Re: [rtcweb] WebRTC-SIP interop: and why SDES-SRTP is a need

Iñaki Baz Castillo <ibc@aliax.net> Thu, 05 April 2012 09:04 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0550621F85D4 for <rtcweb@ietfa.amsl.com>; Thu, 5 Apr 2012 02:04:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.041
X-Spam-Level:
X-Spam-Status: No, score=-2.041 tagged_above=-999 required=5 tests=[AWL=-0.564, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_39=0.6, J_CHICKENPOX_44=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EJfTnTGEBgAx for <rtcweb@ietfa.amsl.com>; Thu, 5 Apr 2012 02:04:43 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id D027921F8709 for <rtcweb@ietf.org>; Thu, 5 Apr 2012 02:04:37 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so1006522vbb.31 for <rtcweb@ietf.org>; Thu, 05 Apr 2012 02:04:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=Fsb1O7M5sF/GK3BM+29KYZUJa7ETIDR4L8mvebJ2e8Q=; b=VT0MfgVKLWCRsPrRbBxCDkD9l0EjdSPqZbPeGBZ0iH6NZG7qSbKyxqRjC0toTsObAg 8xA5m+Ln20TbGsJWdgZWVus+qnMqvD8XDwLvJ5DmzvYHOVwGeeMCrv0vwp3q0nbrpdna I7PJ0OSMqli8wu5mqmdcpK81qV0ca3kAVxEp32F2jqpHsJYVBOyskby5VAOH1xnfda6N NdMU9d5mITjb1S+Uvt+lDRfApzDKQJXOCLLsgqYbINhCsu2ADkF9AoeAGFhGt7kK2Y8l zrJGVLUqvty4wg2O9ECDxvTWLTu1F+eVmSm1Vgf49Le1DYNnnjggH9vqTGKks5LmwIvi Volw==
Received: by 10.52.94.233 with SMTP id df9mr1073040vdb.119.1333616677202; Thu, 05 Apr 2012 02:04:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.170.165 with HTTP; Thu, 5 Apr 2012 02:04:17 -0700 (PDT)
In-Reply-To: <CAD5OKxuuC1q9uCnREqi_-i0unT=6Uza+oYsCWtanbSjmSi5_DQ@mail.gmail.com>
References: <CALiegfmz6tgm9WF3KWEK5qwaBGADKFyit=egB36zkjZXNKdeHw@mail.gmail.com> <CALiegfnA8_ntYd5f935P_E6vvMwjrzt+j6UhB9vjmo6h-RzfPA@mail.gmail.com> <CAD5OKxsxrDdsoV18KB1gZSsUBPno-k2zs4E2FTUaoUBdXfh5yA@mail.gmail.com> <CAE6kErhTOFP1qna-OKRmJzM=Rssc0UEXTyDgSyKmh2AM+PuviA@mail.gmail.com> <CAD5OKxuuC1q9uCnREqi_-i0unT=6Uza+oYsCWtanbSjmSi5_DQ@mail.gmail.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
Date: Thu, 5 Apr 2012 11:04:17 +0200
Message-ID: <CALiegf=qo4uWjSBx6F5PmN_vqtbqYzQ9e5igqe_YJPKj0BHQvg@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQnC1+t2BTaMNsfgcO4ncXx5wJYrScbUHoWKneid0Vdr2vn43P50x0f0yIPOnBcugx5I1jso
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] WebRTC-SIP interop: and why SDES-SRTP is a need
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2012 09:04:44 -0000

2012/4/5 Roman Shpount <roman@telurix.com>:
> On the more serious note, very few SIP end points offer working ICE support.
> So, in a large sense, interop with them is not an option.

For me there is a BIG difference when a kind of B2BUA is required
(which involves signaling "transaction"). That's the barrier IMHO.

ICE support can be implemented in a ICE-Lite RTP/SRTP proxy, see:

  http://public.aliax.net/WebRTC/WebRTC_SIP_Interop_SDES-SRTP.png

The problem arises when media encrypt/decrypt is required, and evenr
more when a key update in RTP (like the DTLS EKT update) must be
converted into a signaling re-INVITE by a super Signaling+Media B2BUA:

  http://public.aliax.net/WebRTC/WebRTC_SIP_Interop_DTLS-EKT-SRTP.png



> Out of the ones
> that do support ICE and SRTP, very few are actually connected directly to a
> public internet. Most of them are connected to some sort of PBX or an IP PBX
> type service. So, in reality you do not need to bridge every IP phone with
> WebRTC.

That is a *very* limited scope of what WebRTC can provide. An IT
department should be able to deploy its own WebRTC infrastructure (a
Web+WebSocket server) within its "local" network, so browsers
accessing to such a local website share the network with SIP/XMPP
phones/devices/softphones.

Please don't imagine WebRTC and SIP interop as the communication
between two islands ;)



> If a few PBX and hosted centrex vendors will add support for WebRTC
> required features, we will get compatibility with existing end points.

Pure SIP proxies do exist. A PBX is not always needed, so again, SIP
world does not require to be "an island".


> To support the rest you will need to deploy some sort of gateway.

Not in the case SDES+SRTP is allowed in WebRTC (see Fabius's recent
mails about SDES and DTLS).



> hurdle (I am trying to be politically correct here). WebRTC enabled end
> points, on the other hand, will offer significant benefits to traditional
> SIP phones, since they will allow development of higher quality integrated
> real time communications services. I hope this will drive a much quicker
> standard adoption.

The problem is that there is a *NEW* SRTP related spec for WebRTC:

  http://tools.ietf.org/html/draft-ietf-avt-srtp-ekt-03

Maybe it could also become a standard for SIP? I hope, but currently
it's not, so by *mandating* DTLS-EKT-SRTP in WebRTC we are creating a
island.


Regards.


-- 
Iñaki Baz Castillo
<ibc@aliax.net>