IETF Logo Mail Archive

Re: [rtcweb] I-D Action: draft-ietf-rtcweb-data-protocol-01.txt

Matt Fredrickson <creslin@digium.com> Tue, 29 October 2013 15:35 UTC

Return-Path: <creslin@digium.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68ADA11E82F5 for <rtcweb@ietfa.amsl.com>; Tue, 29 Oct 2013 08:35:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.376
X-Spam-Level:
X-Spam-Status: No, score=-2.376 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_13=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FG2afCkJJoJC for <rtcweb@ietfa.amsl.com>; Tue, 29 Oct 2013 08:35:38 -0700 (PDT)
Received: from mail-la0-f53.google.com (mail-la0-f53.google.com [209.85.215.53]) by ietfa.amsl.com (Postfix) with ESMTP id C2C9D11E82BA for <rtcweb@ietf.org>; Tue, 29 Oct 2013 08:35:37 -0700 (PDT)
Received: by mail-la0-f53.google.com with SMTP id eo20so9130lab.40 for <rtcweb@ietf.org>; Tue, 29 Oct 2013 08:35:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=1gCYLCxVDQwGxwJjt9oSL1B0bJABwlWtr/5dnVCcQtk=; b=B2PxTQO0r6uqk1J9bUIW85HT1idEEkt/ExnQUHIJIrW8ZCFI4ARveEMJxNFPriNQgH /TmI3hYr1By/OTP8bwvsbTMLsD0a3mak/d8toz1fjT+axG52MZibXQEDr51p+ub1vNHQ X9HD/easWVK9pUwb7hDTU9Ys05V6ZJGK0odEQm1/QasCuhhf3UG9B/QM8IzEGP6lEkhQ CbfX7zgUPLYIpLRIhRGigyhY/c2vOjY355fDCY1yA1XO1KIWm08QIc8se5By6fBct77+ ENyZ8EHwA0FGiFl1P3B/PwnzUNKYeA3E0/IriKrx2JPtsVYmSGuS4ywYkTS36iFh7ZqX 7KQw==
X-Gm-Message-State: ALoCoQk6FoXssGb5kLTy8gR6QkOx+rV2z4tqAtrCtMojSsuSX3T2lX2CYiVl0vsyrg1PcksaDhRP
MIME-Version: 1.0
X-Received: by 10.152.9.36 with SMTP id w4mr127289laa.34.1383060936704; Tue, 29 Oct 2013 08:35:36 -0700 (PDT)
Received: by 10.112.132.102 with HTTP; Tue, 29 Oct 2013 08:35:36 -0700 (PDT)
In-Reply-To: <526FD2D8.7000709@alum.mit.edu>
References: <20131021191343.32574.60876.idtracker@ietfa.amsl.com> <03FBA798AC24E3498B74F47FD082A92F3D86C821@US70UWXCHMBA04.zam.alcatel-lucent.com> <A87B4291-FA11-43BB-B8F0-55C59CF63421@lurchi.franken.de> <CAOJ7v-20YkvazNLqmbjQcOkhaedd+MKm8d6x2oeL46imvuLrzA@mail.gmail.com> <03FBA798AC24E3498B74F47FD082A92F3D86C8DB@US70UWXCHMBA04.zam.alcatel-lucent.com> <120FE29C-150E-47BF-951C-B8124EB7A262@lurchi.franken.de> <03FBA798AC24E3498B74F47FD082A92F3D86C9A2@US70UWXCHMBA04.zam.alcatel-lucent.com> <5269F3B5.2020308@alvestrand.no> <03FBA798AC24E3498B74F47FD082A92F3D86CD4C@US70UWXCHMBA04.zam.alcatel-lucent.com> <526C4297.2000006@alum.mit.edu> <526CE0BE.90606@jesup.org> <526FD2D8.7000709@alum.mit.edu>
Date: Tue, 29 Oct 2013 10:35:36 -0500
Message-ID: <CAHZ_z=yc5=mQMG3QZP=KtpDF0AxYAtiBYDRkCj0b9hbbe8EKag@mail.gmail.com>
From: Matt Fredrickson <creslin@digium.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
Content-Type: multipart/alternative; boundary="089e0158b7e8d5d53304e9e2f757"
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-data-protocol-01.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Oct 2013 15:35:43 -0000

On Tue, Oct 29, 2013 at 10:23 AM, Paul Kyzivat <pkyzivat@alum.mit.edu>wrote:

> On 10/27/13 5:45 AM, Randell Jesup wrote:
>
>> On 10/26/2013 6:30 PM, Paul Kyzivat wrote:
>>
>
>  My proposal has three elements, which together can guarantee that
>>>> there are no stream id allocation conflicts between peers:
>>>>     1. The browser and application select stream ids based on initial
>>>> SDP offerer/answerer role rather than DTLS role (e.g., initial
>>>> offerer uses even ids, initial answerer uses odd ids). With this
>>>> rule, the offering application knows its role immediately without
>>>> waiting for the DTLS or SDP handshake to occur.
>>>>
>>>
>>> A similar issue has come up in the discussion of partial
>>> offers/answers. (Regarding how to assign a=mid values.) And a similar
>>> solution was proposed.
>>>
>>> It was then rejected on the basis that sometimes both "ends" think
>>> they are offerers or answerers. This comes about as a result of
>>> signaling-only B2BUAs that play games with O/A on two legs.
>>>
>>
>> Exactly why we went with DTLS roles.
>>
>
> I'm not sure this eliminates the problem.
>
> Is it not possible for an intermediary on the signaling path to insert
> itself in the media path, manipulating the SDP such that the two ends both
> establish the DTLS with the intermediary?


Correct me if I'm wrong, but I thought that the SDP itself was supposed to
be signed and able to be validated (perhaps using the identity mechanism),
to explicitly catch nefarious man in the middle type scenarios such as this.

Matthew Fredrickson

v2.23.0 | Report a Bug | By Email