Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu-behave-consent-freshness-04.txt
"Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com> Wed, 17 July 2013 06:37 UTC
Return-Path: <mperumal@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1339221F9D4A; Tue, 16 Jul 2013 23:37:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.427
X-Spam-Level:
X-Spam-Status: No, score=-10.427 tagged_above=-999 required=5 tests=[AWL=0.172, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iFYc2UfNHoHx; Tue, 16 Jul 2013 23:37:16 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id A770B21F9D12; Tue, 16 Jul 2013 23:37:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4666; q=dns/txt; s=iport; t=1374043036; x=1375252636; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=kacILdAJAaZOItV8uLV5qERGnmYWwob0yAqANn1IcBQ=; b=duMAhSoKL7YIQDDyswPKg9arZko5YKT9uT7+Zpi7/BnuvvJ7wNHf8Epn 1VuW2/rOtldq/UmAf8Y9650mpUBx03mF1ZXxBNu1G/Z4wo7xUqdRbHV2G P80yHTitBknLxZTYmMEB/08wKET5XxtiyjCTeKrpczvlNMetoTwmZOASR M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgkFAPQ55lGtJXG8/2dsb2JhbABagwY0T8IygQ0WdIIjAQEBBAEBAWsLDAQCAQgRBAEBCx0HJwsUCAEIAgQOBQiICAy1YwSPPTEHBoMGbgOIb6A6gVmBOYIo
X-IronPort-AV: E=Sophos;i="4.89,682,1367971200"; d="scan'208";a="235793175"
Received: from rcdn-core2-1.cisco.com ([173.37.113.188]) by rcdn-iport-5.cisco.com with ESMTP; 17 Jul 2013 06:37:15 +0000
Received: from xhc-aln-x07.cisco.com (xhc-aln-x07.cisco.com [173.36.12.81]) by rcdn-core2-1.cisco.com (8.14.5/8.14.5) with ESMTP id r6H6bFL9002810 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 17 Jul 2013 06:37:15 GMT
Received: from xmb-rcd-x02.cisco.com ([169.254.4.192]) by xhc-aln-x07.cisco.com ([173.36.12.81]) with mapi id 14.02.0318.004; Wed, 17 Jul 2013 01:37:15 -0500
From: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
To: "Avasarala, Ranjit (NSN - IN/Bangalore)" <ranjit.avasarala@nsn.com>
Thread-Topic: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu-behave-consent-freshness-04.txt
Thread-Index: AQHOgiT6JQEMzVPeD0imnIi9kp/qUZloXWjAgAAJRoA=
Date: Wed, 17 Jul 2013 06:37:15 +0000
Message-ID: <E721D8C6A2E1544DB2DEBC313AF54DE22419B715@xmb-rcd-x02.cisco.com>
References: <20130715173816.18605.12504.idtracker@ietfa.amsl.com> <E721D8C6A2E1544DB2DEBC313AF54DE224198182@xmb-rcd-x02.cisco.com> <51E513BF.2040405@viagenie.ca> <E721D8C6A2E1544DB2DEBC313AF54DE224199A15@xmb-rcd-x02.cisco.com> <51E536C1.1080507@viagenie.ca> <E721D8C6A2E1544DB2DEBC313AF54DE224199D69@xmb-rcd-x02.cisco.com> <51E544BC.6000608@viagenie.ca> <E54AEADE791D51469F45E7FBB9643915090BC6@SGSIMBX001.nsn-intra.net>
In-Reply-To: <E54AEADE791D51469F45E7FBB9643915090BC6@SGSIMBX001.nsn-intra.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [72.163.208.222]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "behave@ietf.org" <behave@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu-behave-consent-freshness-04.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jul 2013 06:37:22 -0000
Ranjit, |Many publicly available STUN servers or those that are part of Call servers |may not support this. Public STUN servers and call servers are not expected to support this. |Can't there be some other neutral mechanism to query peer's consent - through |signaling? No. That signaling between the JS and the web server could be anything (SIP or XMPP or proprietary or whatever) and the browser has no control over it. Muthu |-----Original Message----- |From: Avasarala, Ranjit (NSN - IN/Bangalore) [mailto:ranjit.avasarala@nsn.com] |Sent: Wednesday, July 17, 2013 11:19 AM |To: Muthu Arul Mozhi Perumal (mperumal) |Cc: rtcweb@ietf.org; behave@ietf.org |Subject: RE: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu-behave-consent-freshness-04.txt | |Hi Muthu | |Though using STUN request/response may be good for querying about consent, I feel it is overloading |the functionality of STUN. Many publicly available STUN servers or those that are part of Call servers |may not support this. | |Can't there be some other neutral mechanism to query peer's consent - through signaling? | | |Regards |Ranjit | | | |-----Original Message----- |From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of ext Simon Perreault |Sent: Tuesday, July 16, 2013 6:34 PM |To: Muthu Arul Mozhi Perumal (mperumal) |Cc: rtcweb@ietf.org; behave@ietf.org |Subject: Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu-behave-consent-freshness-04.txt | |Le 2013-07-16 14:43, Muthu Arul Mozhi Perumal (mperumal) a écrit : |> |> |> Liveness timer: If no packets have been received on the local port in |> |> |> Tr seconds, the WebRTC browser MUST inform the JavaScript that |> |> |> connectivity has been lost. The JavaScript application will use this |> |> |> notification however it desires (e.g., cease transmitting to the |> |> |> remote peer, provide a notification to the user, etc.). |> |> | |> |> |This seems to me like it will not fulfill the goal set in the abstract: |> |> |"to ensure that a malicious JavaScript cannot use the browser as a |> |> |platform for launching attacks". If the JavaScript is free to ignore the |> |> |notification from the browser, then it has no security benefits. If you |> |> |want to reach that goal, the browser needs to forcefully stop transmitting. |> |> |> |> That goal is fulfilled by the consent checks -- the browser would stop transmitting everything on |> |that candidate pair, including liveness checks, if there is a consent failure. |> | |> |That's not what the draft says. It says that the browser "notifies" the |> |JS app. It needs to say that the browser MUST stop sending. |> |> No. That section is about liveness check and its intention is just notify the JavaScript of a |potential connectivity loss. It is when the consent check fails the browser actually stops sending |everything. Does the draft need more text on the distinction between consent and liveness tests? | |Ah! No, you're right, and the text is already perfectly clear about |this. No need to change. I was just confused. | |> |> |> When not actively sending traffic on a nominated candidate pair, |> |> |> performing consent freshness does not serve any purpose from a |> |> |> security perspective. |> |> | |> |> |I don't understand what this means. Why is the "security perspective" |> |> |important here? Aren't we concerned about keepalives? |> |> |> |> You mean one could use keepalives (Binding indications) for launching attacks, so consent |freshness |> |would be required for sending them as well? |> | |> |No. |> | |> |This is a section about keepalives. I just don't understand this |> |sentence, and I don't understand why it talks about security. |> |> Ok, let me elaborate: |> - Consent freshness is not necessary when the browser is not sending any |> traffic on a candidate pair. |> - If the browser is not performing consent freshness on a candidate pair |> for the above reason, it performs ICE keepalives (or RTP keepalives) to |> refresh NAT bindings. |> |> Of course, the browser could continue performing consent freshness even when it is not sending any |other traffic on that candidate pair and skip ICE keepalives. | |Ah, ok I understand with your explanation. It makes sense. There should |be a way to reformulate the text to make it clearer. | |Thanks, |Simon |_______________________________________________ |rtcweb mailing list |rtcweb@ietf.org |https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] FW: I-D Action: draft-muthu-behave-conse… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Simon Perreault
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Simon Perreault
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Avasarala, Ranjit (NSN - IN/Bangalore)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Avasarala, Ranjit (NSN - IN/Bangalore)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Eric Rescorla
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Avasarala, Ranjit (NSN - IN/Bangalore)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Simon Perreault
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Eric Rescorla
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Avasarala, Ranjit (NSN - IN/Bangalore)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] [BEHAVE] FW: I-D Action: draft-muthu… Avasarala, Ranjit (NSN - IN/Bangalore)