Re: [rtcweb] Let's define the purpose of WebRTC

Harald Alvestrand <harald@alvestrand.no> Wed, 09 November 2011 07:02 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB76D21F84CD for <rtcweb@ietfa.amsl.com>; Tue, 8 Nov 2011 23:02:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KRYuGeAq67wg for <rtcweb@ietfa.amsl.com>; Tue, 8 Nov 2011 23:02:17 -0800 (PST)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id 53CF421F84A6 for <rtcweb@ietf.org>; Tue, 8 Nov 2011 23:02:16 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id D869239E123 for <rtcweb@ietf.org>; Wed, 9 Nov 2011 08:02:12 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zPl1Xpicn5-v for <rtcweb@ietf.org>; Wed, 9 Nov 2011 08:02:12 +0100 (CET)
Received: from [192.168.0.14] (c213-89-141-213.bredband.comhem.se [213.89.141.213]) by eikenes.alvestrand.no (Postfix) with ESMTPS id 1C12339E04C for <rtcweb@ietf.org>; Wed, 9 Nov 2011 08:02:12 +0100 (CET)
Message-ID: <4EBA2573.1000104@alvestrand.no>
Date: Wed, 09 Nov 2011 08:02:11 +0100
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <CALiegfkVNVAs_MyU_-4koA4zRwSn1-FwLjY9g_oZVkhi9rSK5Q@mail.gmail.com><8A61D801-D14D-408B-9875-63C37D0CC166@acmepacket.com><CABw3bnPE=OY_h5bM7GA6wgrXiOBL8P4J0kw1jLv-GSpHAbg=Cg@mail.gmail.com><CABcZeBNqdkh8u=gwOvKfDCQA7rXdAyQkfaM1r2Sx10787btP6A@mail.gmail.com><B10FEFF6-0ADC-4DB1-83BB-50A11C65EC35@acmepacket.com><CABcZeBNSXtim_VqzqAd8Z-u4zWSjaYmsVZPN=7sDYkJsgtRAHA@mail.gmail.com><4EB7E6A5.70209@alvestrand.no><F8003BA9-BCD8-4F02-B514-8B883FF90F91@acmepacket.com><387F9047F55E8C42850AD6B3A7A03C6C01349D81@inba-mail01.sonusnet.com><845C03B2-1975-4145-8F52-8CEC9E360AF3@edvina.net><5454E693-5C34-4C77-BA07-2A9EE9EE4AFD@cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C01349FFE@inba-mail01.sonusnet.com> <1D062974A4845E4D8A343C653804920206D3B7FD@XMB-BGL-414.cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C0134A105@inba-mail01.sonusnet.com> <1F2A2C70609D9E41844A2126145FC09804691DA2@HKGMBOXPRD22.polycom.com>
In-Reply-To: <1F2A2C70609D9E41844A2126145FC09804691DA2@HKGMBOXPRD22.polycom.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [rtcweb] Let's define the purpose of WebRTC
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 07:02:18 -0000

On 11/09/2011 07:33 AM, Avasarala, Ranjit wrote:
> Hi Partha
>
> I feel including all kinds of security mechanisms like SRTP, TLS, etc in browser would make the browser very bulky. It would be better to provide a mechanism in the signaling protocol that browser supports to negotiate the desired security mechanism (depending on application requirement) and then use that mechanism (which is part of the system).
>
The bulk of the browser is not reduced by a single byte by not using 
crypto functions that are present.

Not having crypto functions available would contravene the "MUST 
implement SRTP" mandate.
(btw, the code bulk of SRTP is minuscule compared to stuff like CSS3).

             Harald