Re: [rtcweb] Asking TLS for help with media isolation

Harald Alvestrand <> Thu, 10 April 2014 08:56 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 8E6EB1A016F for <>; Thu, 10 Apr 2014 01:56:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.172
X-Spam-Status: No, score=-2.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id p96TveK8GYMJ for <>; Thu, 10 Apr 2014 01:56:05 -0700 (PDT)
Received: from ( [IPv6:2001:700:1:2::117]) by (Postfix) with ESMTP id 622511A0049 for <>; Thu, 10 Apr 2014 01:56:05 -0700 (PDT)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 15F177C5197 for <>; Thu, 10 Apr 2014 10:56:04 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 5ag08uYmlTBo for <>; Thu, 10 Apr 2014 10:56:03 +0200 (CEST)
Received: from (unknown [IPv6:2620:0:1043:1:7646:a0ff:fe90:e2bb]) by (Postfix) with ESMTPSA id 5748C7C5191 for <>; Thu, 10 Apr 2014 10:56:03 +0200 (CEST)
Message-ID: <>
Date: Thu, 10 Apr 2014 10:56:02 +0200
From: Harald Alvestrand <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: Re: [rtcweb] Asking TLS for help with media isolation
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 10 Apr 2014 08:56:06 -0000

On 04/08/2014 08:24 PM, Martin Thomson wrote:
> On 8 April 2014 09:50, Bernard Aboba <> wrote:
>> [BA] I'm not sure that the concept of "isolation" makes sense for those
>> intermediaries (or to voicemail or an audio/video conference, for that
>> matter).   While in a point-to-point call it might be useful, in a
>> conference the whole point is to have audio/video sent to multiple parties,
>> and recording is commonplace.  The problem is that from a protocol point of
>> view the cases are not easily distinguishable -- and so if the browser
>> insists on "isolation" then one wonders what will happen if the conference
>> bridge/video MCU/voicemail system refuses to negotiate it.   Refusing to
>> send media would not be a desirable outcome.
> I think that for this, it's perfectly reasonable to use identity, but
> not stream isolation.  With isolation, if the peer does not agree to
> comply, then the session fails to complete.
Actually I'd say it's "if the peer does not *agree to* comply".
The protocol has no defense against liars, but that's a common issue.
> The authenticated party here is an MCU (or bridge, or voicemail,
> etc...).  Rather than sending to "", media is
> sent to "".  Is it reasonable for that MCU to forward
> media to other, unspecified entities?  Clearly it can, but should it?
> (Not having thought it through completely, a voicemail box could
> conceivably work.  I think that I'd want to use a different identity
> for it though.)

I can see an use for a recording spec that said "you can record this, 
but only if you do it in such a way that it's only accessible to the 
stated identity".

Would be weird to try to enforce that.... but I agree; MCU and isolation 
have a hard time mixing.
Let's just not.