[rtcweb] Another reason not to use SDP (was: Draft agenda for IETF 87)

Martin Thomson <martin.thomson@gmail.com> Fri, 12 July 2013 17:41 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58F4021F9928 for <rtcweb@ietfa.amsl.com>; Fri, 12 Jul 2013 10:41:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.328
X-Spam-Level:
X-Spam-Status: No, score=-2.328 tagged_above=-999 required=5 tests=[AWL=0.272, BAYES_00=-2.599, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2RJ-mdNLF-tx for <rtcweb@ietfa.amsl.com>; Fri, 12 Jul 2013 10:41:44 -0700 (PDT)
Received: from mail-we0-x22c.google.com (mail-we0-x22c.google.com [IPv6:2a00:1450:400c:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 07DFD21F9A38 for <rtcweb@ietf.org>; Fri, 12 Jul 2013 10:41:17 -0700 (PDT)
Received: by mail-we0-f172.google.com with SMTP id q56so8437391wes.31 for <rtcweb@ietf.org>; Fri, 12 Jul 2013 10:41:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=T//EXiGfXfaPZh46cuEkVJlN3UqhjRAxPeKjEmSuGUc=; b=qlNAAe5+8kni6OMYkEsm3mEBX8UR1XCna8ci/M1g/EiGBjKYjYWQ4cKOSmaneYQqNg SxfnHLvgc6Sbbft6Y2eaIdIbojAQNmDAV9033qhNIeS8ZEah7I3FDFX1IHZSIa+S7dd3 4ePXTY9H/QSutZq4kVjsg30LslvorZltYYJ8IknMSS3al74DClBmX4k1Pd/1F3lVUqPh HaVQvnZwVGSWLQ6R3XUHwVHT+rQolxnb+rfG+mL66Z9PcLbQYncGSK9qf/Mzl5D7OEWk rritDujHPU9vQhyjPHdBbrJ1ANgs9xyCbXbMB8+JBlMLByLtqaUECFnoMQXY2d0p/4We cxeQ==
MIME-Version: 1.0
X-Received: by 10.180.73.68 with SMTP id j4mr2331325wiv.10.1373650877184; Fri, 12 Jul 2013 10:41:17 -0700 (PDT)
Received: by 10.194.60.46 with HTTP; Fri, 12 Jul 2013 10:41:17 -0700 (PDT)
Date: Fri, 12 Jul 2013 10:41:17 -0700
Message-ID: <CABkgnnWxOCcPH15c9mCGw93LkLJqgWi4J63m=2aDxDYY_wsVVw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Peter Thatcher <pthatcher@google.com>
Content-Type: text/plain; charset=UTF-8
Cc: "Cullen Jennings \(fluffy\)" <fluffy@cisco.com>, "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: [rtcweb] Another reason not to use SDP (was: Draft agenda for IETF 87)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2013 17:41:45 -0000

On 12 July 2013 10:19, Peter Thatcher <pthatcher@google.com> wrote:
> I think advanced JS apps are going to use every control knob they can get
> to, whether it's anticipated and well-supported or not.    I think there's a
> good chance that a a popular WebRTC web app will use some SDP mangling that
> wasn't anticipated, but happened to work, but then the browser can't remove
> it because it will break certain websites.  It could get even worse if
> someone writes a popular WebRTC wrapper library that uses tricky SDP
> mangling that is then used by lots of websites.  Certain SDP mangling
> techniques might end up becoming a defacto standard API that can't be
> removed, even if it was originally a bug.  Or worse, one browser will have
> to implement the SDP mangling or even the bugs of another, because WebRTC
> apps have come to rely on them.
>
> In fact, it's already the case that Chrome and Firefox support far different
> SDP manglings.  I don't think any web apps rely on that yet, but it's only a
> matter of time before someone figures out "hey, if I mangle the SDP on this
> browser this way and on that browser that way, I can do things I couldn't do
> otherwise".  Or worse, an advanced web app developer says "hey, I can make
> this work well on browser X via SDP mangling, but not on browser Y, so I'll
> put a 'best used with Browser X' icon on my website". Then that someone
> writes an abstraction on top of that, and then maybe shares that with
> others, and it goes from there.
>
> I think we're in a race with web developers to see if they'll figure out SDP
> mangling before we provide a way to avoid SDP mangling.   Who do you think
> moves faster?

This is one of the arguments we've made against the use of SDP.  There
is a remedy for this (aside from comment 22 ;), but it's a fair amount
of work:

 - provide very explicit and detailed instructions on what SDP to
produce under all starting conditions, and

 - provide very explicit and detailed instructions on what to do with
every single bit of SDP that is provided.

That is what I believe to be necessary if this API is to have any hope
of real success.

Unfortunately, when I sat down to do this, I barely made it to t=
sections.  I simply cannot justify spending the time required for that
sort of chore.