Re: [rtcweb] Requiring ICE for RTC calls

Roman Shpount <roman@telurix.com> Tue, 27 September 2011 14:43 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FA1121F8CB1 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 07:43:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.638
X-Spam-Level:
X-Spam-Status: No, score=-2.638 tagged_above=-999 required=5 tests=[AWL=0.338, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kudnDtyDw9ad for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 07:43:44 -0700 (PDT)
Received: from mail-pz0-f50.google.com (mail-pz0-f50.google.com [209.85.210.50]) by ietfa.amsl.com (Postfix) with ESMTP id E5C1621F8CA7 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 07:43:43 -0700 (PDT)
Received: by pzk37 with SMTP id 37so18701443pzk.9 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 07:46:29 -0700 (PDT)
Received: by 10.68.17.193 with SMTP id q1mr28384956pbd.98.1317134789532; Tue, 27 Sep 2011 07:46:29 -0700 (PDT)
Received: from mail-pz0-f50.google.com (mail-pz0-f50.google.com [209.85.210.50]) by mx.google.com with ESMTPS id ml4sm85221456pbc.0.2011.09.27.07.46.27 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 27 Sep 2011 07:46:29 -0700 (PDT)
Received: by pzk37 with SMTP id 37so18701350pzk.9 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 07:46:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.36.232 with SMTP id t8mr37689328pbj.54.1317134787264; Tue, 27 Sep 2011 07:46:27 -0700 (PDT)
Received: by 10.68.55.39 with HTTP; Tue, 27 Sep 2011 07:46:27 -0700 (PDT)
In-Reply-To: <C2DF2C51-B3F7-443D-A047-7E6FB03E6D20@phonefromhere.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <CAD5OKxvUOadaU0dnB7-Ho9cZ92VY+4Owuhj7oKPCx9Jy1iwT1Q@mail.gmail.com> <C2DF2C51-B3F7-443D-A047-7E6FB03E6D20@phonefromhere.com>
Date: Tue, 27 Sep 2011 10:46:27 -0400
Message-ID: <CAD5OKxsy2eKx5Bc8iayYazSyyykZZTGx9UO7NEE=fxYYdouy0w@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Tim Panton <tim@phonefromhere.com>
Content-Type: multipart/alternative; boundary=bcaec520e8171dc15204aded5784
Cc: Randell Jesup <randell-ietf@jesup.org>, rtcweb@ietf.org
Subject: Re: [rtcweb] Requiring ICE for RTC calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 14:43:44 -0000

>
>
> I am confused. Which phones today connect directly to a SIP to PSTN gateway
> ? I'd guess none.
> Almost all of them go through some registrar and/or proxy.
>
>
We are not talking about SIP proxy here. We are talking about media proxy.
These have a tendency to consume wast quantities of CPU and bandwidth, since
they need to resend every media packet. There is no doubt that we need a
proxy for signaling but it will not require as much resources.



> No, HTTP today does not let me probe the innards of your network ( inside
> your firewall) just by sending
> a legal but evil payload. If you permit webRTC without ICE, then the
> browser can be told to fake up UDP packets
> and send them to anywhere on your inner LAN. DOS-city.
>
> Tim.
>

How real or big do you think this problem is going to be? None of the
current SIP/VoIP clients address this now, and we have quite a number of
them out there. I understand that this is an attack vector but how big of an
attack vector is this going to be if we ask for user confirmation?
_____________
Roman Shpount