Re: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]

Alan Johnston <alan.b.johnston@gmail.com> Fri, 09 September 2011 17:46 UTC

Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E57AB21F86EC for <rtcweb@ietfa.amsl.com>; Fri, 9 Sep 2011 10:46:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.547
X-Spam-Level:
X-Spam-Status: No, score=-103.547 tagged_above=-999 required=5 tests=[AWL=0.052, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oR4n38J6G4KN for <rtcweb@ietfa.amsl.com>; Fri, 9 Sep 2011 10:46:01 -0700 (PDT)
Received: from mail-yi0-f44.google.com (mail-yi0-f44.google.com [209.85.218.44]) by ietfa.amsl.com (Postfix) with ESMTP id 2A3BA21F86EA for <rtcweb@ietf.org>; Fri, 9 Sep 2011 10:46:01 -0700 (PDT)
Received: by yie12 with SMTP id 12so502927yie.31 for <rtcweb@ietf.org>; Fri, 09 Sep 2011 10:47:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=N3j9QSuyYUUEhc32N/yW7IWQnGyPBtM7Rn+HRYBkEOo=; b=VT+YO8dEmsCkRpOBsaKsOkW9Rr2iX0wJPjtDXyFqFSyJ6kCJWt31qaeMYzU/y5RZeX MPfJt87/WTBHJoD+MjoJuxpgfzrNTZLSq6B938/swwKZFaP2NfgiaJs+blhV3JbDELUE nIJBkyB378LraXeTo2JrRevIdDyKsu2xSKu60=
MIME-Version: 1.0
Received: by 10.150.74.9 with SMTP id w9mr2252609yba.108.1315590475235; Fri, 09 Sep 2011 10:47:55 -0700 (PDT)
Received: by 10.151.7.5 with HTTP; Fri, 9 Sep 2011 10:47:55 -0700 (PDT)
In-Reply-To: <CAOJ7v-2u0UuNXh7bzmZFwiSucbsh=Ps=C3ZM5M3cJrXRmZgODA@mail.gmail.com>
References: <A444A0F8084434499206E78C106220CA0B00FDB08B@MCHP058A.global-ad.net> <89177AB2-F721-47E4-8471-2180EDA10615@voxeo.com> <A444A0F8084434499206E78C106220CA0B00FDB34D@MCHP058A.global-ad.net> <496EE152-41F2-49AB-A136-05735FE5A9F9@voxeo.com> <101C6067BEC68246B0C3F6843BCCC1E31018BF6BE2@MCHP058A.global-ad.net> <4E540FE2.7020605@alcatel-lucent.com> <2E239D6FCD033C4BAF15F386A979BF5106423F@sonusinmail02.sonusnet.com> <4E6595E7.7060503@skype.net> <4E661C83.5000103@alcatel-lucent.com> <2E239D6FCD033C4BAF15F386A979BF510F086B@sonusinmail02.sonusnet.com> <4E666926.8050705@skype.net> <43A0D702-1D1F-4B4E-B8E6-C9F1A06E3F8A@edvina.net> <033458F56EC2A64E8D2D7B759FA3E7E7020E64DC@sonusmail04.sonusnet.com> <E4EC1B17-0CC4-4F79-96DD-84E589FCC4F0@edvina.net> <4E67C3F7.7020304@jesup.org> <BE60FA11-8FFF-48E5-9F83-4D84A7FBE2BE@vidyo.com> <4E67F003.6000108@jesup.org> <7F2072F1E0DE894DA4B517B93C6A05852233E8554C@ESESSCMS0356.eemea.ericsson.se> <C3759687E4991243A1A0BD44EAC8230339CA68F054@BE235.mail.lan> <CAOJ7v-2u0UuNXh7bzmZFwiSucbsh=Ps=C3ZM5M3cJrXRmZgODA@mail.gmail.com>
Date: Fri, 9 Sep 2011 12:47:55 -0500
Message-ID: <CAKhHsXHXCkNdjtpxCSCk+ABbtxY15GEgouE6X6-sn-LqhnidQw@mail.gmail.com>
From: Alan Johnston <alan.b.johnston@gmail.com>
To: Justin Uberti <juberti@google.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: Randell Jesup <randell-ietf@jesup.org>, Jonathan Lennox <jonathan@vidyo.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] AVPF [was: Encryption mandate (and offer/answer)]
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Sep 2011 17:46:02 -0000

Here's my thinking on this.  We have CapNeg because the default
profile for VoIP and video is unfortunately insecure RTP.  We also
need to have a single pass offer/answer negotiation since this is what
we are used to having.

While I am not in favor of allowing insecure RTP in browsers, I know
some feel this is a requirement.  I do like Chris's suggestion that
SRTP be the default, with no chrome messages trying to indicate the
security of the call, but that if RTP is used, we are universally
agreed that is is very insecure and the browser chrome should make it
very, very clear to the user that their privacy is being disregarded
by the service.

If we make SRTP the default, and allow RTP, we could do the same in
our signaling negotiation.  The default will be SRTP - this can be
expressed in SDP without CapNeg.  Should the RTCWEB clients choose to
instead negotiate RTP, then this could be done with a second SDP
Offer/Answer exchange.  This would provide yet another incentive for
services to use the secure mode.

A signaling gateway could support CapNeg and handle using 3PCC the
AVP/SAVP negotiation outside of RTCWEB.

Otherwise, if we require CapNeg in the browser, this is a large leap
in complexity, and without proven interoperability and deployment of
CapNeg today, a very risky proposition.

- Alan -

On Fri, Sep 9, 2011 at 11:31 AM, Justin Uberti <juberti@google.com> wrote:
> This feels like a pretty fundamental question. I thought we were getting
> pretty close to a consensus for the signaling mechanism with Cullen's
> presentation, but this seems to complicate that significantly.
>
> On Thu, Sep 8, 2011 at 8:21 AM, Jonathan Lennox <jonathan@vidyo.com> wrote:
>>
>> Indeed.
>>
>> More generally, the question is: should it be possible to send an offer
>> that by default does DTLS/SAVPF for RTCWeb, but also can fall back to other
>> RTP profiles to support legacy devices?
>>
>> If yes, then either browsers need to support CapNeg, or RTCWeb needs to
>> use something other than SDP Offer/Answer.
>>
>> If no, then supporting interop, without a media gateway, with other
>> non-RTCWeb modes (e.g., no ICE, no rtcp mux, no audio/video mux, etc.)
>> becomes IMO a lot less compelling.
>>
>> -----Original Message-----
>> From: Christer Holmberg [mailto:christer.holmberg@ericsson.com]
>> Sent: Thursday, September 08, 2011 2:35 AM
>> To: Randell Jesup; Jonathan Lennox
>> Cc: rtcweb@ietf.org
>> Subject: AVPF [was: [rtcweb] Encryption mandate (and offer/answer)]
>>
>>
>> Hi,
>>
>> >>>You could make forced-encryption the default, and allow the
>> >>>application control over whether to allow it is turned off for
>> >>>specific cases, like a PSTN call, or under the server's control.
>> >>>Signalling is secure, so it could even use a direct optional
>> >>>downgrade from SAVP* to AVP* (i.e.
>> >>>similar to the best-effort-strp draft)
>> >>This has implications for the parallel thread about the use of SDP
>> >>offer/answer.
>> >>
>> >>The solution MMUSIC has standardized for best-effort SRTP is SDP
>> >>CapNeg, RFC 5939.  Do we want to require CapNeg support in browsers?
>> >
>> >Yeah, ok, I'm not going there.  :-)  It's probably not needed for this
>> >use-case anyways.
>>
>> The same question exists for AVPF, which has been suggested to be
>> mandated.
>>
>> Regards,
>>
>> Christer
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
>
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>
>