Re: [rtcweb] Let's define the purpose of WebRTC

"Olle E. Johansson" <oej@edvina.net> Wed, 09 November 2011 11:23 UTC

Return-Path: <oej@edvina.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FCAF21F8C32 for <rtcweb@ietfa.amsl.com>; Wed, 9 Nov 2011 03:23:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[AWL=0.144, BAYES_00=-2.599, HELO_EQ_SE=0.35]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UJfHhfcbsGJs for <rtcweb@ietfa.amsl.com>; Wed, 9 Nov 2011 03:23:49 -0800 (PST)
Received: from smtp7.webway.se (smtp7.webway.se [212.3.14.205]) by ietfa.amsl.com (Postfix) with ESMTP id 8C80B21F8A67 for <rtcweb@ietf.org>; Wed, 9 Nov 2011 03:23:46 -0800 (PST)
Received: from [192.168.20.63] (static-213-115-251-100.sme.bredbandsbolaget.se [213.115.251.100]) by smtp7.webway.se (Postfix) with ESMTPA id 5D920754BD20; Wed, 9 Nov 2011 11:23:41 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=us-ascii
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <1D062974A4845E4D8A343C653804920206D3B9C1@XMB-BGL-414.cisco.com>
Date: Wed, 9 Nov 2011 12:23:41 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <34771C19-DD51-46B4-97ED-703A93F7329E@edvina.net>
References: <CALiegfkVNVAs_MyU_-4koA4zRwSn1-FwLjY9g_oZVkhi9rSK5Q@mail.gmail.com> <8A61D801-D14D-408B-9875-63C37D0CC166@acmepacket.com> <CABw3bnPE=OY_h5bM7GA6wgrXiOBL8P4J0kw1jLv-GSpHAbg=Cg@mail.gmail.com> <CABcZeBNqdkh8u=gwOvKfDCQA7rXdAyQkfaM1r2Sx10787btP6A@mail.gmail.com> <B10FEFF6-0ADC-4DB1-83BB-50A11C65EC35@acmepacket.com> <CABcZeBNSXtim_VqzqAd8Z-u4zWSjaYmsVZPN=7sDYkJsgtRAHA@mail.gmail.com> <4EB7E6A5.70209@alvestrand.no> <F8003BA9-BCD8-4F02-B514-8B883FF90F91@acmepacket.com> <387F9047F55E8C42850AD6B3A7A03C6C01349D81@inba-mail01.sonusnet.com> <845C03B2-1975-4145-8F52-8CEC9E360AF3@edvina.net> <5454E693-5C34-4C77-BA07-2A9EE9EE4AFD@cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C01349FFE@inba-mail01.sonusnet.com> <1D062974A4845E4D8A343C653804920206D3B7FD@XMB-BGL-414.cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C0134A105@inba-mail01.sonusnet.com> <1F2A2C70609D9E41844A2126145FC09804691DA2@HKGMBOXPRD22.polycom.com> <CALiegfmf59jb4asUu9LA6YY_aMtKEnM1Wy34KbuLEn3_h1xBXA@mail.gmail.com> <1D0 62974A4845E4D8A343C653804920206D3B9C1@XMB-BGL-414.cisco.com>
To: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
X-Mailer: Apple Mail (2.1251.1)
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Let's define the purpose of WebRTC
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 11:23:49 -0000

9 nov 2011 kl. 11:57 skrev Muthu Arul Mozhi Perumal (mperumal):

> |The "application" is untrusted by nature, and we don't want 
> |to make the end-user to decide whether to trust it or not. 
> |Explained many times in this maillist.
> 
> I am thinking we could burn SRTP into the browser such that the decision of whether or not to use SRTP vests solely with the browser. If a WebRTC browser is exchanging media with another WebRTC browser they always do SRTP/SRTCP. If either side isn't WebRTC compliant they end up with RTP/RTCP. This way we don't need to trust the JS, instead trust only the browser. We can also interoperate with legacy devices without taxing them.

That opens up for downgrade attacks and put a lot of trust on the web browser UI to show what happens and on the users to understand what the web browser UA is trying to tell them.

/O