Re: [rtcweb] Let's define the purpose of WebRTC

"Olle E. Johansson" <> Sun, 06 November 2011 17:42 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A914021F8591 for <>; Sun, 6 Nov 2011 09:42:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.249
X-Spam-Status: No, score=-2.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id vPF17-V3sLEp for <>; Sun, 6 Nov 2011 09:42:45 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 2B28121F853A for <>; Sun, 6 Nov 2011 09:42:45 -0800 (PST)
Received: from [IPv6:2001:470:1f15:d79:2564:6d40:a6ee:55e6] (unknown [IPv6:2001:470:1f15:d79:2564:6d40:a6ee:55e6]) by (Postfix) with ESMTPA id 7B267754BCD5; Sun, 6 Nov 2011 17:42:41 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=iso-8859-1
From: "Olle E. Johansson" <>
In-Reply-To: <>
Date: Sun, 6 Nov 2011 18:42:40 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <>, <> <>
To: Christer Holmberg <>
X-Mailer: Apple Mail (2.1251.1)
Cc: "<>" <>
Subject: Re: [rtcweb] Let's define the purpose of WebRTC
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 06 Nov 2011 17:42:45 -0000

6 nov 2011 kl. 14:05 skrev Christer Holmberg:

> Hi,
> I totally agree with Hadriel's statement :)
> ...but I still care about security. However, for me the biggest issue is not whether *usage* of SRTP is mandated or not, but that I am able to use it with SDES. Yes, because of legacy interoperability :)
Personally, I don't care much about interoperability with a broken security model, like SDES. I still think, like I voiced before,
that we should have no option to disable SRTP. Game developers will not be hurt by it, I think you are wrong there Hadriel.
It's time to move forward and agree that security by default is a much better solution for all the use cases. I have a hard time
finding a use case where security by default, mandated by our specs, will actually hurt more than interoperability with
old SIP phones. 

The SIP market teaches me that customers will not require security. If Skype had asked customers, they would have ended
up on tabloids with headlines about neighbours listening to my calls - because customers would have said 
"Oh no, I have no secrets to hide". And that's where we will end up too, unless we take a position.

Users won't ask for security. Web hackers won't ask for security. But they will all need it and trust us to fix it.