IETF Logo Mail Archive

Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-channel-12.txt> (WebRTC Data Channels) to Proposed Standard

tim panton <tim@phonefromhere.com> Tue, 21 October 2014 08:00 UTC

Return-Path: <tim@phonefromhere.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 063871AD09C for <rtcweb@ietfa.amsl.com>; Tue, 21 Oct 2014 01:00:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hvTJhTw5klJq for <rtcweb@ietfa.amsl.com>; Tue, 21 Oct 2014 01:00:45 -0700 (PDT)
Received: from smtp002.apm-internet.net (smtp002-out2.apm-internet.net [85.119.248.225]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F26A21AD0A8 for <rtcweb@ietf.org>; Tue, 21 Oct 2014 01:00:44 -0700 (PDT)
Received: (qmail 2034 invoked from network); 21 Oct 2014 08:00:42 -0000
X-AV-Scan: clean
X-APM-Authkey: 83769 1359
Received: from unknown (HELO zimbra003.verygoodemail.com) (85.119.248.218) by smtp002.apm-internet.net with SMTP; 21 Oct 2014 08:00:42 -0000
Received: from zimbra003.verygoodemail.com (localhost [127.0.0.1]) by zimbra003.verygoodemail.com (Postfix) with ESMTP id 52D3518A108D; Tue, 21 Oct 2014 09:00:43 +0100 (BST)
Received: from [192.168.157.34] (unknown [192.67.4.66]) by zimbra003.verygoodemail.com (Postfix) with ESMTPSA id 1517818A037F; Tue, 21 Oct 2014 09:00:43 +0100 (BST)
Content-Type: text/plain; charset="windows-1252"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: tim panton <tim@phonefromhere.com>
In-Reply-To: <514191b6e7764d30be7ea17d324d8739@CY1PR0501MB1579.namprd05.prod.outlook.com>
Date: Tue, 21 Oct 2014 09:00:40 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <AE750B7B-A920-4ECF-8E35-F0E583CD65A9@phonefromhere.com>
References: <20141010004836.12666.88765.idtracker@ietfa.amsl.com> <03a3bbbc282b4e6d88d587931b46b5f8@CY1PR0501MB1579.namprd05.prod.outlook.com> <57B40110-2F21-4893-B77C-54F46D18567F@lurchi.franken.de> <1DE35922-E890-40C2-87E9-C8C12235920E@phonefromhere.com> <E53B9B7E-37F0-495C-B1BA-DE0A48AC6D73@lurchi.franken.de> <abdfd3ef58dd40028e8d5e2248b5a995@CY1PR0501MB1579.namprd05.prod.outlook.com> <543A5570.7060208@alvestrand.no> <B53499C4-6B51-4E8E-87C2-C8E5C10DBC34@lurchi.franken.de> <543A9E11.2030605@alvestrand.no> <F5C54F5E-C301-4EC7-9536-E43EA3A16863@lurchi.franken.de> <543ABE69.8030104@alvestrand.no> <99078EA5-5FE7-431F-9C70-EEA882F4C3C6@lurchi.franken.de> <E1FE4C082A89A246A11D7F32A95A17828E5DA2AC@US70UWXCHMBA02.zam.alcatel-lucent.com> <71e2b21516cb496eb4d1ad2b26e53a29@CY1PR0501MB1579.namprd05.prod.outlook.com> <543CD1CD.3000001@alvestrand.no> <5440E38F.9070809@jesup.org> <c4ff2fdcd48f4388b67f3e1ffed8edfe@CY1PR0501MB1579.namprd05.prod.outlook.com> <5442B41D.6040307@jesup.org> <514191b6e7 764d30be7ea17d324d8739@CY1PR0501MB1579.namprd05.prod.outlook.com>
To: "Wyss, Felix" <Felix.Wyss@inin.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/cefCzHjJhdrBjkUZVoJgCV6chls
Cc: Randell Jesup <randell-ietf@jesup.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-channel-12.txt> (WebRTC Data Channels) to Proposed Standard
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Oct 2014 08:00:47 -0000

On 21 Oct 2014, at 08:35, Wyss, Felix <Felix.Wyss@inin.com> wrote:
> 
> 
>> I disagree that role won't work if the middlebox is just forwarding
>> offers and answers - that's what every WebRTC signaling server is doing
>> today.   However, as I think you implied, you're also terminating DTLS
>> but forwarding SCTP (and media).  This a) implies packet-relay; b)
>> implicit decryption of all media at the server (NOTE this is a
>> security/privacy/MITM issue).
> 
> Yes, that's the intended use-case: The middlebox is a trusted man-in-the-middle.  In order to record and/or perform analytics on the media flowing through it, it obviously has to decrypt it.  That can only be done by terminating DTLS (and decrypting/re-encrypting SRTP.)    

If the middle box is trusted, only interested in media and known about by the application, then the application should create a separate 
direct data channel only DTLS connection between the endpoints that bypasses the middle box, with a small amount of extra application
effort we remove the need for even more random extra SDP lines. Remember these are programmable endpoints - not dumb SIP devices with fixed behaviours.

Unless the middle box is performing ‘analytics’ on the DC data too, but that isn’t the use-case you mentioned.

Tim.

v2.23.0 | Report a Bug | By Email