Re: [rtcweb] Requiring ICE for RTC calls

Iñaki Baz Castillo <ibc@aliax.net> Tue, 27 September 2011 20:24 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD3C921F9029 for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 13:24:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.635
X-Spam-Level:
X-Spam-Status: No, score=-2.635 tagged_above=-999 required=5 tests=[AWL=0.042, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bp7CDk3kGg2T for <rtcweb@ietfa.amsl.com>; Tue, 27 Sep 2011 13:24:44 -0700 (PDT)
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id EC9F821F902B for <rtcweb@ietf.org>; Tue, 27 Sep 2011 13:24:43 -0700 (PDT)
Received: by vws5 with SMTP id 5so8689010vws.31 for <rtcweb@ietf.org>; Tue, 27 Sep 2011 13:27:30 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.89.177 with SMTP id bp17mr7888055vdb.447.1317155249977; Tue, 27 Sep 2011 13:27:29 -0700 (PDT)
Received: by 10.220.118.143 with HTTP; Tue, 27 Sep 2011 13:27:29 -0700 (PDT)
In-Reply-To: <69C442D8-0B6E-4EC8-814E-52CDC8DB578B@edvina.net>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <2E239D6FCD033C4BAF15F386A979BF510F1087@sonusinmail02.sonusnet.com> <BLU152-W62B7F2AC3F0D5B6E277CB993F00@phx.gbl> <CAD5OKxt=P3jg9N0weFUZLvUYQxyeXa+9YMtpc8wn7osuPQmTpg@mail.gmail.com> <CAD5OKxtVCgiFV_iAYd1w0uZZcS5+gsixOHJ0jGN=0CMdq++kdg@mail.gmail.com> <84254826-C357-4FB5-810D-C453A2D1304C@phonefromhere.com> <CAD5OKxt1mn-pcWW01a1wT0yCToaL1NL5Fjt-NJbJYmx=Ygrk6Q@mail.gmail.com> <BLU152-W641047D45C0DF6A490EEF193F00@phx.gbl> <CAD5OKxtC+7oBe5Y+EGhX7f0SneGEmW0YoM9sPSXoRFjBxq0F4A@mail.gmail.com> <69C442D8-0B6E-4EC8-814E-52CDC8DB578B@edvina.net>
Date: Tue, 27 Sep 2011 22:27:29 +0200
Message-ID: <CALiegf=E+1m6YpOSeG9bBOwmw8T7X5hp+TE+HmvuXGHzxtSdYg@mail.gmail.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
To: "Olle E. Johansson" <oej@edvina.net>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Requiring ICE for RTC calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Sep 2011 20:24:45 -0000

2011/9/27 Olle E. Johansson <oej@edvina.net>et>:
> Sometimes we need to move forward. After many years of insecure calls having
> issues with traversing NATs everywhere, I think enough is enough and it's
> time to provide a better solution.

I also agree. The IETF has produced lot of security specifications for
SIP but vendors have implemented nothing (or just a few of them).

SIP is mostly deployed in islands, and each island defines its own
security constrains (usually no security at all as the island itself
is a secure wallen garden). Rtcweb is like a new island (a very big
island), and it will also become the island with major number of
malicious users and site providers. So let's add all the security
constrains we can in order to make it secure.

Legacy SIP vendors/providers/manufactures should react if they want to
offer services on top of rtcweb.

-- 
Iñaki Baz Castillo
<ibc@aliax.net>