IETF Logo Mail Archive

Re: [rtcweb] I-D Action: draft-ietf-rtcweb-data-protocol-01.txt

Eric Rescorla <ekr@rtfm.com> Tue, 29 October 2013 20:48 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4892011E81C4 for <rtcweb@ietfa.amsl.com>; Tue, 29 Oct 2013 13:48:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.976
X-Spam-Level:
X-Spam-Status: No, score=-102.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6MGWpSrax0vQ for <rtcweb@ietfa.amsl.com>; Tue, 29 Oct 2013 13:48:27 -0700 (PDT)
Received: from mail-wi0-f176.google.com (mail-wi0-f176.google.com [209.85.212.176]) by ietfa.amsl.com (Postfix) with ESMTP id CDA6011E81BB for <rtcweb@ietf.org>; Tue, 29 Oct 2013 13:48:24 -0700 (PDT)
Received: by mail-wi0-f176.google.com with SMTP id ex4so3465900wid.9 for <rtcweb@ietf.org>; Tue, 29 Oct 2013 13:48:24 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ROZurSU7jHl5XJEaaHnWJUgscIkzxBUggya1XqKRb1I=; b=lVha6+dnQs54bKB80HRP6CyqyvduTl3Pr/W6Payj+6Px5RsLGnr5c275mKg/bSF7Go 5o/wDYXfY8Ucntha//jXAEubxSuD7w+qZ66TlJtbzj9wRUYO1FR6tyfCJarof1uUBw4u kucKunluUNFPNn/oGrLjFsW4oEIi/UinH56xrSSgeY/ejOCFaGBZYYSANuSr+1DCxOFS BIWnd4HT0edM2ffD9jrbxNZMk9KOisWgnPdwgdk2Y5nRzfh5wh9vZR8c8TZJNbS+yqVH 8HxXhaTnTdo3rdnZju2pZ4hDzHHKtnXSb7s9LQm7Hi0qRQigeGcaA57gOwG3L91sF95p fgAA==
X-Gm-Message-State: ALoCoQnCwegzEkTL9a5HFC9JEQCn1KWKn6UkZifzA9x0Frhe4RQce4m9AhDbtLnorn1lclxilB7Y
X-Received: by 10.180.24.137 with SMTP id u9mr1111293wif.5.1383079704002; Tue, 29 Oct 2013 13:48:24 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.152.137 with HTTP; Tue, 29 Oct 2013 13:47:43 -0700 (PDT)
X-Originating-IP: [184.105.243.107]
In-Reply-To: <527005A1.7000007@alum.mit.edu>
References: <20131021191343.32574.60876.idtracker@ietfa.amsl.com> <03FBA798AC24E3498B74F47FD082A92F3D86C821@US70UWXCHMBA04.zam.alcatel-lucent.com> <A87B4291-FA11-43BB-B8F0-55C59CF63421@lurchi.franken.de> <CAOJ7v-20YkvazNLqmbjQcOkhaedd+MKm8d6x2oeL46imvuLrzA@mail.gmail.com> <03FBA798AC24E3498B74F47FD082A92F3D86C8DB@US70UWXCHMBA04.zam.alcatel-lucent.com> <120FE29C-150E-47BF-951C-B8124EB7A262@lurchi.franken.de> <03FBA798AC24E3498B74F47FD082A92F3D86C9A2@US70UWXCHMBA04.zam.alcatel-lucent.com> <5269F3B5.2020308@alvestrand.no> <03FBA798AC24E3498B74F47FD082A92F3D86CD4C@US70UWXCHMBA04.zam.alcatel-lucent.com> <526C4297.2000006@alum.mit.edu> <526CE0BE.90606@jesup.org> <526FD2D8.7000709@alum.mit.edu> <CABcZeBOiKboabmjRqWxzD8-SD9M01FkuQEH9M4+jN8dV=t0Z8Q@mail.gmail.com> <526FFEBC.7090302@alum.mit.edu> <CABcZeBMdqJuRdrrRmxq8M-1AiX2cikxRN2NbPTg2k9rRytmpjQ@mail.gmail.com> <527005A1.7000007@alum.mit.edu>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 29 Oct 2013 13:47:43 -0700
Message-ID: <CABcZeBMY+LtBEWEJfkkv4+ctqg0PoPN2=JCPdk_QOZpFUO_tcw@mail.gmail.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
Content-Type: multipart/alternative; boundary="f46d04447f67741ca804e9e7564d"
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-data-protocol-01.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 20:48:44 -0000

On Tue, Oct 29, 2013 at 11:59 AM, Paul Kyzivat <pkyzivat@alum.mit.edu>wrote:

> (trimming)
>
>
> On 10/29/13 2:46 PM, Eric Rescorla wrote:
>
>               Is it not possible for an intermediary on the signaling path
>> to
>>              insert itself in the media path, manipulating the SDP such
>>         that the
>>              two ends both establish the DTLS with the intermediary?
>>
>>         There is a separate role negotiation for DTLS (actpass, etc.)
>>         that works
>>         even if both sides think they are the offerer or answerer.
>>
>>
>>     I know about that. That mechanism is also used for TCP negotiation
>>     in SDP. And that is one place where an intermediary sometimes sticks
>>     its nose in explicitly to manipulate the roles, allowing both ends
>>     to be active.
>>
>>     In the current case, ICE and possible TURN result in getting the
>>     media path established without those games. So maybe there is less
>>     motivation for an intermediary. But still, they still seem to show
>>     up because administrators think they need them. And once there,
>>     couldn't the intermediary still end up making both ends think they
>>     are active?
>>
>> Well, it could but then they wouldn't be able to negotiate DTLS.
>>
>
> Couldn't it negotiation independently on each side - becoming a true MITM.
>
> (I'm not advocating this as a good thing. But if it is possible, there
> will be someone who wants to do it, and somebody willing to sell them stuff
> to do it.)
>

Sure, but then you would need to also intermediate the SCTP.

I'm not following what you see as the problem here.

-Ekr

v2.23.0 | Report a Bug | By Email