Re: [rtcweb] A plea for simplicity, marketability - and... who are we designing RTCWEB for?

Bernard Aboba <bernard_aboba@hotmail.com> Thu, 20 October 2011 16:18 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F034621F8C96 for <rtcweb@ietfa.amsl.com>; Thu, 20 Oct 2011 09:18:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.196
X-Spam-Level:
X-Spam-Status: No, score=-102.196 tagged_above=-999 required=5 tests=[AWL=0.402, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gfiTJWIei6Q8 for <rtcweb@ietfa.amsl.com>; Thu, 20 Oct 2011 09:18:51 -0700 (PDT)
Received: from blu0-omc2-s33.blu0.hotmail.com (blu0-omc2-s33.blu0.hotmail.com [65.55.111.108]) by ietfa.amsl.com (Postfix) with ESMTP id 84FDA21F8C69 for <rtcweb@ietf.org>; Thu, 20 Oct 2011 09:18:51 -0700 (PDT)
Received: from BLU152-W19 ([65.55.111.73]) by blu0-omc2-s33.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 20 Oct 2011 09:18:51 -0700
Message-ID: <BLU152-W193B71A526BF586301C55B93EB0@phx.gbl>
Content-Type: multipart/alternative; boundary="_7db1a15e-2022-4fd7-bd42-308b78186637_"
X-Originating-IP: [24.17.217.162]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: <ekr@rtfm.com>
Date: Thu, 20 Oct 2011 09:18:50 -0700
Importance: Normal
In-Reply-To: <CABcZeBNbSk-4kfzNtXUSnFMhkcockTXudAYzEET30a0v+-kxBA@mail.gmail.com>
References: <9C8CA816-65FB-41A0-999C-4C43128CAAB4@danyork.org>, <BLU152-W43CB8DACCEA54AA5558B2493EA0@phx.gbl> <E857C96A-0E73-486F-BF23-36BA897B449C@cisco.com>, <BLU152-W19B31DA6C6DB2FE60FC51C93EB0@phx.gbl>, <CABcZeBNbSk-4kfzNtXUSnFMhkcockTXudAYzEET30a0v+-kxBA@mail.gmail.com>
MIME-Version: 1.0
X-OriginalArrivalTime: 20 Oct 2011 16:18:51.0215 (UTC) FILETIME=[F45BF5F0:01CC8F43]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] A plea for simplicity, marketability - and... who are we designing RTCWEB for?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 16:18:53 -0000


> 1. Alice and Bob are on the same site (e.g., PokerStars) and are
> calling each other via P2P media,
> 2. Alice and Bob are on the same site and are calling each other
> via media over WS.
> 
> In the first case, I don't see why this would allow us to relax any of
> the security requirements. As long as Alice and Bob are sending media to each other, we still
> cannot trust the site to adequately verify consent, so we clearly need
> ICE. As for the need for E2E security, this seems equally important regardless of whether
> Alice and Bob share the same site.

[BA] I agree.  Where there is P2P media,  ICE is required.
 
> In the second case, I agree that you don't need to verify consent because it's
> implicit in the WS protocol. (I'm leaving aside the question of whether using WS
> this way is advisable), but the need for E2E security seems equal if
> not greater, since in this case the site would have direct access to the media.

[BA] Yes, that was my point.