Re: [rtcweb] Let's define the purpose of WebRTC

Christer Holmberg <> Wed, 09 November 2011 19:54 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 0121021F84AF for <>; Wed, 9 Nov 2011 11:54:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.204
X-Spam-Status: No, score=-6.204 tagged_above=-999 required=5 tests=[AWL=0.095, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id k-i67os9tQ9f for <>; Wed, 9 Nov 2011 11:54:51 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 34D9611E808B for <>; Wed, 9 Nov 2011 11:54:51 -0800 (PST)
X-AuditID: c1b4fb39-b7b3eae00000252a-bb-4ebada8a1caa
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id BC.20.09514.A8ADABE4; Wed, 9 Nov 2011 20:54:50 +0100 (CET)
Received: from ([]) by ([]) with mapi; Wed, 9 Nov 2011 20:54:49 +0100
From: Christer Holmberg <>
To: =?iso-8859-1?Q?I=F1aki_Baz_Castillo?= <>, "Muthu Arul Mozhi Perumal (mperumal)" <>
Date: Wed, 9 Nov 2011 20:54:50 +0100
Thread-Topic: [rtcweb] Let's define the purpose of WebRTC
Thread-Index: AcyfFpZDvdoy5yfaQ66OoD4ViYDyoQAAM7Fr
Message-ID: <>
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>, <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAA==
Cc: "" <>
Subject: Re: [rtcweb] Let's define the purpose of WebRTC
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 09 Nov 2011 19:54:52 -0000


>> |That's *your* problem. But you want to translate
>> |*your* problem into WebRTC users by making their
>> |communications non secure.
>> Well, most often you as a WebRTC user will be the one who would want to reach someone behind legacy systems
> You could consider that people in internet is not so excited with the
> possibility of making a legacy PSTN from the browser. In fact, calling
> a PSTN number from a web has no added value at all. Users already have
> their legacy PSTN phones.

I don't think we shall speculate in how people will use, and to whom the will call, using their browser apps.

AFAIK, most SIP calls today end up in PSTN, and the browser technology will allow people to access "SIP phones" from more or less any computer connected to the internet.

>>> |*My* security should NOT depend on the security
>>> |implemented in the peer (since I cannot trust the
>>> |peer, never).
>> Good luck. You peer could be a media gateway sitting somewhere in the Internet converting SRTP to RTP and sending to the other part of the world.
> Of course, but at least, I will know that the call is secure within my
> local network. Imagine I open my laptop in an airport, connect to a
> open WiFi (cautive portal) and make a call to another user via web,
> but the server must route it (via a SIP gateway) to a SIP softswitch,
> and that makes my call to use plain RTP. I'm in an airport, in an open
> WiFi network. Bad.
> But if my call uses SRTP until the SIP media gateway, then it could
> use plain RTP in the PSTN network. That's not so dangerous.

So, in your example you are basically talking about "access network security", because you don't really care what happens (with regards to media security) after the WiFi access leg?