Re: [rtcweb] Asking TLS for help with media isolation
Harald Alvestrand <harald@alvestrand.no> Thu, 10 April 2014 08:56 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E6EB1A016F for <rtcweb@ietfa.amsl.com>; Thu, 10 Apr 2014 01:56:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.172
X-Spam-Level:
X-Spam-Status: No, score=-2.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.272] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p96TveK8GYMJ for <rtcweb@ietfa.amsl.com>; Thu, 10 Apr 2014 01:56:05 -0700 (PDT)
Received: from mork.alvestrand.no (mork.alvestrand.no [IPv6:2001:700:1:2::117]) by ietfa.amsl.com (Postfix) with ESMTP id 622511A0049 for <rtcweb@ietf.org>; Thu, 10 Apr 2014 01:56:05 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mork.alvestrand.no (Postfix) with ESMTP id 15F177C5197 for <rtcweb@ietf.org>; Thu, 10 Apr 2014 10:56:04 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at alvestrand.no
Received: from mork.alvestrand.no ([127.0.0.1]) by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ag08uYmlTBo for <rtcweb@ietf.org>; Thu, 10 Apr 2014 10:56:03 +0200 (CEST)
Received: from hta-hippo.lul.corp.google.com (unknown [IPv6:2620:0:1043:1:7646:a0ff:fe90:e2bb]) by mork.alvestrand.no (Postfix) with ESMTPSA id 5748C7C5191 for <rtcweb@ietf.org>; Thu, 10 Apr 2014 10:56:03 +0200 (CEST)
Message-ID: <53465CA2.4010607@alvestrand.no>
Date: Thu, 10 Apr 2014 10:56:02 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <CABkgnnWWuU63Vd=gw+wrh2ADgVYtQzhoRzRE1sv5azJE=MhWDg@mail.gmail.com> <533F191D.8050109@alum.mit.edu> <CABkgnnVht5EmJ7a2LDh50ivjUdoTpJ8GannQKReBSJbVGQGmgA@mail.gmail.com> <53419ED4.8020102@alum.mit.edu> <CABkgnnVjZ51bt5WQ1uvHHUz-4xFzpXQGhuMqxeMpOqJ1d+hQiA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D2B26CB@ESESSMB209.ericsson.se> <CAOW+2dsZrgQrOwJDu+bFE0U-dSUj5D--s_Dx1Nu9Ac60yuYCrA@mail.gmail.com> <CABkgnnUgiW7K7C9rTXGU6nAw2mO_5DPZU9ra64nRK=EVCENUzQ@mail.gmail.com>
In-Reply-To: <CABkgnnUgiW7K7C9rTXGU6nAw2mO_5DPZU9ra64nRK=EVCENUzQ@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/RL9UBzwlM9AlwX8QRLuos4Kzab8
Subject: Re: [rtcweb] Asking TLS for help with media isolation
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Apr 2014 08:56:06 -0000
On 04/08/2014 08:24 PM, Martin Thomson wrote: > On 8 April 2014 09:50, Bernard Aboba <bernard.aboba@gmail.com> wrote: >> [BA] I'm not sure that the concept of "isolation" makes sense for those >> intermediaries (or to voicemail or an audio/video conference, for that >> matter). While in a point-to-point call it might be useful, in a >> conference the whole point is to have audio/video sent to multiple parties, >> and recording is commonplace. The problem is that from a protocol point of >> view the cases are not easily distinguishable -- and so if the browser >> insists on "isolation" then one wonders what will happen if the conference >> bridge/video MCU/voicemail system refuses to negotiate it. Refusing to >> send media would not be a desirable outcome. > I think that for this, it's perfectly reasonable to use identity, but > not stream isolation. With isolation, if the peer does not agree to > comply, then the session fails to complete. Actually I'd say it's "if the peer does not *agree to* comply". The protocol has no defense against liars, but that's a common issue. > > The authenticated party here is an MCU (or bridge, or voicemail, > etc...). Rather than sending to "anindividual@example.org", media is > sent to "mcu@example.com". Is it reasonable for that MCU to forward > media to other, unspecified entities? Clearly it can, but should it? > > (Not having thought it through completely, a voicemail box could > conceivably work. I think that I'd want to use a different identity > for it though.) I can see an use for a recording spec that said "you can record this, but only if you do it in such a way that it's only accessible to the stated identity". Would be weird to try to enforce that.... but I agree; MCU and isolation have a hard time mixing. Let's just not.
- [rtcweb] Asking TLS for help with media isolation Martin Thomson
- Re: [rtcweb] Asking TLS for help with media isola… Watson Ladd
- Re: [rtcweb] Asking TLS for help with media isola… Bernard Aboba
- Re: [rtcweb] Asking TLS for help with media isola… Watson Ladd
- Re: [rtcweb] Asking TLS for help with media isola… Bernard Aboba
- Re: [rtcweb] Asking TLS for help with media isola… Watson Ladd
- Re: [rtcweb] Asking TLS for help with media isola… Martin Thomson
- Re: [rtcweb] Asking TLS for help with media isola… Paul Kyzivat
- Re: [rtcweb] Asking TLS for help with media isola… Martin Thomson
- Re: [rtcweb] Asking TLS for help with media isola… Paul Kyzivat
- [rtcweb] Isolating data channels (Re: Asking TLS … Harald Alvestrand
- Re: [rtcweb] Asking TLS for help with media isola… Martin Thomson
- Re: [rtcweb] Isolating data channels (Re: Asking … Martin Thomson
- Re: [rtcweb] Isolating data channels (Re: Asking … Matthew Kaufman (SKYPE)
- Re: [rtcweb] Isolating data channels (Re: Asking … Martin Thomson
- Re: [rtcweb] Isolating data channels (Re: Asking … Harald Alvestrand
- Re: [rtcweb] Isolating data channels (Re: Asking … Martin Thomson
- Re: [rtcweb] Isolating data channels (Re: Asking … Matthew Kaufman (SKYPE)
- Re: [rtcweb] Isolating data channels (Re: Asking … Michael Tuexen
- Re: [rtcweb] Asking TLS for help with media isola… Bernard Aboba
- Re: [rtcweb] Asking TLS for help with media isola… Martin Thomson
- Re: [rtcweb] Isolating data channels (Re: Asking … Paul Kyzivat
- Re: [rtcweb] Isolating data channels (Re: Asking … Matthew Kaufman (SKYPE)
- Re: [rtcweb] Isolating data channels (Re: Asking … Mary Barnes
- Re: [rtcweb] Isolating data channels (Re: Asking … Matthew Kaufman (SKYPE)
- Re: [rtcweb] Isolating data channels (Re: Asking … Michael Thornburgh
- Re: [rtcweb] Asking TLS for help with media isola… Christer Holmberg
- Re: [rtcweb] Asking TLS for help with media isola… Dan Wing
- Re: [rtcweb] Asking TLS for help with media isola… Bernard Aboba
- Re: [rtcweb] Asking TLS for help with media isola… Martin Thomson
- Re: [rtcweb] Asking TLS for help with media isola… Dan Wing
- Re: [rtcweb] Asking TLS for help with media isola… Harald Alvestrand
- Re: [rtcweb] Asking TLS for help with media isola… Paul Kyzivat
- Re: [rtcweb] Asking TLS for help with media isola… Martin Thomson
- Re: [rtcweb] Asking TLS for help with media isola… Martin Thomson
- Re: [rtcweb] Asking TLS for help with media isola… Paul Kyzivat