Re: [rtcweb] Same location media

Matthew Kaufman <> Thu, 20 October 2011 16:48 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C4D1921F8C68 for <>; Thu, 20 Oct 2011 09:48:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.598
X-Spam-Status: No, score=-6.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id mWCkBN2UVajT for <>; Thu, 20 Oct 2011 09:48:44 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id C177F21F8C7B for <>; Thu, 20 Oct 2011 09:48:43 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 961D21711; Thu, 20 Oct 2011 18:48:42 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to: content-type; s=mx; bh=HBSGBSmoc7KYIvRPs6edDdFu8OY=; b=uJx3nDMVf Vv9EVgCnefo3LWeIVAH/QRS9sgCrf5I6NfeNreoWXQMiBSl9M2L4qveG4Cdir4o5 m6B8ih81SC6UAC34+Wq/cFZHhOcS77ueHqkli1EEK08of9J9l+V5kYqf+0xVmq14 eAJjcv4au/2xpJIxS6X25E3MErfrXbKqEg=
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=message-id:date:from :mime-version:to:cc:subject:references:in-reply-to:content-type; q=dns; s=mx; b=b68qQxTXURHiqibcOYUE0XLto82BovMpMPWW/O58ws+kMo+U Aqg+Jq2jQAqNxSBZx+oaXq2Bw5Yqo0ZcZE/rPA5G/prUZ3Sy6krKAFkAUJ1DeWWf IUtABlOp2kCBj7jrvFEY83xkuiGjk/q4uEwMs4VxtSJ/HfGWIYoLWXqI1lw=
Received: from ( []) by (Postfix) with ESMTP id 946877F6; Thu, 20 Oct 2011 18:48:42 +0200 (CEST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 524281685A01; Thu, 20 Oct 2011 18:48:42 +0200 (CEST)
X-Virus-Scanned: amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Q+HJmw-Vv603; Thu, 20 Oct 2011 18:48:41 +0200 (CEST)
Received: from Matthew-Kaufman-Air.local (unknown []) by (Postfix) with ESMTPSA id 217723507015; Thu, 20 Oct 2011 18:48:39 +0200 (CEST)
Message-ID: <>
Date: Thu, 20 Oct 2011 09:48:41 -0700
From: Matthew Kaufman <>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: Roman Shpount <>
References: <>
In-Reply-To: <>
Content-Type: multipart/alternative; boundary="------------060005000801010005000302"
Subject: Re: [rtcweb] Same location media
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 20 Oct 2011 16:48:44 -0000

On 10/20/11 9:27 AM, Roman Shpount wrote:
> Changing the topic from "A plea for simplicity, marketability..."
> On Thu, Oct 20, 2011 at 11:57 AM, Iñaki Baz Castillo < 
> <>> wrote:
>     Also you are asuming that the media is sent to the same IP of the web
>     server (in case a RTCweb scenario does not include user2user calls).
>     This is a too much simplified scenario, and you miss that a DNS A
>     record can point to N IP's, and you also miss the case in which the
>     webserver has an IP different than the media server (regardless they
>     both are located within the same provider infrastucture). The browser
>     cannot determine it by itself, so security is always a need, and IMHO
>     it's a bad idea to allow a very corner case in which such security
>     could be relaxed.
> I am not missing the DNS issues. I wanted to bring this up in my 
> previous email, but did not want to confuse the issue. I don't 
> advocate for this case at all, I just wanted to clarify that "same 
> origin media" does not necessarily mean two phones in the same 
> location and means media going to the same location as JavaScript 
> origination.
> Few additional points related to this:
> 1. This is what Flash is doing now for streaming media. It does not 
> need consent to send media to the same server that sent the flash app.

Flash can send media to ANY server that accepts the RTMP or RTMFP 
connection. (And obviously it can attempt to open a connection to any 
address using these protocols.)

The server can then examine headers to determine where the SWF file came 
from, etc.

The "consent" model for Flash is that if you speak RTMP or RTMFP, you 
understand what that is... and neither protocol looks like anything else 
on the wire.

Matthew Kaufman