Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)

Eric Rescorla <ekr@rtfm.com> Tue, 27 September 2011 22:52 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1719921F8DA8 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 15:52:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.901
X-Spam-Level:
X-Spam-Status: No, score=-102.901 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xu8j206ah66o for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 15:52:10 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 0D64921F8DA7 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 15:52:09 -0700 (PDT)
Received: by wwf22 with SMTP id 22so5355709wwf.13 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 15:54:56 -0700 (PDT)
Received: by 10.227.11.212 with SMTP id u20mr8122030wbu.106.1317164096067; Tue, 27 Sep 2011 15:54:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.196.83 with HTTP; Tue, 27 Sep 2011 15:54:16 -0700 (PDT)
In-Reply-To: <CAD5OKxsVE+LwKEcpe+hf+=i87Ucga0_VpkUGJkH5=HixV5Xkmw@mail.gmail.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <2E239D6FCD033C4BAF15F386A979BF510F1087@sonusinmail02.sonusnet.com> <BLU152-W62B7F2AC3F0D5B6E277CB993F00@phx.gbl> <CAD5OKxt=P3jg9N0weFUZLvUYQxyeXa+9YMtpc8wn7osuPQmTpg@mail.gmail.com> <CAD5OKxtVCgiFV_iAYd1w0uZZcS5+gsixOHJ0jGN=0CMdq++kdg@mail.gmail.com> <CAOJ7v-3PrnNyesL+x-mto9Q9djjiJ13QZHXCiGfY1mv3nubrqQ@mail.gmail.com> <CAD5OKxsKTHCuBQdUnGQtGfF7NmZZExLe9Q9B9cNR=483neuHPQ@mail.gmail.com> <CAOJ7v-1rzdmviAnGknVZmrU_TDNoC3NmWd1g6iyx0WzZ4xB3Pw@mail.gmail.com> <4E820825.9090101@skype.net> <CAD5OKxvmKi3Py0gNcTdREdfS07hA-=f6L+u8KKVgSWztMft9kQ@mail.gmail.com> <CALiegfmL4VSRE+kgs5kXzQc3mCHnKpU-EAbVPKO4QNEYLKje=A@mail.gmail.com> <4E821E47.4080205@alvestrand.no> <CALiegfndBhod6Hoq6h63795x8f=ew28rDys=Fx8ScwVpVJwp1Q@mail.gmail.com> <CABcZeBOoF6MNSpATG2+_e99iRq7Jf9OoWWNCa=qRGW_v+maoHA@mail.gmail.com> <CAD5OKxubnxLAqybCgnBXpKR9S0rBEsoDg9enCaverjVWYad7Ew@mail.gmail.com> <CABcZeBPoQSM=L0-Er3j-ak2M6YfCbJkThbYuR_+=xUmcsxQz9Q@mail.gmail.com> <CAD5OKxsVE+LwKEcpe+hf+=i87Ucga0_VpkUGJkH5=HixV5Xkmw@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 27 Sep 2011 15:54:16 -0700
Message-ID: <CABcZeBM+FD5y7WenD=d_7jM1Fu+OrFyFgtsd1iGMpGfMe_gOKQ@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
Content-Type: multipart/alternative; boundary=002618876a160e98e204adf42aa4
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 22:52:11 -0000

On Tue, Sep 27, 2011 at 3:50 PM, Roman Shpount <roman@telurix.com> wrote:

>
> On Tue, Sep 27, 2011 at 6:33 PM, Eric Rescorla <ekr@rtfm.com> wrote:
>
>>
>> It's really a mistake to conflate ICE and SRTP here. If the user opets not
>> to use SRTP,
>> he's primarily hurting himself. If he opts not to use ICE, he's
>> potentially allowing his
>> browser to be used as an attack platform. These are not the same thing.
>>
>>
> We are not disabling SRTP and ICE. We stop requiring them for the call and
> allow to process offers and answers without ICE or SAVP. Offer generated by
> RTC should still include "crypto" attributes and ICE candidates. But offers
> and answers without "crypto" and ICE candidates should be processed for an
> application distributed by this site. We can separate those two settings but
> this is primarily the function of use trusting the site vs. not trusting it.
>
>

I'm sorry, but I think you're still missing the point: requiring ICE *is*
the security
feature.



> As for what's convenient for developers... I'm a developer, and while it
>> might be useful
>> to allow a setting to disable ICE and/or SRTP, that doesn't mean I need to
>> expose that
>> setting to the user. I really don't understand the virtue of a
>> user-visible setting to
>> disable the ICE requirement.
>>
>> -Ekr
>>
>>
>
> Same reason we allow to add exception for an invalid SSL certificate. This
> will allow us to work with end points that are currently available vs just
> other RTC clients.
>
> BTW, mechanism similar to SSL certificate exceptions is probably the best
> way to implement this. First time an application from a web site gets an
> answer without ICE or SRTP, we can show the dialog box and ask user if this
> application should be stopped, allowed for current session or allowed
> always.
>

The problem is that users inevitably click through such dialogs and when
they do their
browsers become an attack platform. That's why this isn't comparable.

-Ekr