Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)

Matthew Kaufman <matthew.kaufman@skype.net> Wed, 28 September 2011 00:08 UTC

Return-Path: <matthew.kaufman@skype.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5ECB21F8F25 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 17:08:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.452
X-Spam-Level:
X-Spam-Status: No, score=-5.452 tagged_above=-999 required=5 tests=[AWL=1.147, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 74pFxbmVaYWi for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 17:08:20 -0700 (PDT)
Received: from mx.skype.net (mx.skype.net [78.141.177.88]) by ietfa.amsl.com (Postfix) with ESMTP id 2D98221F8F21 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 17:08:20 -0700 (PDT)
Received: from mx.skype.net (localhost [127.0.0.1]) by mx.skype.net (Postfix) with ESMTP id 13FA516FC; Wed, 28 Sep 2011 02:11:06 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=skype.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=mx; bh=de2gwOJB3MBoi1 sQOvbREL/Xer8=; b=mJCj4VTQm2XIfLS6eAWU+yirsdxJoeGRDqEsxAQllHypsS Wk7Sl0765KyiPBpLfeSpZ+Wj7erBqtj8WZxVCWTuegwF7keskI0uMQWCYohN9bLD /QfqLAUoaDAU7h1+o+mJsNigO+AY5fM7I3HGbqS4Ax8OirKU8uERNYgz3oMDo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=skype.net; h=message-id:date:from :mime-version:to:cc:subject:references:in-reply-to:content-type: content-transfer-encoding; q=dns; s=mx; b=GHcnBqjEQ3uXQXBjdmrplp sZpYlkDR4gPKpF35U99H/nnqtOzg/DpIByX/p/oZc1HT8ofcw3dgtweW/17EbUdc rZXJulXwbgfdU9j77wDvLoc79otOo6BbgnZxO0r3fDGmlZK4LbMQqulHPcq0foCq hnHHFmWu4k/nZIPfWx9tc=
Received: from zimbra.skype.net (zimbra.skype.net [78.141.177.82]) by mx.skype.net (Postfix) with ESMTP id 1283A7F8; Wed, 28 Sep 2011 02:11:06 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zimbra.skype.net (Postfix) with ESMTP id E57253506F32; Wed, 28 Sep 2011 02:11:05 +0200 (CEST)
X-Virus-Scanned: amavisd-new at lu2-zimbra.skype.net
Received: from zimbra.skype.net ([127.0.0.1]) by localhost (zimbra.skype.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3SL44Fo1zQbu; Wed, 28 Sep 2011 02:11:05 +0200 (CEST)
Received: from [10.10.155.2] (unknown [198.202.199.254]) by zimbra.skype.net (Postfix) with ESMTPSA id 141F93506F12; Wed, 28 Sep 2011 02:11:03 +0200 (CEST)
Message-ID: <4E8265D3.5020809@skype.net>
Date: Tue, 27 Sep 2011 17:09:55 -0700
From: Matthew Kaufman <matthew.kaufman@skype.net>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: Roman Shpount <roman@telurix.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <4E809EE6.2050702@skype.net> <2E239D6FCD033C4BAF15F386A979BF510F1087@sonusinmail02.sonusnet.com> <BLU152-W62B7F2AC3F0D5B6E277CB993F00@phx.gbl> <CAD5OKxt=P3jg9N0weFUZLvUYQxyeXa+9YMtpc8wn7osuPQmTpg@mail.gmail.com> <CAD5OKxtVCgiFV_iAYd1w0uZZcS5+gsixOHJ0jGN=0CMdq++kdg@mail.gmail.com> <CAOJ7v-3PrnNyesL+x-mto9Q9djjiJ13QZHXCiGfY1mv3nubrqQ@mail.gmail.com> <CAD5OKxsKTHCuBQdUnGQtGfF7NmZZExLe9Q9B9cNR=483neuHPQ@mail.gmail.com> <CAOJ7v-1rzdmviAnGknVZmrU_TDNoC3NmWd1g6iyx0WzZ4xB3Pw@mail.gmail.com> <4E820825.9090101@skype.net> <CAD5OKxvmKi3Py0gNcTdREdfS07hA-=f6L+u8KKVgSWztMft9kQ@mail.gmail.com> <CALiegfmL4VSRE+kgs5kXzQc3mCHnKpU-EAbVPKO4QNEYLKje=A@mail.gmail.com> <4E821E47.4080205@alvestrand.no> <CALiegfndBhod6Hoq6h63795x8f=ew28rDys=Fx8ScwVpVJwp1Q@mail.gmail.com> <CABcZeBOoF6MNSpATG2+_e99iRq7Jf9OoWWNCa=qRGW_v+maoHA@mail.gmail.com> <CAD5OKxubnxLAqybCgnBXpKR9S0rBEsoDg9enCaverjVWYad7Ew@mail.gmail.com>
In-Reply-To: <CAD5OKxubnxLAqybCgnBXpKR9S0rBEsoDg9enCaverjVWYad7Ew@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Solutions sought for non-ICE RTC calls, not +1 (Re: Requiring ICE for RTC calls)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Sep 2011 00:08:24 -0000

On 9/27/2011 3:13 PM, Roman Shpount wrote:
> Eric,
>
> I would suggest we should have an ability to disable ICE/SRTP in 
> browser settings altogether for debugging purposes 

No idea why that would be helpful. If you really want cleartext traffic, 
allow a null SRTP cipher, not plain RTP.

And disabling ICE doesn't help anything.

> and have an ability to add a web site to browser settings (or assign 
> it to intranet zone), which would enable this web site to setup calls 
> without ICE/SRTP. 

Bad idea.

> This way a developer can disable these protocols to test things, and 
> user can take an action to say that it trust a certain web site and 
> allows it to place calls anywhere. 

Yes, and the same way a malicious site can say "if you want to browse 
our free porn collection, you must click 'yes' on the next dialog" and 
then proceed to attack at will. Totally unacceptable.

> I would think browser settings are outside of the standards document, 
> but we at least should have requirements for ICE-required and SRTP as 
> SHOULD, not MUST.

ICE needs to be a MUST. Debate is still going on support (or not) for 
plain RTP.

Matthew Kaufman