Re: [rtcweb] Summary of ICE discussion

Iñaki Baz Castillo <ibc@aliax.net> Tue, 11 October 2011 08:08 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E5C021F8CBC for <rtcweb@ietfa.amsl.com>; Tue, 11 Oct 2011 01:08:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.189
X-Spam-Level:
X-Spam-Status: No, score=-2.189 tagged_above=-999 required=5 tests=[AWL=-0.112, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_34=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ek1nbenHupEG for <rtcweb@ietfa.amsl.com>; Tue, 11 Oct 2011 01:08:20 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id D9D6221F8C64 for <rtcweb@ietf.org>; Tue, 11 Oct 2011 01:08:19 -0700 (PDT)
Received: by vws5 with SMTP id 5so6550290vws.31 for <rtcweb@ietf.org>; Tue, 11 Oct 2011 01:08:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.90.206 with SMTP id by14mr17176876vdb.18.1318320499314; Tue, 11 Oct 2011 01:08:19 -0700 (PDT)
Received: by 10.220.118.143 with HTTP; Tue, 11 Oct 2011 01:08:19 -0700 (PDT)
In-Reply-To: <E6AA070839B987489960B202AD80E18D01A178C3@ftrdmel0.rd.francetelecom.fr>
References: <4E8B192E.80809@ericsson.com> <E6AA070839B987489960B202AD80E18D019D9119@ftrdmel0.rd.francetelecom.fr> <CALiegf=Xy=vGB26euObgcsXdQPepnMEyqEwGLN+vBdneUP6aPw@mail.gmail.com> <E6AA070839B987489960B202AD80E18D01A178C3@ftrdmel0.rd.francetelecom.fr>
Date: Tue, 11 Oct 2011 10:08:19 +0200
Message-ID: <CALiegf=PNRifsZRd=o3esmhC3-cZnyQKVpUWykijfR36-i3KqA@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: sebastien.cubaud@orange.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Summary of ICE discussion
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2011 08:08:20 -0000

2011/10/11  <sebastien.cubaud@orange.com>:
>>ICE is clearly the best solution as it handles NAT, security (peer
>>verification) and allows IPv4/IPv6 transition.
>
> Of course, this solution doesn't mean to address NAT traversal issues, nor multihoming.
> ICE still remains the best candidate for such requirements and it is in no way my intent to
> question the use of ICE for RTC-Web compliant agents : my proposal's goal is only to permit
> the minimal interoperability costs with existing SIP endpoints whilst trying to address RTC-Web
> specific security challenges (i.e. media consent verification). Again, it doesn't preclude the
> use of ICE for media consent verification, should all endpoints support ICE.

Hi Sebastien,

As I've said in other mails, ICE and SRTP was designed for SIP. If SIP
vendors don't care about security (due to wallen gardens in which most
of SIP is deployed) neither IPv4/IPv6 migration (again due the same
reasons) that is their fault.

If SIP vendors just react when needed, this is a good time for that,
as the "market" will be Internet full of RTCweb capable web browsers
implementing ICE+SRTP (being safer that 99% of current SIP devices,
which is really sad).

It's time for implementing ICE+SRTP in SIP. Please don't give SIP
vendors another oportunity to avoid implementing that by offering them
some workaround for media verification.

-- 
Iñaki Baz Castillo
<ibc@aliax.net>