Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)

Roman Shpount <roman@telurix.com> Tue, 27 September 2011 23:18 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDAD321F8FA8 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 16:18:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.555
X-Spam-Level:
X-Spam-Status: No, score=-2.555 tagged_above=-999 required=5 tests=[AWL=0.421, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G2UKAwKeQlO4 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 16:18:07 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id DE14E21F8F91 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 16:18:00 -0700 (PDT)
Received: by ywa6 with SMTP id 6so7258562ywa.31 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 16:20:47 -0700 (PDT)
Received: by 10.236.79.72 with SMTP id h48mr53151235yhe.4.1317165647420; Tue, 27 Sep 2011 16:20:47 -0700 (PDT)
Received: from mail-yi0-f44.google.com (mail-yi0-f44.google.com [209.85.218.44]) by mx.google.com with ESMTPS id o7sm15897997anp.18.2011.09.27.16.20.44 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 27 Sep 2011 16:20:44 -0700 (PDT)
Received: by yic13 with SMTP id 13so6907954yic.31 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 16:20:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.36.232 with SMTP id t8mr40446037pbj.54.1317165643511; Tue, 27 Sep 2011 16:20:43 -0700 (PDT)
Received: by 10.68.55.39 with HTTP; Tue, 27 Sep 2011 16:20:43 -0700 (PDT)
In-Reply-To: <CABcZeBM+FD5y7WenD=d_7jM1Fu+OrFyFgtsd1iGMpGfMe_gOKQ@mail.gmail.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <2E239D6FCD033C4BAF15F386A979BF510F1087@sonusinmail02.sonusnet.com> <BLU152-W62B7F2AC3F0D5B6E277CB993F00@phx.gbl> <CAD5OKxt=P3jg9N0weFUZLvUYQxyeXa+9YMtpc8wn7osuPQmTpg@mail.gmail.com> <CAD5OKxtVCgiFV_iAYd1w0uZZcS5+gsixOHJ0jGN=0CMdq++kdg@mail.gmail.com> <CAOJ7v-3PrnNyesL+x-mto9Q9djjiJ13QZHXCiGfY1mv3nubrqQ@mail.gmail.com> <CAD5OKxsKTHCuBQdUnGQtGfF7NmZZExLe9Q9B9cNR=483neuHPQ@mail.gmail.com> <CAOJ7v-1rzdmviAnGknVZmrU_TDNoC3NmWd1g6iyx0WzZ4xB3Pw@mail.gmail.com> <4E820825.9090101@skype.net> <CAD5OKxvmKi3Py0gNcTdREdfS07hA-=f6L+u8KKVgSWztMft9kQ@mail.gmail.com> <CALiegfmL4VSRE+kgs5kXzQc3mCHnKpU-EAbVPKO4QNEYLKje=A@mail.gmail.com> <4E821E47.4080205@alvestrand.no> <CALiegfndBhod6Hoq6h63795x8f=ew28rDys=Fx8ScwVpVJwp1Q@mail.gmail.com> <CABcZeBOoF6MNSpATG2+_e99iRq7Jf9OoWWNCa=qRGW_v+maoHA@mail.gmail.com> <CAD5OKxubnxLAqybCgnBXpKR9S0rBEsoDg9enCaverjVWYad7Ew@mail.gmail.com> <CABcZeBPoQSM=L0-Er3j-ak2M6YfCbJkThbYuR_+=xUmcsxQz9Q@mail.gmail.com> <CAD5OKxsVE+LwKEcpe+hf+=i87Ucga0_VpkUGJkH5=HixV5Xkmw@mail.gmail.com> <CABcZeBM+FD5y7WenD=d_7jM1Fu+OrFyFgtsd1iGMpGfMe_gOKQ@mail.gmail.com>
Date: Tue, 27 Sep 2011 19:20:43 -0400
Message-ID: <CAD5OKxte2DYbgtFpF2jQGq_thYCyb1Li2ih5J6gpzamhJvRyTA@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="bcaec520e8174ab93804adf48656"
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 23:18:07 -0000

On Tue, Sep 27, 2011 at 6:54 PM, Eric Rescorla <ekr@rtfm.com> wrote:

> I'm sorry, but I think you're still missing the point: requiring ICE *is*
> the security
> feature.
>
>
I'm sorry, but it I do get the point: ICE is security. My point is, if you
have a trust relationship with a site, ICE validation can be bypassed, i.e.
if you trust the application on the site you trust it not to do something
malicious with your media.  You point is that you do not trust the user with
the decision to turn off ICE or trust the website, since unlike with all the
other security decisions this can be used to hurt other people vs. just
users themselves. So, unless we can invent a robust mechanism to set trust
agreements with specific web sites, we would be better off forcing ICE for
everybody. Is this correct description of the problem?
_____________
Roman Shpount