Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)

Eric Rescorla <ekr@rtfm.com> Tue, 27 September 2011 21:53 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C38A121F8EF9 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 14:53:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.751
X-Spam-Level:
X-Spam-Status: No, score=-102.751 tagged_above=-999 required=5 tests=[AWL=-0.075, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FzIsaY1llo59 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 14:53:52 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 84D8A21F8EF6 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 14:53:52 -0700 (PDT)
Received: by wyh21 with SMTP id 21so6232584wyh.31 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 14:56:38 -0700 (PDT)
Received: by 10.227.10.139 with SMTP id p11mr413369wbp.61.1317160598442; Tue, 27 Sep 2011 14:56:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.196.83 with HTTP; Tue, 27 Sep 2011 14:55:58 -0700 (PDT)
In-Reply-To: <CALiegfndBhod6Hoq6h63795x8f=ew28rDys=Fx8ScwVpVJwp1Q@mail.gmail.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <2E239D6FCD033C4BAF15F386A979BF510F1087@sonusinmail02.sonusnet.com> <BLU152-W62B7F2AC3F0D5B6E277CB993F00@phx.gbl> <CAD5OKxt=P3jg9N0weFUZLvUYQxyeXa+9YMtpc8wn7osuPQmTpg@mail.gmail.com> <CAD5OKxtVCgiFV_iAYd1w0uZZcS5+gsixOHJ0jGN=0CMdq++kdg@mail.gmail.com> <CAOJ7v-3PrnNyesL+x-mto9Q9djjiJ13QZHXCiGfY1mv3nubrqQ@mail.gmail.com> <CAD5OKxsKTHCuBQdUnGQtGfF7NmZZExLe9Q9B9cNR=483neuHPQ@mail.gmail.com> <CAOJ7v-1rzdmviAnGknVZmrU_TDNoC3NmWd1g6iyx0WzZ4xB3Pw@mail.gmail.com> <4E820825.9090101@skype.net> <CAD5OKxvmKi3Py0gNcTdREdfS07hA-=f6L+u8KKVgSWztMft9kQ@mail.gmail.com> <CALiegfmL4VSRE+kgs5kXzQc3mCHnKpU-EAbVPKO4QNEYLKje=A@mail.gmail.com> <4E821E47.4080205@alvestrand.no> <CALiegfndBhod6Hoq6h63795x8f=ew28rDys=Fx8ScwVpVJwp1Q@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 27 Sep 2011 14:55:58 -0700
Message-ID: <CABcZeBOoF6MNSpATG2+_e99iRq7Jf9OoWWNCa=qRGW_v+maoHA@mail.gmail.com>
To: =?ISO-8859-1?Q?I=F1aki_Baz_Castillo?= <ibc@aliax.net>
Content-Type: multipart/alternative; boundary=002215974dfa95135b04adf3599a
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 21:53:53 -0000

On Tue, Sep 27, 2011 at 1:05 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote:
>
> In the same way, web browsers could come pre-configured with an
> enabled checkbox:
>
>  [X] don't allow unsecure calls
>
> The user could disable such checkbox. Anyhow, when a call is being
> established and the WebRTC stack realizes that the peer does not
> support ICE and/or SRTP, it could warn the user by showing something
> like a pop-up ("This call is not secure"), also providing a button
> "Don't show again for this site".
>

Again, the reason for ICE is the threat to other people using the browser as
a vector.
For this reason, allowing the user to disable the security feature is quite
problematic.

-Ekr