IETF Logo Mail Archive

Re: [rtcweb] additional ICE info

Harald Alvestrand <harald@alvestrand.no> Wed, 25 September 2013 06:15 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D30B11E80AD for <rtcweb@ietfa.amsl.com>; Tue, 24 Sep 2013 23:15:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.299
X-Spam-Level:
X-Spam-Status: No, score=-110.299 tagged_above=-999 required=5 tests=[AWL=0.300, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U5n98E9ka1yb for <rtcweb@ietfa.amsl.com>; Tue, 24 Sep 2013 23:15:34 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 0446521F9FE7 for <rtcweb@ietf.org>; Tue, 24 Sep 2013 23:15:20 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 8DE6739E172; Wed, 25 Sep 2013 08:15:17 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9cJqntc+QAYB; Wed, 25 Sep 2013 08:15:16 +0200 (CEST)
Received: from [192.168.1.186] (unknown [188.113.88.47]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 8935A39E0BF; Wed, 25 Sep 2013 08:15:16 +0200 (CEST)
Message-ID: <52427F74.9030805@alvestrand.no>
Date: Wed, 25 Sep 2013 08:15:16 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Dan Wing <dwing@cisco.com>, Bernard Aboba <bernard_aboba@hotmail.com>
References: <C5E08FE080ACFD4DAE31E4BDBF944EB11667BBA0@xmb-aln-x02.cisco.com> <5238446D.8050700@ericsson.com> <9F33F40F6F2CD847824537F3C4E37DDF17BCF581@MCHP04MSX.global-ad.net> <07a601ceb64e$5caaba00$16002e00$@stahl@intertex.se>, <07b001ceb65f$ce3f0cf0$6abd26d0$@stahl@intertex.se>, <07e401ceb713$bef87a60$3ce96f20$@stahl@intertex.se>, <98A3CE39-1BC6-4A36-8DF0-A3932DCDA9AC@cisco.com> <BLU169-W76F559C10477A2CDBB9D2F932E0@phx.gbl> <CF892D04-86C2-4869-B261-38995F986550@cisco.com>
In-Reply-To: <CF892D04-86C2-4869-B261-38995F986550@cisco.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] additional ICE info
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Sep 2013 06:15:39 -0000

Thanks for the pointer!

The existence of that (public) document explains some strange features
of some earlier Microsoft proposals that I was never able to get an
explanation for.

This approach (which seems to have many of the properties of RSVP) seems
to offer a solution to some problems that people have been solving by
snooping SIP (which is impossible if SIP isn't used, and very hard when
all the SIP channels are encrypted). Is there a chance that we could get
public-stable specification of the required pieces, so that other
companies can dare to depend on it?

(public-stable, a term I just invented, includes independent RFC, info
RFC and standards-track)

On 09/25/2013 02:10 AM, Dan Wing wrote:
> On Sep 23, 2013, at 10:00 PM, Bernard Aboba <bernard_aboba@hotmail.com> wrote:
>
>> Dan Wing said: 
>>
>> "Another solution is MALICE which adds information to the ICE connectivity checks (bandwidth, drop preference, etc.) which can be DPI'd by network devices."
>>
>> [BA]  I am fairly keen on adding some of this information to ICE, though not to assist DPI.   Rather, my concern is that with SDP being optional in WebRTC, some of the info that would otherwise be exchanged in the signaling channel may not be present, and if present, cannot necessarily be trusted, so that putting this into the ICE exchange has potential security value.  Also, in a situation where TURN servers are rented in the cloud, it can be useful to signal the maximum bandwidth that could be used for a given allocation.  
> Yes, bandwidth is part of Microsoft's extensions to TURN as I'm sure you are aware (but others are probably not aware), http://msdn.microsoft.com/en-us/library/cc431507(v=office.12).aspx
>
> The advantage of allowing routers along the path to see the bandwidth is they can influence their routing decisions to put the traffic on a better path (e.g., 3G versus microwave link versus satellite), prioritize the traffic, and do other things.  If the network always has sufficient bandwidth and thus no need to differentiate traffic, I agree there is no value and no purpose to tell the network anything.
>
>> To my mind, the issue to be fixed in the TURN REST API wasn't necessarily the ability to steal credentials, but the ability to misuse those credentials in a way that could impose significant cost on the victim.  The act of mis-using a TURN credential does not by itself impose that cost -- but pumping huge amounts of traffic through it would. 
> -d
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb


-- 
Surveillance is pervasive. Go Dark.

v2.23.0 | Report a Bug | By Email