Re: [rtcweb] On the topic of MTI video codecs
Daniel-Constantin Mierla <miconda@gmail.com> Thu, 31 October 2013 21:40 UTC
Return-Path: <miconda@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5328C21F9E3B for <rtcweb@ietfa.amsl.com>; Thu, 31 Oct 2013 14:40:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.149
X-Spam-Level:
X-Spam-Status: No, score=-2.149 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_43=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7yYbWEi7lP9H for <rtcweb@ietfa.amsl.com>; Thu, 31 Oct 2013 14:40:24 -0700 (PDT)
Received: from mail-ee0-x236.google.com (mail-ee0-x236.google.com [IPv6:2a00:1450:4013:c00::236]) by ietfa.amsl.com (Postfix) with ESMTP id 9090521F9EF2 for <rtcweb@ietf.org>; Thu, 31 Oct 2013 14:40:20 -0700 (PDT)
Received: by mail-ee0-f54.google.com with SMTP id c50so1002615eek.13 for <rtcweb@ietf.org>; Thu, 31 Oct 2013 14:40:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=0YIn02QmbK01WSlcM87af065gu1mzrTa/eCqa7zd8JM=; b=sMD3C6x1uFCy89MGs4DOHwxZI188U9dIPECZ5IQ5p0IU7FA5pM227c/otzLX7Jbtz+ VM1/l6a3csS/V2+k07NQ8jnrzkzAlZ8aMA0mR16+KAX8uyrvDqYJFrHQgnNF5YLP1lzW 8SDXW/vrVjk/PN5f+l1SCtlO7Jn/Ussb5ZK5K0sjCNlfRPlwjmVEgKlgmEtmt5eKGIPM mrbD7shbfT/3GTSjVYXrFnxODHoviIu4qgolsYV8kvxPGLXGBTmPkwab6bInjdIphZRW XZDb7Ne0Gt9rc3qOIoVqQykgBAnmlx8rfwe+hnQ3HP205lggVBuVOm4GQDMiDOCtcSRk jTYA==
X-Received: by 10.14.219.4 with SMTP id l4mr98842eep.37.1383255619615; Thu, 31 Oct 2013 14:40:19 -0700 (PDT)
Received: from [127.0.0.1] (ns.asipto.com. [213.133.111.169]) by mx.google.com with ESMTPSA id j7sm14363935eeo.15.2013.10.31.14.40.16 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 31 Oct 2013 14:40:18 -0700 (PDT)
Message-ID: <5272CE40.4080908@gmail.com>
Date: Thu, 31 Oct 2013 22:40:16 +0100
From: Daniel-Constantin Mierla <miconda@gmail.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Eric Rescorla <ekr@rtfm.com>
References: <527147FF.5010506@nostrum.com> <C72DB04F-F363-45A9-A51F-31900037C239@vipadia.com> <C81F0BD3-F5E6-4E1A-955D-16D55E698BD1@edvina.net> <5272C6C8.3070006@gmail.com> <CABcZeBM6T0a9iLHVujzAiwFi5X5=S0oNK=xR3=FkHM2wi5bngQ@mail.gmail.com>
In-Reply-To: <CABcZeBM6T0a9iLHVujzAiwFi5X5=S0oNK=xR3=FkHM2wi5bngQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------050100080701070303070509"
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, Neil Stratford <neils@vipadia.com>
Subject: Re: [rtcweb] On the topic of MTI video codecs
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: miconda@gmail.com
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Oct 2013 21:40:26 -0000
On 10/31/13 10:27 PM, Eric Rescorla wrote: > > > > On Thu, Oct 31, 2013 at 2:08 PM, Daniel-Constantin Mierla > <miconda@gmail.com <mailto:miconda@gmail.com>> wrote: > > > On 10/31/13 4:10 PM, Olle E. Johansson wrote: > > On 31 Oct 2013, at 10:02, Neil Stratford <neils@vipadia.com > <mailto:neils@vipadia.com>> wrote: > > On 30 Oct 2013, at 17:55, Adam Roach <adam@nostrum.com > <mailto:adam@nostrum.com>> wrote: > > As Jonathan mentioned earlier, this morning Cisco > announced that it will be open sourcing an H.264 > implementation as well as gratis binary modules > compiled from that source and hosted by Cisco for > download. Mozilla will be modifying Firefox to support > H.264 by downloading Cisco's binary module. > > > It seems like most of the groundwork is being done here > for a real codec plugin API which would obviate the need > for any particular codec to be selected as MTI. > > Can we encourage this new codec plugin API to be developed > in an open way as part of the standards process and > therefore be supported in all browsers? (Enabling for > example the addition of VP8 to a browser that may not > natively ship with it.) > > I don't agree. The idea was to create a realtime web platform > without the need for any plugins or downloadable modules. > We've had that for ages and it is not a good solution. > > I am still for a MTI codec or set of codecs so we always can > set up video calls, regardless of implementation and if it's > possible to download by policy or network conditions a > specific binary. > > Downloading a binary opens doors for tons of risks, knowing that > lot of carriers do caching or interpose themselves (e.g., it > happens very commonly for dns to redirect you to some adds page > when typing an invalid domain), thus is easy to replace the > original source, so a rather complex security mechanism has to be > put in place. > > > Solely on the security question... > > I'm not sure what you mean by "rather complex". What I would expect is > to have signed > binaries. This addresses the question of attack from the network and > is how we > intend to handle things in Firefox. > > Note that any product that auto-updates (like Firefox and Chrome) > already need > to have some mechanism for verifying that the things they download are > correct. Typically the updates you mentioned are done from the project's sites, so that is easier to handle. Now there is a third party involved, requiring some sync'ing between Cisco and browser's sites. It's like a menage-a-trios, pretty dirty affair. I wonder why flash plugin was not loaded this way, it was always free -- but had to be downloaded/installed explicitly by users. > > > Even the argument that the code can be compiled and signatures > compared is not really feasible - simply it cannot be done by > mobile devices - they don't have the sdk installed. > > > I don't see why this would be needed. The containing program (e.g., the > browser) doesn't compile, it just does signature verification. > > Obviously, this only addresses the question of attack from the network, > not malicious binaries constructed by Cisco. I expect that to be addressed > by third parties doing verified builds and comparing the binaries. > Presumably, > one could invent some countersignature mechanism to allow clients to > verify that a specific third party had verified a build. If we get to 'one could invent some ...' and wait for that, better wait for a pure open source video codec. Mozilla is working in that direction anyhow. Daniel -- Daniel-Constantin Mierla - http://www.asipto.com http://twitter.com/#!/miconda - http://www.linkedin.com/in/miconda Kamailio Advanced Trainings - Berlin, Nov 25-28 - more details about Kamailio trainings at http://www.asipto.com -
- Re: [rtcweb] On the topic of MTI video codecs Daniel-Constantin Mierla
- Re: [rtcweb] On the topic of MTI video codecs Leon Geyser
- [rtcweb] On the topic of MTI video codecs Adam Roach
- Re: [rtcweb] On the topic of MTI video codecs Leon Geyser
- Re: [rtcweb] On the topic of MTI video codecs Jeremy Laurenson (jlaurens)
- Re: [rtcweb] On the topic of MTI video codecs Adam Roach
- Re: [rtcweb] On the topic of MTI video codecs Jeremy Laurenson (jlaurens)
- Re: [rtcweb] On the topic of MTI video codecs Jeremy Laurenson (jlaurens)
- Re: [rtcweb] On the topic of MTI video codecs Adam Roach
- Re: [rtcweb] On the topic of MTI video codecs Peter Saint-Andre
- Re: [rtcweb] On the topic of MTI video codecs Cullen Jennings (fluffy)
- Re: [rtcweb] On the topic of MTI video codecs Jean-Marc Valin
- Re: [rtcweb] On the topic of MTI video codecs Daniel-Constantin Mierla
- Re: [rtcweb] On the topic of MTI video codecs Olle E. Johansson
- Re: [rtcweb] On the topic of MTI video codecs Silvia Pfeiffer
- Re: [rtcweb] On the topic of MTI video codecs Cullen Jennings (fluffy)
- Re: [rtcweb] On the topic of MTI video codecs Lorenzo Miniero
- Re: [rtcweb] On the topic of MTI video codecs Neil Stratford
- Re: [rtcweb] On the topic of MTI video codecs Olle E. Johansson
- Re: [rtcweb] On the topic of MTI video codecs Eric Rescorla
- Re: [rtcweb] On the topic of MTI video codecs Daniel-Constantin Mierla
- Re: [rtcweb] On the topic of MTI video codecs Eric Rescorla
- Re: [rtcweb] On the topic of MTI video codecs Richard Barnes
- Re: [rtcweb] On the topic of MTI video codecs Eric Rescorla
- Re: [rtcweb] On the topic of MTI video codecs cowwoc
- Re: [rtcweb] On the topic of MTI video codecs Olle E. Johansson
- Re: [rtcweb] On the topic of MTI video codecs Daniel-Constantin Mierla
- Re: [rtcweb] On the topic of MTI video codecs Olle E. Johansson
- Re: [rtcweb] On the topic of MTI video codecs Simon Perreault
- Re: [rtcweb] On the topic of MTI video codecs DRAGE, Keith (Keith)
- Re: [rtcweb] On the topic of MTI video codecs Emil Ivov
- Re: [rtcweb] On the topic of MTI video codecs Chris Wendt
- Re: [rtcweb] On the topic of MTI video codecs Emil Ivov
- Re: [rtcweb] On the topic of MTI video codecs Cullen Jennings