Re: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]

Hadriel Kaplan <HKaplan@acmepacket.com> Mon, 12 September 2011 23:15 UTC

Return-Path: <HKaplan@acmepacket.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2E0E521F8EEC for <rtcweb@ietfa.amsl.com>; Mon, 12 Sep 2011 16:15:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.503
X-Spam-Level:
X-Spam-Status: No, score=-2.503 tagged_above=-999 required=5 tests=[AWL=0.096, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aTGvuOZ8k+b0 for <rtcweb@ietfa.amsl.com>; Mon, 12 Sep 2011 16:15:38 -0700 (PDT)
Received: from etmail.acmepacket.com (etmail.acmepacket.com [216.41.24.6]) by ietfa.amsl.com (Postfix) with ESMTP id 57AE221F8EEA for <rtcweb@ietf.org>; Mon, 12 Sep 2011 16:15:38 -0700 (PDT)
Received: from MAIL2.acmepacket.com (10.0.0.22) by etmail.acmepacket.com (216.41.24.6) with Microsoft SMTP Server (TLS) id 8.2.254.0; Mon, 12 Sep 2011 19:17:35 -0400
Received: from MAIL1.acmepacket.com ([169.254.1.150]) by Mail2.acmepacket.com ([169.254.2.157]) with mapi id 14.01.0270.001; Mon, 12 Sep 2011 19:17:35 -0400
From: Hadriel Kaplan <HKaplan@acmepacket.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
Thread-Topic: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]
Thread-Index: AQHMcaInV9u+0Arv+EmqYITZjPuIBw==
Date: Mon, 12 Sep 2011 23:17:34 +0000
Message-ID: <9F61090F-6D74-4E59-9AE7-CDE55501655F@acmepacket.com>
References: <A444A0F8084434499206E78C106220CA0B00FDB08B@MCHP058A.global-ad.net> <033458F56EC2A64E8D2D7B759FA3E7E7020E64DC@sonusmail04.sonusnet.com> <E4EC1B17-0CC4-4F79-96DD-84E589FCC4F0@edvina.net> <4E67C3F7.7020304@jesup.org> <BE60FA11-8FFF-48E5-9F83-4D84A7FBE2BE@vidyo.com> <4E67F003.6000108@jesup.org> <7F2072F1E0DE894DA4B517B93C6A05852233E8554C@ESESSCMS0356.eemea.ericsson.se> <C3759687E4991243A1A0BD44EAC8230339CA68F054@BE235.mail.lan> <CAOJ7v-2u0UuNXh7bzmZFwiSucbsh=Ps=C3ZM5M3cJrXRmZgODA@mail.gmail.com> <CAKhHsXHXCkNdjtpxCSCk+ABbtxY15GEgouE6X6-sn-LqhnidQw@mail.gmail.com> <4E6A56D4.2030602@skype.net> <CABcZeBOdP6cAqBoiSV-Vdv1_EK3DfgnMamT3t3ccjDOMfELfBw@mail.gmail.com> <CAKhHsXFdU1ZaKQF8hbsOxwTS-_RfmFqQhgzGe=K4mRp+wz+_nQ@mail.gmail.com> <4E6A81EC.3080002@jesup.org>, <4E6AE22A.2070106@alum.mit.edu> <7F2072F1E0DE894DA4B517B93C6A05852233C3B7C5@ESESSCMS0356.eemea.ericsson.se>, <4E6C16FF.1000706@jesup.org> <BBF498F2D030E84AB1179E24D1AC41D61C1BCA829D@ESESSCMS0362.eemea.ericsson.se> <4E6E3667.1020003@alum.mit.edu>
In-Reply-To: <4E6E3667.1020003@alum.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [216.41.24.34]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <9E848381869EC048881FFDF2E068B99F@acmepacket.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAWE=
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Sep 2011 23:15:39 -0000

On Sep 12, 2011, at 12:42 PM, Paul Kyzivat wrote:

> The harder point is knowing *what* is required in the interop case.
> If the goal is to avoid needing a media gateway in this case, then what is required will be determined as part of the O/A. Or it can contractually negotiated for each different federation target.
> 
> Hadriel seems to be arguing that a media gateway will always be needed in the federation case. Making that assumption will certainly simplify rtcweb, but it also ensures a cost for federation. It is essentially the same cost that is incurred when sip users and service providers require the use of SBCs at their borders. So far that has been a cost that people have willingly paid.

I am not arguing a media gateway would always be needed for federation.  I said one would be needed to interface/federate with SIP in the PSTN.  Between two rtcweb domains, no media gateway would/should be required. (there may be one anyway, but hopefully not just to make the call work for interop)


> Then the discussion has been about people arguing for different partitionings - mostly extremes. Some that I am seeing:
> 
> 1) (Cullen) everything should be negotiated by o/a in the browser.
>   (Presumably with some interaction with JS for ICE candidate
>   selection.) The logical conclusion of this (I'm not sure Cullen
>   is arguing for this) is that capneg must be included and used
>   to handle the security negotiation.

Only if SRTP is optional - if it's mandatory to use always, then obviously you don't need cap-neg for it.


> 
> 2) (Hadriel?) The security mechanism, and use of ICE,
>   is fixed for rtcweb. ICE candidate selection and all the
>   rest of o/a is handled in JS.

Right - if the rtcweb application as a whole needs to use SDP offer/answer at all, it could do so in the JS or in the server.  The browser should stay the heck away from it.  Browsers should be as dumb as we can keep them.  That's the secret sauce to successful web apps, imho - the client browser is dumb, but the javascript its executing is smart.  The browser doesn't know I'm browsing emails in gmail.  It's just executing code issuing API calls for GUI elements.  If an Operating System came with an RTP library built into it, would you therefor expect the operating system to do SDP offer/answer?  Or would you expect it to expose an API of discrete RTP attributes/settings for the application to interface to and do with as it wished?

-hadriel