Re: [rtcweb] Comments on draft-ietf-rtcweb-security-06
Ted Hardie <ted.ietf@gmail.com> Thu, 20 February 2014 17:13 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A2221A01AF for <rtcweb@ietfa.amsl.com>; Thu, 20 Feb 2014 09:13:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2uDpw_FlB3tn for <rtcweb@ietfa.amsl.com>; Thu, 20 Feb 2014 09:13:49 -0800 (PST)
Received: from mail-ig0-x22b.google.com (mail-ig0-x22b.google.com [IPv6:2607:f8b0:4001:c05::22b]) by ietfa.amsl.com (Postfix) with ESMTP id 912C41A0211 for <rtcweb@ietf.org>; Thu, 20 Feb 2014 09:13:49 -0800 (PST)
Received: by mail-ig0-f171.google.com with SMTP id uy17so12088105igb.4 for <rtcweb@ietf.org>; Thu, 20 Feb 2014 09:13:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=I/gkwcCqjsc+6V18tdLccIibj/j/4ZUyILILAClmhJI=; b=YZtShi0meaXAK7GXCoO+VDcQp8TBZ37Q2Qc7q5a0ZZo3A+g1tOuLIpNDJyja7ztwqp Jk54hyZhaHNMA8h3Z+Poz6tcgp0JAvfxwF/9OKaI15xtjnXKRivpCOAlZis1xmAH6URA w/Ll3ByUdhJ/B64yjhBQqQFsMmK/7dA6DX7RkzsVxM+2LCCBZ0XrRR1gQsyCLqNxTdex LzOF9TG0aOBeHF7LeMyfPvyWBLdslHWmwJK30oNtIPYphsQ4mcKAXEckRwBcT3tygmOs ALSGy0x7gspyzRK2zO0YO2GtwnoeOvQVJ+Lp5w+pXvIRa6smWMkCqUu30ZNckcju/xko vPnQ==
MIME-Version: 1.0
X-Received: by 10.50.56.109 with SMTP id z13mr3307985igp.6.1392916424743; Thu, 20 Feb 2014 09:13:44 -0800 (PST)
Received: by 10.42.237.206 with HTTP; Thu, 20 Feb 2014 09:13:44 -0800 (PST)
In-Reply-To: <530627C7.30906@ericsson.com>
References: <530627C7.30906@ericsson.com>
Date: Thu, 20 Feb 2014 09:13:44 -0800
Message-ID: <CA+9kkMAMf2qBm4LX3ooPOW3xsBO=LEw045NWDnX3ahWBByaUQQ@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Content-Type: multipart/alternative; boundary="089e0158aa12b2df1304f2d9a0af"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/alLwXcKg5HG2o7GMfG8mQQFCKzU
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Comments on draft-ietf-rtcweb-security-06
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Feb 2014 17:13:53 -0000
On Thu, Feb 20, 2014 at 8:05 AM, Magnus Westerlund < magnus.westerlund@ericsson.com> wrote: > Hi, > > I think a potential issue that isn't discussed in this document is the > security threat of driving data volumes into a network beyond ones > "fair" share. This would simply be to illustrate that communication > consent is not sufficient, to protect other users of a shared network > the WebRTC endpoint MUST prevent transmission of data volumes far > outside of the fair share. > > > Magnus, I'm not sure why you think that issue should be dealt with in this document. This document should deal with cases where a malicious script could send transmissions that are not intended or not welcome. Bbut managing network capacity for *intended* and *welcome* transmissions is not a security concern. It's a congestion management issue, at least as I see it. Am I missing something about your concern? Ted
- [rtcweb] Comments on draft-ietf-rtcweb-security-06 Magnus Westerlund
- Re: [rtcweb] Comments on draft-ietf-rtcweb-securi… Ted Hardie
- Re: [rtcweb] Comments on draft-ietf-rtcweb-securi… Magnus Westerlund
- Re: [rtcweb] Comments on draft-ietf-rtcweb-securi… Martin Thomson
- Re: [rtcweb] Comments on draft-ietf-rtcweb-securi… Ted Hardie
- Re: [rtcweb] Comments on draft-ietf-rtcweb-securi… Martin Thomson
- Re: [rtcweb] Comments on draft-ietf-rtcweb-securi… Magnus Westerlund
- Re: [rtcweb] Comments on draft-ietf-rtcweb-securi… Martin Thomson
- Re: [rtcweb] Comments on draft-ietf-rtcweb-securi… Magnus Westerlund
- Re: [rtcweb] Comments on draft-ietf-rtcweb-securi… Randell Jesup
- [rtcweb] Comments on draft-ietf-rtcweb-security-06 John Mattsson