IETF Logo Mail Archive

[rtcweb] use cases, F20 and encryption, SCTP - comments on draft-ietf-rtcweb-use-cases-and-requirements-07

"Dan Wing" <dwing@cisco.com> Fri, 27 April 2012 16:48 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EAEE721F8742 for <rtcweb@ietfa.amsl.com>; Fri, 27 Apr 2012 09:48:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -109.999
X-Spam-Level:
X-Spam-Status: No, score=-109.999 tagged_above=-999 required=5 tests=[AWL=0.600, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mO9FNVxqaTmV for <rtcweb@ietfa.amsl.com>; Fri, 27 Apr 2012 09:48:58 -0700 (PDT)
Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id DE81921F8749 for <rtcweb@ietf.org>; Fri, 27 Apr 2012 09:48:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=2893; q=dns/txt; s=iport; t=1335545338; x=1336754938; h=from:to:subject:date:message-id:mime-version: content-transfer-encoding; bh=JWea98V22PjPy6ukMSaXqFjPX/2pZX5LfgcXStlN+m0=; b=MdUWUW9POdn5mosFDfd6Q8VO5Q7hlGnZrSfxQD/nUFHQBxhEsx6RY7C6 /sNhXdPgcXEsUO7tMnu/qvSxnxuuHfq5Lym43/hUZ0f/fj16RemFXvN2O 2TW4JjTptlpm2am1CYQ5BITB23eCbfQctIyDBCF5Rrsg/ok5syhc9U/j7 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ag4FALLMmk+rRDoI/2dsb2JhbABEoV2QE4EHggkBAQEDAQgKARcQRAgFGFAjHAEEAR0Xh2YEnCSgJ5FDBIhjhRaWW4FpgwiBNhc
X-IronPort-AV: E=Sophos;i="4.75,492,1330905600"; d="scan'208";a="42500611"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-2.cisco.com with ESMTP; 27 Apr 2012 16:48:57 +0000
Received: from dwingWS ([10.32.240.194]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id q3RGmvdh017189; Fri, 27 Apr 2012 16:48:57 GMT
From: Dan Wing <dwing@cisco.com>
To: rtcweb@ietf.org, draft-ietf-rtcweb-use-cases-and-requirements@tools.ietf.org
Date: Fri, 27 Apr 2012 09:48:57 -0700
Message-ID: <0fc001cd2495$a3985950$eac90bf0$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac0klaNevo0d44RfRCq5Fp+jMoa+lw==
Content-Language: en-us
Subject: [rtcweb] use cases, F20 and encryption, SCTP - comments on draft-ietf-rtcweb-use-cases-and-requirements-07
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Apr 2012 16:48:59 -0000

> The chairs would like to ask the working group to focus on the use
> case draft.  If you have use cases that need to be added to the
> document or text changes you'd like to suggest, please send them in
> for discussion before May 15th.  After this round, we will look
> toward having a working group last call on the document (hopefully
> before the interim meeting).

A few comments on draft-ietf-rtcweb-use-cases-and-requirements-07:


1. Requirement F20 states:

   F20  It MUST be possible to protect streams from eavesdropping.

Consensus in the room during my presentation to RTCWEB at IETF83 was that we
don't need to support un-encrypted media (RTP) at all, and that all media
would be SRTP.  Can that be captured in F20 by re-wording, or perhaps in a
new requirement if we can't reword F20?  If there is a need or desire to
validate that consensus on list, let's please ask the chairs to do that.


2. I noticed there is no requirement that we have a baseline for how SRTP
media is keyed (although there is a baseline requirement for codecs).  This
is a critical requirement.  I suggest adding "The browser MUST support a
baseline SRTP keying mechanism."  We have not reached consensus on that
keying mechanism, but the requirement is real.


3. I see the document restricts its scope to media streams in the
Introduction with:

  "The document focuses on requirements related to real-time media
   streams.  Requirements related to privacy, signalling between the
   browser and web server etc. are currently not considered."

However, RTCWEB is also supports a data communication between browsers.  I
am worried if we do not specify requirements for the data communication we
will have problems.  I believe the expectation is that if the audio/video
stream works, that the data communication stream also work.  We need to
capture requirements for the data communication stream somewhere:

  - a requirement to support data communication
  - that the chosen data communication protocol supports multiple streams
(which is why SCTP was chosen over TCP)
  - for NAT/firewall traversal of the data communication protocol (which is
why SCTP-over-UDP was chosen and another reason TCP was not chosen)
  - for encrypting that data communication session
  - a requirement for SCTP-over-UDP to work when UDP is blocked (aligning
with the existing F29 for audio/video)
  - a requirement to do ICE connectivity checks prior to bringing up DTLS (I
don't know if that is really a requirement, but I recall it mentioned at the
RTCWEB interim in Mountain View).  

Based on the scoping of the draft-ietf-rtcweb-use-cases-and-requirements,
the omission of the data communication stream is intentional.  If not in
draft-ietf-rtcweb-use-cases-and-requirements, where can we capture the
requirements for the data communication stream?

-d

v2.23.0 | Report a Bug | By Email