[rtcweb] FW: I-D Action: draft-muthu-behave-consent-freshness-01.txt
"Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com> Tue, 17 July 2012 07:37 UTC
Return-Path: <mperumal@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B122F21F85C5 for <rtcweb@ietfa.amsl.com>; Tue, 17 Jul 2012 00:37:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.499
X-Spam-Level:
X-Spam-Status: No, score=-10.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OXm7f0R5YxqX for <rtcweb@ietfa.amsl.com>; Tue, 17 Jul 2012 00:37:08 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 3313521F85AF for <rtcweb@ietf.org>; Tue, 17 Jul 2012 00:37:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=mperumal@cisco.com; l=3344; q=dns/txt; s=iport; t=1342510675; x=1343720275; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=+hBQMxvEYDau1IKk+qB/EXSau4MCwFgkfWDs9h00BUs=; b=V9foBG4Deqjz8vf7i8+ws4mVeg6bDiIRQddL3i71Osi3Ou2MMtm+n/Fb JqjYmWrT4EJ00vf4LaYKF0/9yjVy+PsyjzO52X5eJcdSZ1yK5lueZNo/m Q5/tvimE91jUX+bAiWcV/YhTn+3hHnFMLtuLxNA77ZOn/9YDk4+kxEb+D 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAEYVBVCtJV2a/2dsb2JhbABFuWCBB4IgAQEBBAEBAQ8BJzQXBgEIEQQBAQsUCS4LFAcBAQUFBBMIARIHh2sLmwSBKKApiz6FZ2ADlk2JdYMZgWaCXw
X-IronPort-AV: E=Sophos;i="4.77,599,1336348800"; d="scan'208";a="102528707"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-8.cisco.com with ESMTP; 17 Jul 2012 07:37:54 +0000
Received: from xhc-aln-x10.cisco.com (xhc-aln-x10.cisco.com [173.36.12.84]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id q6H7bs6C019001 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL) for <rtcweb@ietf.org>; Tue, 17 Jul 2012 07:37:54 GMT
Received: from xmb-rcd-x02.cisco.com ([169.254.4.223]) by xhc-aln-x10.cisco.com ([173.36.12.84]) with mapi id 14.02.0298.004; Tue, 17 Jul 2012 02:37:54 -0500
From: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: I-D Action: draft-muthu-behave-consent-freshness-01.txt
Thread-Index: AQHNY211pZ5zmVz19UG3CqD7N+7epZcs+oNw
Date: Tue, 17 Jul 2012 07:37:53 +0000
Message-ID: <E721D8C6A2E1544DB2DEBC313AF54DE2012D525F@xmb-rcd-x02.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.78.155]
x-tm-as-product-ver: SMEX-10.2.0.1135-7.000.1014-19046.000
x-tm-as-result: No--47.762200-8.000000-31
x-tm-as-user-approved-sender: No
x-tm-as-user-blocked-sender: No
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [rtcweb] FW: I-D Action: draft-muthu-behave-consent-freshness-01.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2012 07:37:09 -0000
The draft has been updated based on the mailing list discussions and Eric's security presentation at the RTCWEB interim meeting. The sections that have been updated/added: 1. Abstract Adds session liveness 2. Introduction Adds session liveness 3. Definitions Defines session liveness 4. Solution Overview Discusses the combined consent freshness and session liveness test (slide "Combined Consent/Liveness Proposal II" from the RTCWEB interim). 5. Design Considerations Discusses the pros and cons of reusing the STUN Binding request/response 6. Open Items Lists the current open issues. While we have been discussing on a separate ICE spec/profile for RTCWEB, I would like to close on the smaller problem of our next steps for this draft. Issues we need consensus on to move forward: 1. Should we reuse the STUN Binding request/response for consent freshness and session liveness, considering interoperability with existing ICE and ICE-lite implementations even at the incurred cost of the SHA-1 computation for the message integrity on gateways? Seems to be a "yes" from the mailing list discussions so far. Any concerns? 2. Where does this draft really belong to? Considering that the use-case is relevant to WebRTC and we many not significantly change any BEHAVE protocol, should it be resubmitted to RTCWEB? Muthu -----Original Message----- From: i-d-announce-bounces@ietf.org [mailto:i-d-announce-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org Sent: Monday, July 16, 2012 9:39 PM To: i-d-announce@ietf.org Subject: I-D Action: draft-muthu-behave-consent-freshness-01.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : STUN Usage for Consent Freshness and Session Liveness Author(s) : Muthu Arul Mozhi Perumal Dan Wing Hadriel Kaplan Filename : draft-muthu-behave-consent-freshness-01.txt Pages : 9 Date : 2012-07-16 Abstract: Verification of peer consent is necessary in WebRTC deployments to ensure that a malicious JavaScript cannot use the browser as a platform for launching attacks. A related problem is session liveness. WebRTC applications may want to detect connection failure and take appropriate actions. This document describes a STUN usage that enables a WebRTC browser to perform the following on a candidate pair ICE is using for a media component after session establishment: The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-muthu-behave-consent-freshness There's also a htmlized version available at: http://tools.ietf.org/html/draft-muthu-behave-consent-freshness-01 A diff from previous version is available at: http://tools.ietf.org/rfcdiff?url2=draft-muthu-behave-consent-freshness-01 Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
- [rtcweb] FW: I-D Action: draft-muthu-behave-conse… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] FW: I-D Action: draft-muthu-behave-c… Martin Thomson
- Re: [rtcweb] FW: I-D Action: draft-muthu-behave-c… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] FW: I-D Action: draft-muthu-behave-c… Martin Thomson