlebox is a trusted man-in-the-
>> middle.  In order to record and/or perform analytics on the media flowing
>> through it, it obviously has to decrypt it.  That can only be done by
>> terminating DTLS (and decrypting/re-encrypting SRTP.)
>>
>> If the middle box is trusted, only interested in media and known about by
>> the application, then the application should create a separate direct data
>> channel only DTLS connection between the endpoints that bypasses the
>> middle box, with a small amount of extra application effort we remove the
>> need for even more random extra SDP lines. Remember these are
>> programmable endpoints - not dumb SIP devices with fixed behaviours.
>>
>> Unless the middle box is performing 'analytics' on the DC data too, but that
>> isn't the use-case you mentioned.
> Having to use one of the endpoints to fork the media for recording and analytics is not acceptable for us.  Many of our customers require that all interactions are recorded exactly as they occur between the endpoints.  Often they are required to do that for legal or compliance reasons.  It's actually pretty certain that some of them will want the data streams recorded too.

I had a suspicion that this was the intended use-case - and it's a real 
use-case for certain applications/industries.

So, for those applications (remembering that webrtc applications are not 
random external devices, but basically code linked to the usage) just 
either use pre-defined or external negotiation for channel assignments, 
or implement *in the application* allocation-choosing strategy.  Such as:

middlebox: offer to A and B (actpass)
A: accept (active)
B: accept (active)
ok, now both are on the same "evenness"
both statically open (pre-defined) channel 0 always
Both send a random token value
The side with the lower random value is even, and the other is odd
All channel allocations are preceeded by message on channel 0 that 
amounts to an "I'm opening channel N with these params" that takes the 
place of DCEP
Encapsulate this behavior in some simple functions that take the place 
of the default createDataChannel()/etc

There are other solutions of course for glare resolution.  If you want, 
if the two sides chose the opposite evenness, you just leave 
createDataChannel alone.  There are a LOT of ways to deal with this at 
the application level, since the application "should" know it's talking 
to (or may be talking to) a middlebox that will decrypt/forward things.

-- 
Randell Jesup -- rjesup a t mozilla d o t com

v2.23.0 | Report a Bug | By Email