Re: [rtcweb] Let's define the purpose of WebRTC

Iñaki Baz Castillo <ibc@aliax.net> Wed, 09 November 2011 13:44 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D61F21F8B7E for <rtcweb@ietfa.amsl.com>; Wed, 9 Nov 2011 05:44:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.636
X-Spam-Level:
X-Spam-Status: No, score=-2.636 tagged_above=-999 required=5 tests=[AWL=0.041, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gbvG-A6Qwsuw for <rtcweb@ietfa.amsl.com>; Wed, 9 Nov 2011 05:44:22 -0800 (PST)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 9C22D21F8B79 for <rtcweb@ietf.org>; Wed, 9 Nov 2011 05:44:22 -0800 (PST)
Received: by vws5 with SMTP id 5so1686091vws.31 for <rtcweb@ietf.org>; Wed, 09 Nov 2011 05:44:22 -0800 (PST)
Received: by 10.52.113.227 with SMTP id jb3mr4749252vdb.15.1320846262120; Wed, 09 Nov 2011 05:44:22 -0800 (PST)
MIME-Version: 1.0
Received: by 10.220.107.206 with HTTP; Wed, 9 Nov 2011 05:44:01 -0800 (PST)
In-Reply-To: <1D062974A4845E4D8A343C653804920206D3BA57@XMB-BGL-414.cisco.com>
References: <CALiegfkVNVAs_MyU_-4koA4zRwSn1-FwLjY9g_oZVkhi9rSK5Q@mail.gmail.com> <8A61D801-D14D-408B-9875-63C37D0CC166@acmepacket.com> <CABw3bnPE=OY_h5bM7GA6wgrXiOBL8P4J0kw1jLv-GSpHAbg=Cg@mail.gmail.com> <CABcZeBNqdkh8u=gwOvKfDCQA7rXdAyQkfaM1r2Sx10787btP6A@mail.gmail.com> <B10FEFF6-0ADC-4DB1-83BB-50A11C65EC35@acmepacket.com> <CABcZeBNSXtim_VqzqAd8Z-u4zWSjaYmsVZPN=7sDYkJsgtRAHA@mail.gmail.com> <4EB7E6A5.70209@alvestrand.no> <F8003BA9-BCD8-4F02-B514-8B883FF90F91@acmepacket.com> <387F9047F55E8C42850AD6B3A7A03C6C01349D81@inba-mail01.sonusnet.com> <845C03B2-1975-4145-8F52-8CEC9E360AF3@edvina.net> <5454E693-5C34-4C77-BA07-2A9EE9EE4AFD@cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C01349FFE@inba-mail01.sonusnet.com> <1D062974A4845E4D8A343C653804920206D3B7FD@XMB-BGL-414.cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C0134A105@inba-mail01.sonusnet.com> <1F2A2C70609D9E41844A2126145FC09804691DA2@HKGMBOXPRD22.polycom.com> <CALiegfmf59jb4asUu9LA6YY_aMtKEnM1Wy34KbuLEn3_h1xBXA@mail.gmail.com> <CALiegfmM1PB=VAQjfh4rW3-3C8aumHdWy9nZxD0-BWBq9Kq_tg@mail.gmail.com> <1D062974A4845E4D8A343C653804920206D3BA57@XMB-BGL-414.cisco.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
Date: Wed, 9 Nov 2011 14:44:01 +0100
Message-ID: <CALiegfkWnRT8m4S9pXTxuLsc-p_bhkG3d=PX3qgiFFt5gW5yfw@mail.gmail.com>
To: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Let's define the purpose of WebRTC
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 13:44:23 -0000

2011/11/9 Muthu Arul Mozhi Perumal (mperumal) <mperumal@cisco.com>om>:
> |And what you state is that, in case the peer does not annouce
> |support for SRTP then the browser should downgrade security
> |to plain RTP.
>
> No, not based on the SRTP capability advertised by the peer, rather based on whether the peer claims it is WebRTC compliant (to make sure calls b/w WebRTC clients are always secure).
>
> |The user (web visitor) has no way to know whether the WebRTC
> |application will contact a WebRTC browser or another device
> |at the media plane.
>
> We could add a STUN extension to indicate compliance to WebRTC, including the supported version level if we ever come up with WebRTC2.0.

And what is the advantage? you still say exactly the same: a WebRTC
client "MUST" allow plain RTP if the peer is not a WebRTC client. Why
is that an argument in favour of non mandating SRTP?

If I'm in a shared WiFi network and receive a call from a non-WebRTC
client not supporting SRTP, my neighbors can intercept it. What does
such "STUN extension" provides here? just nothing.





-- 
Iñaki Baz Castillo
<ibc@aliax.net>