Re: [rtcweb] ICE and security

"Dan Wing" <> Mon, 19 September 2011 20:31 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A93C821F8CFE for <>; Mon, 19 Sep 2011 13:31:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -103.458
X-Spam-Status: No, score=-103.458 tagged_above=-999 required=5 tests=[AWL=-0.859, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id FhCyFUtzC80i for <>; Mon, 19 Sep 2011 13:31:05 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id E464A21F8CBD for <>; Mon, 19 Sep 2011 13:31:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=1675; q=dns/txt; s=iport; t=1316464410; x=1317674010; h=from:to:cc:references:in-reply-to:subject:date: message-id:mime-version:content-transfer-encoding; bh=LGH7EFyqM/PaMmASF7d3g6iM7T0iYD+ucNt39Go1fJo=; b=b1EzxFRNqYA++Z/8aJcaHs10TrVAccHOtwNv1oe17FDHPPuxj8Cuez/b eueseNxvNwmMqT8uQOp1I081nLD62z2/OBOrhFpp7d0LnKCQBHX90DwKr lQs35V8D5BGdFQvGi5R9LuMQ90yxjuP44aY9PCFU6gwze0oGFApePa6fY M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAB+md06rRDoH/2dsb2JhbABCmkOMfHeBUwEBAQECAQgKARcQPwUIAwIJDgE3GSMbAgQBHReHVZcDAZ4rhngEh2+dJw
X-IronPort-AV: E=Sophos;i="4.68,407,1312156800"; d="scan'208";a="3044481"
Received: from ([]) by with ESMTP; 19 Sep 2011 20:33:29 +0000
Received: from dwingWS ([]) by (8.14.3/8.14.3) with ESMTP id p8JKXTCY007870; Mon, 19 Sep 2011 20:33:29 GMT
From: "Dan Wing" <>
To: "'Hadriel Kaplan'" <>, "'Olle E. Johansson'" <>
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Date: Mon, 19 Sep 2011 13:33:29 -0700
Message-ID: <0e7701cc770b$6459bcd0$2d0d3670$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AQHMdV8HZnV0C/itdk+1WJWhe7py/pVVKrlg
Content-Language: en-us
Subject: Re: [rtcweb] ICE and security
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 19 Sep 2011 20:31:06 -0000

> So basically we're stuck with requiring ICE be used for every
> media/data session, and thus not being able to interop directly with
> devices which don't do ICE (which is most of the SIP world right now).

To work, they "just" need to do ICE-Lite.  ICE-Lite is the ability to 
respond to ICE's media path STUN messages.  ICE-Lite does not require a 
STUN server, does not require a TURN server, and does not require 
gathering IP addresses that everyone finds (oddly) difficult.

Those that don't do ICE-Lite can be front-ended with an SBC that does
ICE-Lite for them.

> One open question is if javascript will even be allowed to open a media
> channel to a peer without human/user consent. 

I'll bet a beer it'll happen without human consent, yes.

> I thought we were
> requiring per-site consent.  I guess a malicious site could still offer
> legitimate media usage, and thus get user's consent, and then sometime
> in the future the same website could turn evil; or it could offer
> seemingly legitimate service that works, while in javascript creating a
> forked stream that is the one attacking someone else.
> I wonder though if even requiring ICE is sufficient.  If I'm a
> malicious javascript, I could add enough ICE candidates against a
> target that it would be the same as an RTP stream in aggregate (I
> believe ICE's throttling limit was in fact approximately the rate of
> RTP by design, if I recall correctly).

Yep, if you 0wn enough hosts, just their "can I send you a flood of
media packets" requests could, itself, be a flood of traffic.

Let's talk about DNSSEC responses being a source of attack.