Re: [rtcweb] Security Architecture: IdP for RTP and RTCP
Bernard Aboba <bernard.aboba@gmail.com> Tue, 08 July 2014 21:34 UTC
Return-Path: <bernard.aboba@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06C2C1A0141 for <rtcweb@ietfa.amsl.com>; Tue, 8 Jul 2014 14:34:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lrQjLH_ww_ca for <rtcweb@ietfa.amsl.com>; Tue, 8 Jul 2014 14:34:21 -0700 (PDT)
Received: from mail-wi0-x22a.google.com (mail-wi0-x22a.google.com [IPv6:2a00:1450:400c:c05::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 714B21A0127 for <rtcweb@ietf.org>; Tue, 8 Jul 2014 14:34:21 -0700 (PDT)
Received: by mail-wi0-f170.google.com with SMTP id cc10so1824196wib.3 for <rtcweb@ietf.org>; Tue, 08 Jul 2014 14:34:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=hGlULPOGenmt8TunoqVSBuraGTx1o8Ia0ZlhbFmzCSE=; b=oc0NeRuyqM2vZSGZZMbrgSzuaCKMN3CObmBHr9kxXWNoxMIw2B1yrgYSm2a8H33k8p cgtXkk6zr4dJiA4x5i29LqjPSdPo38ejN3w6X6y7lejDBRNFwpvZTU+Br61GCVPNYXDJ 5PkT3XYAFYxqhzd3GDOTRZuV+ks3zXjvj01BbE/DURUEFTKQlfgQBK6n8JY7gpwWnaFp 5jINSUeDlgfUexRGkxkaipSJaJTgrsKc5GJkA8uWrOSO+X7nZcjkXOkPQH0vRtrxPz58 3ogswz66Iyx4wYxAKxC14OLcoBrt6etFRJuJbkNEXWNquWFVwBkgL8jvNeU3eW53e0i0 cdig==
X-Received: by 10.180.75.75 with SMTP id a11mr6691343wiw.3.1404855259941; Tue, 08 Jul 2014 14:34:19 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.80.10 with HTTP; Tue, 8 Jul 2014 14:33:59 -0700 (PDT)
In-Reply-To: <CALiegfkkEScb8fk8Hd7fafQO3bVzw1Md4=QTJrkm_vWTuAqZ7Q@mail.gmail.com>
References: <CAOW+2dsVZj56aVL5+79d6RSTZFLwjfWdm=rs7FPnvdWQZHAdfA@mail.gmail.com> <CABkgnnUEXCuOcG_p5BpZf8Wz2Y-Pq92XGpmEb5304-uTz9JNuA@mail.gmail.com> <CALiegfkkEScb8fk8Hd7fafQO3bVzw1Md4=QTJrkm_vWTuAqZ7Q@mail.gmail.com>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Tue, 08 Jul 2014 14:33:59 -0700
Message-ID: <CAOW+2dvmWVigJQStrvswO_hbfzNkeHRTauku+39ZhYjdC9zKLg@mail.gmail.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Content-Type: multipart/alternative; boundary="f46d04388e95bad15d04fdb55ae2"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/wIyLcR5LLPolrfZmbX5UkH1SdeA
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Security Architecture: IdP for RTP and RTCP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jul 2014 21:34:23 -0000
Inaki said: "OK, a media endpoint could be internally divided into different components, one of then handling RTP and the other RTCP, but form the point of view of media transmission it should behave as a single endpoint." [BA] It seems logical for the browser to utilize the same identity for both RTP and RTCP, regardless of whether they are multiplexed or not. However, if both the RTP and RTCP peer assertions are validated, shouldn't it be up to the application decide whether to care? A given application could compare the RTP and RTCP identities and consider it a fatal error if the identities are not the same, OR it could decide to ignore the RTCP identity. BTW, the "compare" operation is potentially non-trivial in the case of internationalized identities. None of the specifications currently describe how the identities are to be normalized in preparation for the comparison, so I can imagine that some "fun" could be had there. On Tue, Jul 8, 2014 at 12:12 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote: > 2014-07-08 20:09 GMT+02:00 Martin Thomson <martin.thomson@gmail.com>: > > I think that the way that we manage identity in a multi-party > > situation probably needs something different to that. I don't see any > > particular value in terminating RTCP when you aren't also terminating > > RTP, the two are far too tightly coupled. They shouldn't really have > > been given different names in the first place. > > I agree. The fact that RTP and RTCP seem two different protocols and, > even more, the fact that they can be carried over different > transports, does not mean that we should imagine exotic scenarios in > which a media endpoint generates just RTP or just RTCP. > > OK, a media endpoint could be internally divided into different > components, one of then handling RTP and the other RTCP, but form the > point of view of media transmission it should behave as a single > endpoint. > > > -- > Iñaki Baz Castillo > <ibc@aliax.net> >
- [rtcweb] Security Architecture: IdP for RTP and R… Bernard Aboba
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Bernard Aboba
- Re: [rtcweb] Security Architecture: IdP for RTP a… Iñaki Baz Castillo
- Re: [rtcweb] Security Architecture: IdP for RTP a… Bernard Aboba
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Dan Wing
- Re: [rtcweb] Security Architecture: IdP for RTP a… Emil Ivov
- Re: [rtcweb] Security Architecture: IdP for RTP a… Justin Uberti
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Justin Uberti
- Re: [rtcweb] Security Architecture: IdP for RTP a… Watson Ladd
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson
- Re: [rtcweb] Security Architecture: IdP for RTP a… Watson Ladd
- Re: [rtcweb] Security Architecture: IdP for RTP a… Martin Thomson