Re: [rtcweb] Traffic should be encrypted. (Re: Let's define the purpose of WebRTC)

Roman Shpount <roman@telurix.com> Thu, 10 November 2011 20:51 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41D0C21F8549 for <rtcweb@ietfa.amsl.com>; Thu, 10 Nov 2011 12:51:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.892
X-Spam-Level:
X-Spam-Status: No, score=-2.892 tagged_above=-999 required=5 tests=[AWL=0.084, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kRDF6EoqnrR1 for <rtcweb@ietfa.amsl.com>; Thu, 10 Nov 2011 12:51:40 -0800 (PST)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id 3A46721F8545 for <rtcweb@ietf.org>; Thu, 10 Nov 2011 12:51:40 -0800 (PST)
Received: by ywt34 with SMTP id 34so1429184ywt.31 for <rtcweb@ietf.org>; Thu, 10 Nov 2011 12:51:39 -0800 (PST)
Received: by 10.147.166.17 with SMTP id t17mr3863522yao.28.1320958299587; Thu, 10 Nov 2011 12:51:39 -0800 (PST)
Received: from mail-yx0-f172.google.com (mail-yx0-f172.google.com [209.85.213.172]) by mx.google.com with ESMTPS id t62sm7969513yht.0.2011.11.10.12.51.38 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 10 Nov 2011 12:51:38 -0800 (PST)
Received: by yenq4 with SMTP id q4so26341yen.31 for <rtcweb@ietf.org>; Thu, 10 Nov 2011 12:51:37 -0800 (PST)
MIME-Version: 1.0
Received: by 10.68.72.103 with SMTP id c7mr17758099pbv.1.1320958297363; Thu, 10 Nov 2011 12:51:37 -0800 (PST)
Received: by 10.68.62.170 with HTTP; Thu, 10 Nov 2011 12:51:37 -0800 (PST)
In-Reply-To: <4EBC3475.90706@alvestrand.no>
References: <CALiegfkVNVAs_MyU_-4koA4zRwSn1-FwLjY9g_oZVkhi9rSK5Q@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01349D81@inba-mail01.sonusnet.com> <845C03B2-1975-4145-8F52-8CEC9E360AF3@edvina.net> <5454E693-5C34-4C77-BA07-2A9EE9EE4AFD@cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C01349FFE@inba-mail01.sonusnet.com> <1D062974A4845E4D8A343C653804920206D3B7FD@XMB-BGL-414.cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C0134A105@inba-mail01.sonusnet.com> <1F2A2C70609D9E41844A2126145FC09804691DA2@HKGMBOXPRD22.polycom.com> <CALiegfmf59jb4asUu9LA6YY_aMtKEnM1Wy34KbuLEn3_h1xBXA@mail.gmail.com> <CALiegfmM1PB=VAQjfh4rW3-3C8aumHdWy9nZxD0-BWBq9Kq_tg@mail.gmail.com> <1D062974A4845E4D8A343C653804920206D3BA57@XMB-BGL-414.cisco.com> <CALiegfkWnRT8m4S9pXTxuLsc-p_bhkG3d=PX3qgiFFt5gW5yfw@mail.gmail.com> <CAD5OKxvQYVKOZF88WLCiRseg-qXQdOpKeDU_t9b-yA2GcDBT-w@mail.gmail.com> <CABcZeBOiPxz_swdaG6Aqoch1WAUtjNh4eOQy1QObCDXT_B8azg@mail.gmail.com> <CAD5OKxtp+LQBRCHgbWdJyrSRcpNQ82i64TJgGtGPrE7+GKcEog@mail.gmail.com> <4EBC3475.90706@alvestrand.no>
Date: Thu, 10 Nov 2011 15:51:37 -0500
Message-ID: <CAD5OKxu_-+ZRsqpUBkFSj=tYtOKG0pK3JoQTZHwQGMuBCnp0Gw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Harald Alvestrand <harald@alvestrand.no>
Content-Type: multipart/alternative; boundary="f46d041b47f613d41204b16792d5"
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Traffic should be encrypted. (Re: Let's define the purpose of WebRTC)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Nov 2011 20:51:41 -0000

On Thu, Nov 10, 2011 at 3:30 PM, Harald Alvestrand <harald@alvestrand.no>wrote:

>  (BTW, Google searches did not immediately bring up verification for that
> claim of 99% of Web traffic being HTTP.... do you have a citation for that?)
>

Not really, this is just an estimate. Some fact point for you -- facebook
is HTTP and that is about 25% of web page visits. Youtube is HTTP also and
that's about 7%. (
http://weblogs.hitwise.com/heather-dougherty/2010/11/facebookcom_generates_nearly_1_1.html
)

I think the whole discussion degraded to the point of being pointless. You
say that you need mandatory encryption regardless of what I am saying. I
would not agree to mandatory encryption unless you explain to me why this
is not something that WebRTC application developer should not control.
Application developer can circumvent media security in any way he wants (by
sending it to a middle box and recording for example), so I really do not
understand why he cannot just turn the encryption off. On the web, where
origin of applications can be unknown, their integrity uncertain, delivery
un-secure, and purpose unpredictable, I do not understand why you insist on
mandatory encryption. It will not provide more security, will just restrict
things for no real gain.
_____________
Roman Shpount