Re: [rtcweb] consent freshness and ICE-lite

Bernard Aboba <> Tue, 17 July 2012 03:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id BEE8411E8086 for <>; Mon, 16 Jul 2012 20:27:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.754
X-Spam-Status: No, score=-101.754 tagged_above=-999 required=5 tests=[AWL=-0.552, BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jA+j1cydhtIh for <>; Mon, 16 Jul 2012 20:27:36 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 9DC5411E8073 for <>; Mon, 16 Jul 2012 20:27:36 -0700 (PDT)
Received: from BLU401-EAS266 ([]) by with Microsoft SMTPSVC(6.0.3790.4675); Mon, 16 Jul 2012 20:28:22 -0700
X-Originating-IP: []
X-Originating-Email: []
Message-ID: <BLU401-EAS266337B57B89CAB7E5E2D3893DB0@phx.gbl>
Content-Type: multipart/related; boundary="_7b04b397-5532-45b3-916b-c7d7bdd7cc58_"
References: <>
From: Bernard Aboba <>
In-Reply-To: <>
Date: Mon, 16 Jul 2012 20:32:37 -0700
To: "Ejzak, Richard P (Richard)" <>
MIME-Version: 1.0 (1.0)
X-OriginalArrivalTime: 17 Jul 2012 03:28:22.0764 (UTC) FILETIME=[380062C0:01CD63CC]
Cc: "" <>
Subject: Re: [rtcweb] consent freshness and ICE-lite
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 17 Jul 2012 03:27:37 -0000

Consent freshness and liveness is used to assure a browser that the recipient has authorized it to 
send media and that it is still there. So if a gateway wants to receive, answer Binding Requests 
sent to it.  

If a gateway is on the public Internet, supports ICE lite and does not send a Binding Request 
to a browser, but does implement RFC 6263, then NAT bindings can be kept alive and media 
should still flow.  So I think this is viable.

On Jul 16, 2012, at 18:13, "Ejzak, Richard P (Richard)" <> wrote:

> Sections 4.2, 4.4 and 5.3 of draft-ietf-rtcweb-security-arch-03.txt have text that seems to be contradictory.  In particular, 5.3 requires support of ICE-lite at server gateways but each endpoint is described as sending ICE binding requests for ICE consent verification in 4.2 (which is it?).  4.4 also requires RTCWeb implementations to perform periodic binding requests to verify consent freshness.  Is a server gateway an RTCWeb implementation subject to this requirement?  I thought that one of the reasons the WG decided to use binding requests instead of binding indications to allow bilateral consent initiated by a single endpoint (in particular, so that an RTCWeb browser could interoperate with either a server gateway implementing ICE-lite or a non-RTCWeb endpoint not implementing the RTCWeb consent freshness procedures in such a way that only the RTCWeb browser needed to send periodic binding requests to maintain bilateral consent freshness).
> Does a binding request provide unilateral or bilateral consent verification/freshness?
> Is a server gateway implementing ICE-lite required to send ICE binding requests anyway for consent verification and/or consent freshness, or is it sufficient for such an implementation to indicate its own consent by just responding to received binding requests?
> Do we care about compatibility with ICE compliant endpoints that do not use binding requests for consent freshness?
> Does a browser treat a response to a binding request the same as a received binding request for consent freshness?
> It would be helpful to have clear answers to these questions in the security architecture document.
> Thanks,
> Richard Ejzak
> _______________________________________________
> rtcweb mailing list
rtcweb mailing list