IETF Logo Mail Archive

Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)

Matthew Kaufman <matthew.kaufman@skype.net> Wed, 28 September 2011 01:33 UTC

Return-Path: <matthew.kaufman@skype.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B900021F8DDF for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 18:33:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.523
X-Spam-Level:
X-Spam-Status: No, score=-5.523 tagged_above=-999 required=5 tests=[AWL=1.075, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FfFLtw5KTv57 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 18:33:05 -0700 (PDT)
Received: from mx.skype.net (mx.skype.net [78.141.177.88]) by ietfa.amsl.com (Postfix) with ESMTP id B88FD21F8DDB for <rtcweb@ietf.org>; Tue, 27 Sep 2011 18:33:00 -0700 (PDT)
Received: from mx.skype.net (localhost [127.0.0.1]) by mx.skype.net (Postfix) with ESMTP id EDA9016FC; Wed, 28 Sep 2011 03:35:45 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=skype.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to: content-type; s=mx; bh=U+0Unp9++oJLvI6gG0z1DHnZJYI=; b=iJC3aDSxr bfj7SUK/DvMrhc3MHiKk778qg/AdSrXEngumFECI3taictFyCGVVo5T1N8y6x3o3 16BOg9F3FmUywSqKT8Ppk878Tb1W4CCgZRv6Sy2wnH93pw90ndJ0OXdm8kP0FMd+ zMzEXbpBZgJ+KlyxG919IW1OfpkaqU87v8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=skype.net; h=message-id:date:from :mime-version:to:cc:subject:references:in-reply-to:content-type; q=dns; s=mx; b=jPbTqZLGf1iwSBXLM5Ny2Wxi903a6FlXWGA+hhRMq8d1wA/p xj/JbO1Z5PQhkRwy+AAeocdK93yExoHAdQI6xmW3RH1WBFUQr+LFQINwV5ZtalGW U4kPC0Mc0N2/YPH8wZAHvu2dzcQPROnxqwy+a7u+bH4/qktN1Td+qwH6VPc=
Received: from zimbra.skype.net (zimbra.skype.net [78.141.177.82]) by mx.skype.net (Postfix) with ESMTP id EBDED7F8; Wed, 28 Sep 2011 03:35:45 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zimbra.skype.net (Postfix) with ESMTP id C9BD13506E25; Wed, 28 Sep 2011 03:35:45 +0200 (CEST)
X-Virus-Scanned: amavisd-new at lu2-zimbra.skype.net
Received: from zimbra.skype.net ([127.0.0.1]) by localhost (zimbra.skype.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EKVLSBLeav14; Wed, 28 Sep 2011 03:35:44 +0200 (CEST)
Received: from [10.10.155.2] (unknown [198.202.199.254]) by zimbra.skype.net (Postfix) with ESMTPSA id 7BDD33506DEA; Wed, 28 Sep 2011 03:35:43 +0200 (CEST)
Message-ID: <4E8279AD.6030409@skype.net>
Date: Tue, 27 Sep 2011 18:34:37 -0700
From: Matthew Kaufman <matthew.kaufman@skype.net>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: Roman Shpount <roman@telurix.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAOJ7v-1rzdmviAnGknVZmrU_TDNoC3NmWd1g6iyx0WzZ4xB3Pw@mail.gmail.com> <4E820825.9090101@skype.net> <CAD5OKxvmKi3Py0gNcTdREdfS07hA-=f6L+u8KKVgSWztMft9kQ@mail.gmail.com> <CALiegfmL4VSRE+kgs5kXzQc3mCHnKpU-EAbVPKO4QNEYLKje=A@mail.gmail.com> <4E821E47.4080205@alvestrand.no> <CALiegfndBhod6Hoq6h63795x8f=ew28rDys=Fx8ScwVpVJwp1Q@mail.gmail.com> <CABcZeBOoF6MNSpATG2+_e99iRq7Jf9OoWWNCa=qRGW_v+maoHA@mail.gmail.com> <CAD5OKxubnxLAqybCgnBXpKR9S0rBEsoDg9enCaverjVWYad7Ew@mail.gmail.com> <CABcZeBPoQSM=L0-Er3j-ak2M6YfCbJkThbYuR_+=xUmcsxQz9Q@mail.gmail.com> <CAD5OKxsVE+LwKEcpe+hf+=i87Ucga0_VpkUGJkH5=HixV5Xkmw@mail.gmail.com> <CABcZeBM+FD5y7WenD=d_7jM1Fu+OrFyFgtsd1iGMpGfMe_gOKQ@mail.gmail.com> <CAD5OKxte2DYbgtFpF2jQGq_thYCyb1Li2ih5J6gpzamhJvRyTA@mail.gmail.com> <4E82678E.6060304@skype.net> <CAD5OKxv2UjmCmdDGo2ECbFr3b0-WUnUWhpdDreQYqP9yJUKR=A@mail.gmail.com>
In-Reply-To: <CAD5OKxv2UjmCmdDGo2ECbFr3b0-WUnUWhpdDreQYqP9yJUKR=A@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------060403020406030300070603"
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2011 01:33:06 -0000

On 9/27/2011 5:39 PM, Roman Shpount wrote:
>
> On Tue, Sep 27, 2011 at 8:17 PM, Matthew Kaufman 
> <matthew.kaufman@skype.net <mailto:matthew.kaufman@skype.net>> wrote:
>
>     No. This is not a correct description of the problem.
>
>     ICE isn't about "trusting the site to not do something malicious
>     with your media". ICE is about "trusting your browser to not
>     attack other devices on your local network or the Internet".
>
>     The browser must, without asking the user, be able to prove that
>     the far end wishes to receive a stream of media. The standard we
>     have available for that is a STUN connectivity check with
>     short-term credentials, using a transaction ID that can neither be
>     set from Javascript nor inspected from Javascript (to prevent
>     spoofing of the reply). This is basically how ICE tests connectivity.
>
>     Note that the consent must use the same protocol and port you will
>     be sending media on. So for RTP or SRTP over UDP, the consent
>     request must be sent and received over that same UDP port.
>
>     Matthew Kaufman
>
>
> You just repeated the same thing that I said, just a bit more clearly.

If you say so.

>
> I guess we are making a conscientious not to be able to communicate 
> with any of the existing VoIP infrastructure including IP phones and 
> SIP trunking providers and expect them to implement ICE support.

Unfortunately that appears to be necessary.

> Until this happens RTC end points will have to rely on some sort of 
> media proxy to communicate with existing infrastructure. Is this correct?

Yes. Of course there's numerous examples of this working well already.

>
> Do we have anybody in this list who has real life experience with 
> deploying large scale ICE based solutions over public internet? I just 
> want to make sure that we are not putting all of our eggs in the 
> basket that no one ever used.

Good question, but I believe Google has a fair bit of ICE experience.

Matthew Kaufman

v2.23.0 | Report a Bug | By Email