Re: [rtcweb] Summary of ICE discussion
Bernard Aboba <bernard_aboba@hotmail.com> Tue, 04 October 2011 16:44 UTC
Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6001A21F8BEE for <rtcweb@ietfa.amsl.com>; Tue, 4 Oct 2011 09:44:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.196
X-Spam-Level:
X-Spam-Status: No, score=-101.196 tagged_above=-999 required=5 tests=[AWL=-0.752, BAYES_00=-2.599, FRT_BELOW2=2.154, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05m0-36cv8BC for <rtcweb@ietfa.amsl.com>; Tue, 4 Oct 2011 09:44:02 -0700 (PDT)
Received: from blu0-omc3-s4.blu0.hotmail.com (blu0-omc3-s4.blu0.hotmail.com [65.55.116.79]) by ietfa.amsl.com (Postfix) with ESMTP id 8C39421F8BF3 for <rtcweb@ietf.org>; Tue, 4 Oct 2011 09:44:02 -0700 (PDT)
Received: from BLU152-W23 ([65.55.116.74]) by blu0-omc3-s4.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 4 Oct 2011 09:47:08 -0700
Message-ID: <BLU152-W2342F5823933FA1F2B9F9C93FB0@phx.gbl>
Content-Type: multipart/alternative; boundary="_22edb0fd-c8a1-4564-9286-bee206ebf313_"
X-Originating-IP: [98.237.179.165]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Date: Tue, 04 Oct 2011 09:47:07 -0700
Importance: Normal
In-Reply-To: <BLU152-W139AA2913C1CFFDB50726193FB0@phx.gbl>
References: <4E8B192E.80809@ericsson.com>, , <CALiegfmnxO+BrfycOmL=hptBFdcEpsLeBn=zsJTX=ivKBBumWw@mail.gmail.com>, <BLU152-W139AA2913C1CFFDB50726193FB0@phx.gbl>
MIME-Version: 1.0
X-OriginalArrivalTime: 04 Oct 2011 16:47:08.0271 (UTC) FILETIME=[414627F0:01CC82B5]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Summary of ICE discussion
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2011 16:44:03 -0000
In particular, I'm concerned about vulnerabilities created by multiplexing audio and video on the same port. When that is done, the ICE procedure loses some of its DoS prevention properties. From: bernard_aboba@hotmail.com To: magnus.westerlund@ericsson.com Date: Tue, 4 Oct 2011 09:28:34 -0700 CC: rtcweb@ietf.org Subject: Re: [rtcweb] Summary of ICE discussion I think this is a good summary of where we are with respect to ICE, and since there are no good alternatives on the table, it seems reasonable to move on to the next step. IMHO, this would involve a more detailed analysis of the threats and what needs to be done to resolve them. In particular, the statement "STUN Connectivity Check MUST have succeeded" is necessary but not sufficient. We need to get into a discussion of the specific conditions under which media can be sent, and what attacks are still possible. For example, there exist public STUN servers on the Internet, and RTCWEB should not permit the browser to execute a DoS attack on these servers. Also, it would be desirable to prevent a browser from sending much more bandwidth than the receiver has consented to; however, because signaling is largely opaque to the browser, it is not obvious (at least to me) how to prevent this. > 2011/10/4 Magnus Westerlund <magnus.westerlund@ericsson.com>: > I have bellow tired to summarize the result of the ICE discussion. This > is intended as furthering this discussion and form a basis for going > forward in the consensus process. I do expect people that disagree with > my summary of the discussion to speak up. > > Major requirements > > - Need for data transmission consent for protocols using UDP as the > traffic receiver needs to consent to receiving the data > > - Perform NAT and FW traversal when ever needed > > - Support IPv4 to IPv6 transition > > Desired behavior: > > - Be interoperable with deployed legacy systems as SIP Trunk, PSTN > gateways, VoIP phones. > > WG chairs conclusion of discussion so far: > > - ICE is so far the only solution that provides the security goals and > have any legacy deployment. > > - ICE usage will require that STUN connectivity MUST have succeeded > prior to any data transmission to fulfill security goals. > > * The Browser will enforce this requirement to prevent being an attack > vector in all cases. > > - If anyone can find a solution that fulfill the security goals and have > improved legacy interoperability people would be interested in that > solution. So far RTCP has been discarded as insufficient. > > - Media Gateway can support a reduced functionality set from Full ICE _______________________________________________ rtcweb mailing list rtcweb@ietf.org https://www.ietf.org/mailman/listinfo/rtcweb
- Re: [rtcweb] Summary of ICE discussion Randell Jesup
- [rtcweb] Summary of ICE discussion Magnus Westerlund
- Re: [rtcweb] Summary of ICE discussion Iñaki Baz Castillo
- Re: [rtcweb] Summary of ICE discussion Randell Jesup
- Re: [rtcweb] Summary of ICE discussion Olle E. Johansson
- Re: [rtcweb] Summary of ICE discussion Eric Rescorla
- Re: [rtcweb] Summary of ICE discussion Cary Bran (cbran)
- Re: [rtcweb] Summary of ICE discussion Hadriel Kaplan
- Re: [rtcweb] Summary of ICE discussion Bernard Aboba
- Re: [rtcweb] Summary of ICE discussion Bernard Aboba
- Re: [rtcweb] Summary of ICE discussion Cullen Jennings
- Re: [rtcweb] Summary of ICE discussion Cullen Jennings
- Re: [rtcweb] Summary of ICE discussion Matthew Kaufman
- Re: [rtcweb] Summary of ICE discussion Matthew Kaufman
- Re: [rtcweb] Summary of ICE discussion Matthew Kaufman
- Re: [rtcweb] Summary of ICE discussion Bernard Aboba
- Re: [rtcweb] Summary of ICE discussion Matthew Kaufman
- Re: [rtcweb] Summary of ICE discussion Ravindran Parthasarathi
- Re: [rtcweb] Summary of ICE discussion Roman Shpount
- Re: [rtcweb] Summary of ICE discussion Magnus Westerlund
- Re: [rtcweb] Summary of ICE discussion Magnus Westerlund
- Re: [rtcweb] Summary of ICE discussion Harald Alvestrand
- Re: [rtcweb] Summary of ICE discussion Harald Alvestrand
- Re: [rtcweb] Summary of ICE discussion Jonathan Lennox
- Re: [rtcweb] Summary of ICE discussion Ravindran Parthasarathi
- Re: [rtcweb] Summary of ICE discussion Bernard Aboba
- Re: [rtcweb] Summary of ICE discussion Harald Alvestrand
- Re: [rtcweb] Summary of ICE discussion Cullen Jennings
- Re: [rtcweb] Summary of ICE discussion Paul Hoffman
- Re: [rtcweb] Summary of ICE discussion sebastien.cubaud
- Re: [rtcweb] Summary of ICE discussion Iñaki Baz Castillo
- [rtcweb] Sebastien Cubaud's non-ICE mechanism (Re… Harald Alvestrand
- Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism… sebastien.cubaud
- Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism… Eric Rescorla
- Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism… Iñaki Baz Castillo
- Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism… Randell Jesup
- Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism… Jonathan Rosenberg
- Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism… Randell Jesup
- Re: [rtcweb] Summary of ICE discussion sebastien.cubaud
- Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism… Iñaki Baz Castillo
- Re: [rtcweb] Summary of ICE discussion Iñaki Baz Castillo
- Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism… Tim Panton
- Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism… sebastien.cubaud
- Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism… Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism… sebastien.cubaud
- Re: [rtcweb] Summary of ICE discussion sebastien.cubaud