Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)

Roman Shpount <roman@telurix.com> Tue, 27 September 2011 22:47 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7038121F8B30 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 15:47:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.59
X-Spam-Level:
X-Spam-Status: No, score=-1.59 tagged_above=-999 required=5 tests=[AWL=-0.574, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zzHMghw4YtRr for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 15:47:36 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id C81CC21F8B2B for <rtcweb@ietf.org>; Tue, 27 Sep 2011 15:47:35 -0700 (PDT)
Received: by gyd12 with SMTP id 12so7058469gyd.31 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 15:50:22 -0700 (PDT)
Received: by 10.150.69.26 with SMTP id r26mr5639263yba.322.1317163822184; Tue, 27 Sep 2011 15:50:22 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by mx.google.com with ESMTPS id 5sm1044259anu.23.2011.09.27.15.50.21 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 27 Sep 2011 15:50:21 -0700 (PDT)
Received: by gyd12 with SMTP id 12so7058432gyd.31 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 15:50:20 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.36.232 with SMTP id t8mr40274156pbj.54.1317163820267; Tue, 27 Sep 2011 15:50:20 -0700 (PDT)
Received: by 10.68.55.39 with HTTP; Tue, 27 Sep 2011 15:50:20 -0700 (PDT)
In-Reply-To: <CABcZeBPoQSM=L0-Er3j-ak2M6YfCbJkThbYuR_+=xUmcsxQz9Q@mail.gmail.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <2E239D6FCD033C4BAF15F386A979BF510F1087@sonusinmail02.sonusnet.com> <BLU152-W62B7F2AC3F0D5B6E277CB993F00@phx.gbl> <CAD5OKxt=P3jg9N0weFUZLvUYQxyeXa+9YMtpc8wn7osuPQmTpg@mail.gmail.com> <CAD5OKxtVCgiFV_iAYd1w0uZZcS5+gsixOHJ0jGN=0CMdq++kdg@mail.gmail.com> <CAOJ7v-3PrnNyesL+x-mto9Q9djjiJ13QZHXCiGfY1mv3nubrqQ@mail.gmail.com> <CAD5OKxsKTHCuBQdUnGQtGfF7NmZZExLe9Q9B9cNR=483neuHPQ@mail.gmail.com> <CAOJ7v-1rzdmviAnGknVZmrU_TDNoC3NmWd1g6iyx0WzZ4xB3Pw@mail.gmail.com> <4E820825.9090101@skype.net> <CAD5OKxvmKi3Py0gNcTdREdfS07hA-=f6L+u8KKVgSWztMft9kQ@mail.gmail.com> <CALiegfmL4VSRE+kgs5kXzQc3mCHnKpU-EAbVPKO4QNEYLKje=A@mail.gmail.com> <4E821E47.4080205@alvestrand.no> <CALiegfndBhod6Hoq6h63795x8f=ew28rDys=Fx8ScwVpVJwp1Q@mail.gmail.com> <CABcZeBOoF6MNSpATG2+_e99iRq7Jf9OoWWNCa=qRGW_v+maoHA@mail.gmail.com> <CAD5OKxubnxLAqybCgnBXpKR9S0rBEsoDg9enCaverjVWYad7Ew@mail.gmail.com> <CABcZeBPoQSM=L0-Er3j-ak2M6YfCbJkThbYuR_+=xUmcsxQz9Q@mail.gmail.com>
Date: Tue, 27 Sep 2011 18:50:20 -0400
Message-ID: <CAD5OKxsVE+LwKEcpe+hf+=i87Ucga0_VpkUGJkH5=HixV5Xkmw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary=bcaec520e8179e38f804adf41982
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 22:47:36 -0000

On Tue, Sep 27, 2011 at 6:33 PM, Eric Rescorla <ekr@rtfm.com> wrote:

>
> It's really a mistake to conflate ICE and SRTP here. If the user opets not
> to use SRTP,
> he's primarily hurting himself. If he opts not to use ICE, he's potentially
> allowing his
> browser to be used as an attack platform. These are not the same thing.
>
>
We are not disabling SRTP and ICE. We stop requiring them for the call and
allow to process offers and answers without ICE or SAVP. Offer generated by
RTC should still include "crypto" attributes and ICE candidates. But offers
and answers without "crypto" and ICE candidates should be processed for an
application distributed by this site. We can separate those two settings but
this is primarily the function of use trusting the site vs. not trusting it.


> As for what's convenient for developers... I'm a developer, and while it
> might be useful
> to allow a setting to disable ICE and/or SRTP, that doesn't mean I need to
> expose that
> setting to the user. I really don't understand the virtue of a user-visible
> setting to
> disable the ICE requirement.
>
> -Ekr
>
>

Same reason we allow to add exception for an invalid SSL certificate. This
will allow us to work with end points that are currently available vs just
other RTC clients.

BTW, mechanism similar to SSL certificate exceptions is probably the best
way to implement this. First time an application from a web site gets an
answer without ICE or SRTP, we can show the dialog box and ask user if this
application should be stopped, allowed for current session or allowed
always.
_____________
Roman Shpount