Re: [rtcweb] Let's define the purpose of WebRTC

Hadriel Kaplan <> Mon, 07 November 2011 03:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5463C21F86AA for <>; Sun, 6 Nov 2011 19:20:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.461
X-Spam-Status: No, score=-2.461 tagged_above=-999 required=5 tests=[AWL=0.138, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Rsb44aqE7iBE for <>; Sun, 6 Nov 2011 19:20:28 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id BBB7521F86A4 for <>; Sun, 6 Nov 2011 19:20:28 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Sun, 6 Nov 2011 22:20:27 -0500
Received: from ([]) by ([]) with mapi id 14.01.0270.001; Sun, 6 Nov 2011 22:20:27 -0500
From: Hadriel Kaplan <>
To: Eric Rescorla <>
Thread-Topic: [rtcweb] Let's define the purpose of WebRTC
Thread-Index: AQHMnPwxU1Ft+mkH70qnimGgVzJd/A==
Date: Mon, 7 Nov 2011 03:20:26 +0000
Message-ID: <>
References: <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: AAAAAQAAAWE=
Cc: "<>" <>
Subject: Re: [rtcweb] Let's define the purpose of WebRTC
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 07 Nov 2011 03:20:29 -0000

On Nov 6, 2011, at 9:38 AM, Eric Rescorla wrote:

> Hmm... I I don't see any
> reason to allow insecure calling from one WebRTC client to another.
> It's a different question whether one should allow insecure calling
> to legacy clients.


>> IMHO, if a web service doesn't want to take, or cannot take, the hit
>> for SRTP, WebRTC is not the appropriate solution for such a service.
> I'm exceedingly unsympathetic to the claim that SRTP is too slow. This
> is precisely the claim that was made about TLS for years, but measurements
> (see Langley and Modadugu's Overclocking SSL talk at Velocity) show
> that that's not really true.

Who said "too slow"?  There *is* an extra round-trip or two involved I presume, if we're talking DTLS-SRTP, but no I didn't mean that as a "hit".  I just meant the extra computing cycles for SRTP being a "hit".  For WebRTC-to-WebRTC I don't think that matters at all.  For WebRTC-to-media-server it might, for a free game app or greeting card app that don't care about it to begin with, and which use plaintext HTTP to begin with.

(this isn't a big deal regardless - just something to think about whether we care or not)