IETF Logo Mail Archive

[rtcweb] Consent freshness in the light of no-SDES (Re: Adopting draft-muthu-behave-consent-freshness?)

Harald Alvestrand <harald@alvestrand.no> Mon, 09 September 2013 12:29 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FC9F11E81C3 for <rtcweb@ietfa.amsl.com>; Mon, 9 Sep 2013 05:29:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Akikl2Er3SbM for <rtcweb@ietfa.amsl.com>; Mon, 9 Sep 2013 05:29:39 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 0E83121E81A8 for <rtcweb@ietf.org>; Mon, 9 Sep 2013 05:27:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id D7C3539E1C9 for <rtcweb@ietf.org>; Mon, 9 Sep 2013 14:27:37 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3pED7YmqACSJ for <rtcweb@ietf.org>; Mon, 9 Sep 2013 14:27:37 +0200 (CEST)
Received: from hta-hippo.lul.corp.google.com (unknown [IPv6:2620:0:1043:1:7646:a0ff:fe90:e2bb]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 3B4F039E04C for <rtcweb@ietf.org>; Mon, 9 Sep 2013 14:27:37 +0200 (CEST)
Message-ID: <522DBEB8.5090207@alvestrand.no>
Date: Mon, 09 Sep 2013 14:27:36 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <522D88A8.3010209@ericsson.com> <7594FB04B1934943A5C02806D1A2204B1C49B5A1@ESESSMB209.ericsson.se>
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1C49B5A1@ESESSMB209.ericsson.se>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [rtcweb] Consent freshness in the light of no-SDES (Re: Adopting draft-muthu-behave-consent-freshness?)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Sep 2013 12:29:51 -0000

Changing the subject line to make life simpler for those who count the 
respondents :-)

On 09/09/2013 02:20 PM, Christer Holmberg wrote:
> Hi,
>
> I don't object adoption, but a question for clarification.
>
> The draft says:
>
>     "While a WebRTC browser could verify whether the peer continues to
>     send SRTCP reports before sending traffic to the peer, the usage of
>     SRTCP together with Security Descriptions [RFC4568] requires exposing
>     the media keys to the JavaScript and renders SRTCP unsuitable for
>     consent freshness."
>
> Now, as we have decided to not use SDES, I guess that can be removed.
>
> But, based on that, I'd just like to verify whether there is still a need for the draft :)
>

Personal opinion: I think SRTCP is still unsuitable for consent 
freshness. One reason (apart from any aspect that deals with security, 
on which I don't want to comment) is that if one sets up a connection 
with only a data channel, there will be no SSRCs to send SRTCP on.

v2.23.0 | Report a Bug | By Email