IETF Logo Mail Archive

Re: [rtcweb] Security Architecture: IdP for RTP and RTCP

Bernard Aboba <bernard.aboba@gmail.com> Tue, 08 July 2014 21:34 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06C2C1A0141 for <rtcweb@ietfa.amsl.com>; Tue, 8 Jul 2014 14:34:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lrQjLH_ww_ca for <rtcweb@ietfa.amsl.com>; Tue, 8 Jul 2014 14:34:21 -0700 (PDT)
Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 714B21A0127 for <rtcweb@ietf.org>; Tue, 8 Jul 2014 14:34:21 -0700 (PDT)
Received: by mail-wi0-f170.google.com with SMTP id cc10so1824196wib.3 for <rtcweb@ietf.org>; Tue, 08 Jul 2014 14:34:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=hGlULPOGenmt8TunoqVSBuraGTx1o8Ia0ZlhbFmzCSE=; b=oc0NeRuyqM2vZSGZZMbrgSzuaCKMN3CObmBHr9kxXWNoxMIw2B1yrgYSm2a8H33k8p cgtXkk6zr4dJiA4x5i29LqjPSdPo38ejN3w6X6y7lejDBRNFwpvZTU+Br61GCVPNYXDJ 5PkT3XYAFYxqhzd3GDOTRZuV+ks3zXjvj01BbE/DURUEFTKQlfgQBK6n8JY7gpwWnaFp 5jINSUeDlgfUexRGkxkaipSJaJTgrsKc5GJkA8uWrOSO+X7nZcjkXOkPQH0vRtrxPz58 3ogswz66Iyx4wYxAKxC14OLcoBrt6etFRJuJbkNEXWNquWFVwBkgL8jvNeU3eW53e0i0 cdig==
X-Received: by 10.180.75.75 with SMTP id a11mr6691343wiw.3.1404855259941; Tue, 08 Jul 2014 14:34:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.80.10 with HTTP; Tue, 8 Jul 2014 14:33:59 -0700 (PDT)
In-Reply-To: <CALiegfkkEScb8fk8Hd7fafQO3bVzw1Md4=QTJrkm_vWTuAqZ7Q@mail.gmail.com>
References: <CAOW+2dsVZj56aVL5+79d6RSTZFLwjfWdm=rs7FPnvdWQZHAdfA@mail.gmail.com> <CABkgnnUEXCuOcG_p5BpZf8Wz2Y-Pq92XGpmEb5304-uTz9JNuA@mail.gmail.com> <CALiegfkkEScb8fk8Hd7fafQO3bVzw1Md4=QTJrkm_vWTuAqZ7Q@mail.gmail.com>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Tue, 08 Jul 2014 14:33:59 -0700
Message-ID: <CAOW+2dvmWVigJQStrvswO_hbfzNkeHRTauku+39ZhYjdC9zKLg@mail.gmail.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Content-Type: multipart/alternative; boundary="f46d04388e95bad15d04fdb55ae2"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/wIyLcR5LLPolrfZmbX5UkH1SdeA
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security Architecture: IdP for RTP and RTCP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2014 21:34:23 -0000

Inaki said: "OK, a media endpoint could be internally divided into different
components, one of then handling RTP and the other RTCP, but form the
point of view of media transmission it should behave as a single
endpoint."

[BA] It seems logical for the browser to utilize the same identity for both
RTP and RTCP, regardless of whether they are multiplexed or not.

However, if both the RTP and RTCP peer assertions are validated, shouldn't
it be up to the application decide whether to care?

A given application could compare the RTP and RTCP identities and consider
it a fatal error if the identities are not the same, OR it could decide to
ignore the RTCP identity.

BTW, the "compare" operation is potentially non-trivial in the case of
internationalized identities.  None of the specifications currently
describe how the identities are to be normalized in preparation for the
comparison, so I can imagine that some "fun" could be had there.




On Tue, Jul 8, 2014 at 12:12 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote:

> 2014-07-08 20:09 GMT+02:00 Martin Thomson <martin.thomson@gmail.com>:
> > I think that the way that we manage identity in a multi-party
> > situation probably needs something different to that.  I don't see any
> > particular value in terminating RTCP when you aren't also terminating
> > RTP, the two are far too tightly coupled.  They shouldn't really have
> > been given different names in the first place.
>
> I agree. The fact that RTP and RTCP seem two different protocols and,
> even more, the fact that they can be carried over different
> transports, does not mean that we should imagine exotic scenarios in
> which a media endpoint generates just RTP or just RTCP.
>
> OK, a media endpoint could be internally divided into different
> components, one of then handling RTP and the other RTCP, but form the
> point of view of media transmission it should behave as a single
> endpoint.
>
>
> --
> Iñaki Baz Castillo
> <ibc@aliax.net>
>

v2.23.0 | Report a Bug | By Email