Re: [rtcweb] Let's define the purpose of WebRTC

Roman Shpount <roman@telurix.com> Sat, 05 November 2011 13:54 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 490A621F8801 for <rtcweb@ietfa.amsl.com>; Sat, 5 Nov 2011 06:54:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.46
X-Spam-Level:
X-Spam-Status: No, score=-2.46 tagged_above=-999 required=5 tests=[AWL=-0.384, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_43=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dP+IzKh+YaKQ for <rtcweb@ietfa.amsl.com>; Sat, 5 Nov 2011 06:54:47 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id AD34321F87E2 for <rtcweb@ietf.org>; Sat, 5 Nov 2011 06:54:47 -0700 (PDT)
Received: by gye5 with SMTP id 5so4065049gye.31 for <rtcweb@ietf.org>; Sat, 05 Nov 2011 06:54:47 -0700 (PDT)
Received: by 10.50.85.129 with SMTP id h1mr22094860igz.47.1320501287125; Sat, 05 Nov 2011 06:54:47 -0700 (PDT)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by mx.google.com with ESMTPS id a2sm2175074igj.7.2011.11.05.06.54.45 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 05 Nov 2011 06:54:45 -0700 (PDT)
Received: by iaeo4 with SMTP id o4so4852782iae.31 for <rtcweb@ietf.org>; Sat, 05 Nov 2011 06:54:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.42.153.6 with SMTP id k6mr25586102icw.30.1320501284848; Sat, 05 Nov 2011 06:54:44 -0700 (PDT)
Received: by 10.68.62.170 with HTTP; Sat, 5 Nov 2011 06:54:44 -0700 (PDT)
In-Reply-To: <CALiegfkVNVAs_MyU_-4koA4zRwSn1-FwLjY9g_oZVkhi9rSK5Q@mail.gmail.com>
References: <CALiegfkVNVAs_MyU_-4koA4zRwSn1-FwLjY9g_oZVkhi9rSK5Q@mail.gmail.com>
Date: Sat, 5 Nov 2011 09:54:44 -0400
Message-ID: <CAD5OKxt=k_Mon_GMs1w-bGMgpk12h6ZQ=FkoRVsTp4271iMSLA@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: =?ISO-8859-1?Q?I=F1aki_Baz_Castillo?= <ibc@aliax.net>
Content-Type: multipart/alternative; boundary=90e6ba6e902602425c04b0fd2ae0
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Let's define the purpose of WebRTC
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Nov 2011 13:54:48 -0000

On Sat, Nov 5, 2011 at 9:35 AM, Iñaki Baz Castillo <ibc@aliax.net> wrote:

>
> - What does require "interoperability with SIP"? does it mean that
> WebRTC should allow plain RTP and no ICE? This has been discussed many
> times in this WG: Security in the media plane MUST NOT be optional, it
> MUST be a MUST. So sorry, but a legacy SIP device not implementing
> SRTP+ICE cannot interoperate with a WebRTC endoint. Period.
>

I disagree very strongly in regard to security. This is insane to require
features just for the sake of requiring them.This is not about
interoperability. It is about the fact that 99% of users will never need or
care about SRTP. They do not now for most of the web traffic. This is also
about the fact that developers will not be able to debug or troubleshoot
anything. If you get a quality problem, it would be next to impossible to
figure out what's causing it with everything encrypted. Even now, for
development, HTTPS only services allow HTTP. There are no debug tools for
the media plane except wireshark. And we are effectively taking it away.
So, why are we making this a requirement? It should not be any different
then HTTPS vs HTTP. I think it should be DTLS-SRTP with optional RTP. The
fact that RTP is allowed should be a part of the same user consent dialog
that is displayed when access to local media is allowed. If user agrees,
there is no harm to anybody, except the user.
_____________
Roman Shpount