Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism (Re: Summary of ICE discussion)

Jonathan Rosenberg <jdrosen@jdrosen.net> Tue, 11 October 2011 03:13 UTC

Return-Path: <jdrosen@jdrosen.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D22F21F8CC8 for <rtcweb@ietfa.amsl.com>; Mon, 10 Oct 2011 20:13:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.265
X-Spam-Level:
X-Spam-Status: No, score=-102.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LcIShJpRpHhK for <rtcweb@ietfa.amsl.com>; Mon, 10 Oct 2011 20:13:02 -0700 (PDT)
Received: from ecbiz71.inmotionhosting.com (ecbiz71.inmotionhosting.com [69.174.114.155]) by ietfa.amsl.com (Postfix) with ESMTP id 2C73821F8CE2 for <rtcweb@ietf.org>; Mon, 10 Oct 2011 20:13:02 -0700 (PDT)
Received: from pool-173-63-39-69.nwrknj.fios.verizon.net ([173.63.39.69]:64060 helo=[192.168.1.7]) by ecbiz71.inmotionhosting.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <jdrosen@jdrosen.net>) id 1RDSm5-0002x2-A2 for rtcweb@ietf.org; Mon, 10 Oct 2011 23:13:01 -0400
Message-ID: <4E93B43C.3060106@jdrosen.net>
Date: Mon, 10 Oct 2011 23:13:00 -0400
From: Jonathan Rosenberg <jdrosen@jdrosen.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <4E8B192E.80809@ericsson.com> <E6AA070839B987489960B202AD80E18D019D9119@ftrdmel0.rd.francetelecom.fr> <4E935A8B.8020700@alvestrand.no> <CABcZeBNd0wnAv3KHkzCa4g6tFmGJhADOQDCz-7G=DYwp1yOGzA@mail.gmail.com> <4E9389C0.5050607@jesup.org>
In-Reply-To: <4E9389C0.5050607@jesup.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - ecbiz71.inmotionhosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jdrosen.net
Subject: Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism (Re: Summary of ICE discussion)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2011 03:13:03 -0000

Security issues aside, the proposed solution does not work with existing 
SIP/RTP implementations. The main drawback of the ICE solution is that 
it won't work with deployed equipment. I see little benefit in 
specifying another solution which does not fix the main limitation we 
have with ICE.

-Jonathan R.

On 10/10/2011 8:11 PM, Randell Jesup wrote:
> On 10/10/2011 7:04 PM, Eric Rescorla wrote:
>> On Mon, Oct 10, 2011 at 1:50 PM, Harald
>> Alvestrand<harald@alvestrand.no> wrote:
>>> Changing the subject to keep threads separate....
>>>
>>> On 10/09/2011 12:00 PM, sebastien.cubaud@orange.com wrote:
>>>> Here are the steps I foresee before allowing the establishment of a
>>>> media
>>>> session:
>>>>
>>>> - Let's consider A (a RTC-Web compliant browser) connected to server
>>>> S and
>>>> wishing to share real-time media with destination B (potentially a SIP
>>>> endpoint or a browser)
>>>> - A& B learn via the signalling channel the triple @IP, transport proto
>>>> and associated listening port of the remote media
>>>> - A sends a few RTP packets to B (3 as in RFC 2833/4733 or more?).-
>>>> This
>>>> would allow the mechanism to resist against packet loss -. The
>>>> format of such
>>>> packets are to be discussed
>>>> - Assuming B receives these packets, it then sends via the signalling
>>>> channel an information from the media path unknown from S (i.e. not
>>>> accessible via
>>>> JS).
>>>> I propose to use the min of the sequence number of the RTP packets
>>>> received (which is random per RFC 3550)
>>>
>>> The sequence number is a 16-bit number, so there are 16 bits of
>>> randomness
>>> to play with here.
>>> An attack based on just returning a random number will succeed 1 out of
>>> 65.536 times; if any of the 3 packets' sequence numbers are
>>> acceptable, it
>>> will succeed 1 out of 21.845 times.
>
> If you use the sequence number and the timestamp, you have 48 bits of
> entropy...
>
>

-- 
Jonathan D. Rosenberg, Ph.D.                   SkypeID: jdrosen
Skype Chief Technology Strategist
jdrosen@skype.net                              http://www.skype.com
jdrosen@jdrosen.net                            http://www.jdrosen.net