Re: [rtcweb] RTCWeb default signaling protocol [was RE: About defining a signaling protocol for WebRTC (or not)]

Randell Jesup <> Mon, 19 September 2011 07:23 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C05B521F8B66 for <>; Mon, 19 Sep 2011 00:23:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.505
X-Spam-Status: No, score=-2.505 tagged_above=-999 required=5 tests=[AWL=0.094, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id e8KY6A7F-5gt for <>; Mon, 19 Sep 2011 00:23:30 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 3549B21F8B5A for <>; Mon, 19 Sep 2011 00:23:30 -0700 (PDT)
Received: from ([] helo=[]) by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <>) id 1R5YEi-0007ti-3E for; Mon, 19 Sep 2011 02:25:52 -0500
Message-ID: <>
Date: Mon, 19 Sep 2011 03:22:30 -0400
From: Randell Jesup <>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1
MIME-Version: 1.0
References: <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
Subject: Re: [rtcweb] RTCWeb default signaling protocol [was RE: About defining a signaling protocol for WebRTC (or not)]
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 19 Sep 2011 07:23:30 -0000

On 9/17/2011 1:27 PM, Hadriel Kaplan wrote:
> On Sep 17, 2011, at 4:27 AM, Olle E. Johansson wrote:
>> They will be able to use the rtcweb data channel, which is a concern.
> Yes, that's actually the most interesting piece of this whole thing, in my opinion.  Browsers don't typically offer raw sockets to javascript as far as I know.  And not only does it raise a lovely set of security concerns, but also network collapse issues since UDP has no congestion backoff and I believe the data channel we're talking about is UDP(?).

Actually DTLS channels; they're effectively UDP, but encrypted.  However,
per a few messages you'll have seen from me, discussion at the last IETF
and the call a week and a bit ago, we will plan to extend the congestion
control domain to include controlling the data channels.  Ironically
reliable data channels would be easier to handle than unreliable (you
could just use TCP-over-UDP); but we plan to do better than that.

> And since the data channel is actually peer-to-peer rather than client-to-server, the issues with not standardizing its protocol become harder. I.e., leaving it a raw socket will only work if it goes between the same javascripts, inside the same domain - if that's ok, then the only issue is this would be put into SDP, and SDP isn't constrained by a javascript domain.  Hmm... gosh, if only rtcweb didn't use SDP as its browser API...
> :)

Well, depending on how the data channels are set up, they may not be required
to include in the SDP at all; they could be instantiated on-demand in the
of an open PeerConnection.

Data channels at this point are assumed to be application-specific and not
subject to being exchanged during federation; we should think a little about this.

Randell Jesup