Re: [rtcweb] STUN for keep-alive - RTCP-less applications

Iñaki Baz Castillo <ibc@aliax.net> Sat, 24 September 2011 13:35 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3C2121F8B48 for <rtcweb@ietfa.amsl.com>; Sat, 24 Sep 2011 06:35:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.641
X-Spam-Level:
X-Spam-Status: No, score=-2.641 tagged_above=-999 required=5 tests=[AWL=0.035, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ESKLZecwLNWP for <rtcweb@ietfa.amsl.com>; Sat, 24 Sep 2011 06:35:13 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 0511321F8B46 for <rtcweb@ietf.org>; Sat, 24 Sep 2011 06:35:12 -0700 (PDT)
Received: by vcbfo11 with SMTP id fo11so2417851vcb.31 for <rtcweb@ietf.org>; Sat, 24 Sep 2011 06:37:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.171.208 with SMTP id i16mr294807vcz.122.1316871468884; Sat, 24 Sep 2011 06:37:48 -0700 (PDT)
Received: by 10.220.94.200 with HTTP; Sat, 24 Sep 2011 06:37:43 -0700 (PDT)
Received: by 10.220.94.200 with HTTP; Sat, 24 Sep 2011 06:37:43 -0700 (PDT)
In-Reply-To: <7DEACFFC-8AF3-4450-8844-FF6E187AE4D2@edvina.net>
References: <7F2072F1E0DE894DA4B517B93C6A05852233EDB21D@ESESSCMS0356.eemea.ericsson.se> <4E70D2E6.1000809@alvestrand.no> <CABcZeBORi5NLSsztnMfkwL43p9oKG9mi6e1WWOaiafAO_DpTVg@mail.gmail.com> <7F2072F1E0DE894DA4B517B93C6A05852233D45FA3@ESESSCMS0356.eemea.ericsson.se> <CABcZeBO9hUSYZhLrcfbaK9HLGXq-q1EvqWOy6-gAN5xom6Z2-A@mail.gmail.com> <092401cc749b$8fd64940$af82dbc0$@com> <CABcZeBPgRD6kb2gg=m9NckSa1wrzwzJS6527nYqFG34b0cjfgQ@mail.gmail.com> <4E765E4A.3050801@alvestrand.no> <7532C74D-D0D7-474D-80C7-61C07E9290AA@edvina.net> <7D7982AF-7478-4AFD-9F39-ED04A43FEF53@edvina.net> <673BCA71-B624-4DCA-B681-7012E6F9D202@acmepacket.com> <4E799E18.30000@ericsson.com> <855B9078-A81F-45D9-B12F-46CC46C15B60@acmepacket.com> <4E79D5DF.4050402@ericsson.com> <68121E70-4363-47F8-8761-23728C56D003@acmepacket.com> <9348BF4A-8674-4888-9DDC-C734FB935A28@csperkins.org> <7B9A57BB-A585-487D-9655-D835C527059B@acmepacket.com> <4E7AE83E.9090508@ericsson.com> <CALiegfmxjP5ojZeAoz6sYUkKwE7XOtTSGJAOydbX+sm23hrwjg@mail.gmail.com> <7DEACFFC-8AF3-4450-8844-FF6E187AE4D2@edvina.net>
Date: Sat, 24 Sep 2011 15:37:43 +0200
Message-ID: <CALiegf=5OPFjvn8WaJq_38OKuGkCed4-M0JTEKJczcCvkAj2YA@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: "Olle E. Johansson" <oej@edvina.net>
Content-Type: multipart/alternative; boundary="0016363107411e24bc04adb008b7"
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>, Colin Perkins <csp@csperkins.org>
Subject: Re: [rtcweb] STUN for keep-alive - RTCP-less applications
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Sep 2011 13:35:13 -0000

Hi. I dont mean that security decisions are taken by the final user, but by
the service provider. If it is a local intranet or the users access the
intranet via a secure vpn, security can be relaxed ans the site provider
could determine that plain rtp is allowed.
El 24/09/2011 13:51, "Olle E. Johansson" <oej@edvina.net> escribió:
>
> 22 sep 2011 kl. 13:08 skrev Iñaki Baz Castillo:
>
>> I can understand that some requirements can be imposed to RTCweb
>> environments in the media plane, but try at least to make it
>> compatible with VoIP networks out there. For example, requiring SRTP o
>> ZRTP could make sense (anyhow I don't see why that should be a
>> requirement in a local intranet in which plain-RTP is already used for
>> SIP communication).
>
> This is where you get it wrong. You are pushing the decision to the user.
They have to evaluate the network
> their browser is currently attached to and make a decision on what kind of
security they
> need for this particular network. Even in the office, the iPad on your
desk might be connected
> to 3G because it lost contact with the wifi.
>
> I think we can not require that users are able to perform a security
evaluation of each and
> every network the device their browser is running on connects to. Make it
secure by default.
> I mean, this is the year 2011 and we do have CPUs that can handle it.
People walk around
> with dual core in their pockets.
>
> /O