Re: [rtcweb] Requiring ICE for RTC calls

Cameron Byrne <cb.list6@gmail.com> Mon, 26 September 2011 14:43 UTC

Return-Path: <cb.list6@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2B29321F8D71 for <rtcweb@ietfa.amsl.com>; Mon, 26 Sep 2011 07:43:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.927
X-Spam-Level:
X-Spam-Status: No, score=-2.927 tagged_above=-999 required=5 tests=[AWL=-0.569, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5oc0VvYtnlk0 for <rtcweb@ietfa.amsl.com>; Mon, 26 Sep 2011 07:43:09 -0700 (PDT)
Received: from mail-pz0-f50.google.com (mail-pz0-f50.google.com [209.85.210.50]) by ietfa.amsl.com (Postfix) with ESMTP id 5CEB821F8D70 for <rtcweb@ietf.org>; Mon, 26 Sep 2011 07:43:09 -0700 (PDT)
Received: by pzk37 with SMTP id 37so15820099pzk.9 for <rtcweb@ietf.org>; Mon, 26 Sep 2011 07:45:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=X6VQ7uMRjCXXaF+RpUUGHGbuBAojNAybQmB61TAz8Mg=; b=Y4Ym/Tb9uC+dlQzQtvKgnnpaqFKiCux05YF952HIg+DlbWRps0mlN7yxeNIiNT4MmE YUsjOqlIH74/UrG/fJvDWTtS0hZFYoMO1bf8KWFq2HeAcBrOTE4UrAIJ2zT00jsXbCFl Umhdpws7+awdKhq7m33HZgZfvsA+1Mh59Kc20=
MIME-Version: 1.0
Received: by 10.68.39.230 with SMTP id s6mr30279785pbk.81.1317048350695; Mon, 26 Sep 2011 07:45:50 -0700 (PDT)
Received: by 10.142.89.1 with HTTP; Mon, 26 Sep 2011 07:45:50 -0700 (PDT)
Received: by 10.142.89.1 with HTTP; Mon, 26 Sep 2011 07:45:50 -0700 (PDT)
In-Reply-To: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com>
Date: Mon, 26 Sep 2011 07:45:50 -0700
Message-ID: <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com>
From: Cameron Byrne <cb.list6@gmail.com>
To: Roman Shpount <roman@telurix.com>
Content-Type: multipart/alternative; boundary=bcaec520f41518607004add93758
Cc: Randell Jesup <randell-ietf@jesup.org>, rtcweb@ietf.org
Subject: Re: [rtcweb] Requiring ICE for RTC calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2011 14:43:10 -0000

On Sep 26, 2011 7:30 AM, "Roman Shpount" <roman@telurix.com> wrote:
>
> I think requiring ICE in RTC is not only unfortunate, it will make it
impossible to connect to PSTN without media gateway. If we complete this
specification, and phone carriers decide that there is a business case for
them to support RTC clients directly, it will take them 3-5 years to
implement ICE in SBC. From what I've seen major carriers run SBC firmware
which is normally 2-3 years old. If we add time it takes to implement ICE in
SBC, plus time it will take PSTN provider to verify and test the feature, we
are easily looking into 5 year time frame.
>
> Since we need to have user confirmation to start a media call anyway, and
since this is not going to be any different from what SIP clients are
currently doing, it would make sense to allow a plain non-ICE, non-SRTP
call.
>
> Finally, ICE specification are desinged to interop with non-ICE end
points. We will need to change ICE to accomplish what you are doing.
>

Maybe I misundersatnd you, but the PSTN carriers today and in the future
will always run an SBC because that is their security policy.

Regarding firmware, they react to market needs and timing.

Cb

_____________
> Roman Shpount
>
>
> On Mon, Sep 26, 2011 at 1:23 AM, Randell Jesup <randell-ietf@jesup.org>
wrote:
>>
>> On 9/22/2011 4:37 PM, Cullen Jennings wrote:
>>>
>>> On Sep 22, 2011, at 2:04 PM, Christer Holmberg wrote:
>>>
>>>> If so, what is your assumption then regarding ICE? That the SIP nodes
will support ICE, or that the browser will be allowed to communicate with
the SIP nodes without enabling ICE?
>>>
>>> I see no way of solving the security problems without having ICE or
something more or less like it. Therefore, I'm working on the assumption
that it will only work if the SIP side supports ICE, or is front ended by a
SBC with media GW that does ICE. In the short term, there will be some
devices that don't do ICE but SIP devices are increasingly having ICE added.
Particularly SIP devices that are internet facing because the need for NAT
traversal.
>>>
>>> I find requiring ICE to be a very unfortunate assumption to have to make
- obviously it reduces the number of legacy voip devices WebRTC devices can
talk to without an SBC but I don't see any way around this limitation.
Allowing web browsers inside the firewall to send packets to an arbitrary
address that is inside the firewall with no validation that address speaks
RTP is not acceptable.
>>
>>
>> I agree we can't solve the security issue with permission to send with
the
>> current threat model without ICE or some equivalent.
>>
>> There is another option that may help with some of the use cases (I've
mentioned
>> this before in the discussion on screensharing, among others).  For a
number
>> of the use cases security is an impassible problem with the current
threat model.
>> Those use cases generally involve replacing cases where an existing
desktop
>> install or plugin was used (webex, screensharing, vnc, SIP softclient,
Skype, etc).
>> Those cases all currently involve the user implicitly giving these apps
total
>> or close to code that could do pretty much anything on the user's
computer,
>> and are also often the "ongoing usage" authentication cases.
>>
>> The only mitigating safety of the external app/plugin model is that
they're typically
>> signed and go through the platforms software-install procedure,
cert-showing, UACs, etc.
>>
>> Currently people are trying to work out the HTML5 "installed" webapp
security model;
>> if that's far enough along we may be able to piggyback off that.   I'm
looking into it.
>>
>>
>> --
>> Randell Jesup
>> randell-ietf@jesup.org
>>
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
>
>
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>