IETF Logo Mail Archive

Re: [rtcweb] Question about ICE-Lite server

Roman Shpount <roman@telurix.com> Mon, 07 July 2014 19:46 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA5311B28B4 for <rtcweb@ietfa.amsl.com>; Mon, 7 Jul 2014 12:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kYiT3XMOuPBH for <rtcweb@ietfa.amsl.com>; Mon, 7 Jul 2014 12:46:31 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com [209.85.212.172]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC10B1B28AB for <rtcweb@ietf.org>; Mon, 7 Jul 2014 12:46:30 -0700 (PDT)
Received: by mail-wi0-f172.google.com with SMTP id hi2so16587305wib.5 for <rtcweb@ietf.org>; Mon, 07 Jul 2014 12:46:29 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=MBhe/AIvukS713oXUG01itBp3vkUD96SXBbmIvtV7mc=; b=e9CZ3KSiQwaKukKpiaX9qamDe4BhgAfiyNblrFIxtNCqNWD712QSbOKH+os9Bj11ej tp10uxPnThVBQ/vHIYkm+CHwwfbojwlodgCOViOZ2OTasp2rZ72SJId3RKXGJplUrzjK H1B40IeWHpv6QdpN25M7tZuAX0lFHhMkdEg5UYmO8AMWckOej1TOzVYdvQju5tzplTAT IWVBNvi/mVK0T9suzR35j3jfhvkS2sB9kQkHwtNZ/Vu3AB/U92dplYWEtOpnfgdZ3//U 02Qb7JY1gaZQ6Ej1aTMQTqQWXfHiLaJLcoe/D7uvCc2Sj884+9eKH+Cl0OW/zBzyFy50 8z+w==
X-Gm-Message-State: ALoCoQlr2unTT+lj3zxdb12vA0cC2boNpdsJtShnfeUE599yvUGQ4eCMokRcb+FUyoyq6e8RGMRq
X-Received: by 10.180.76.134 with SMTP id k6mr49373085wiw.49.1404762389484; Mon, 07 Jul 2014 12:46:29 -0700 (PDT)
Received: from mail-we0-f178.google.com (mail-we0-f178.google.com [74.125.82.178]) by mx.google.com with ESMTPSA id bq7sm118556587wib.7.2014.07.07.12.46.28 for <rtcweb@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 07 Jul 2014 12:46:28 -0700 (PDT)
Received: by mail-we0-f178.google.com with SMTP id x48so4874187wes.37 for <rtcweb@ietf.org>; Mon, 07 Jul 2014 12:46:28 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.194.20.230 with SMTP id q6mr35153192wje.43.1404762388321; Mon, 07 Jul 2014 12:46:28 -0700 (PDT)
Received: by 10.217.131.17 with HTTP; Mon, 7 Jul 2014 12:46:28 -0700 (PDT)
In-Reply-To: <53B91327.50401@alvestrand.no>
References: <CALiegf=kLtiUKoue=ahXP4fUhLJNNd8vCaQTECQxjK5R7cjLTQ@mail.gmail.com> <53B91327.50401@alvestrand.no>
Date: Mon, 07 Jul 2014 15:46:28 -0400
Message-ID: <CAD5OKxthZpRdBCKSrM3HaVk2GcQVNDnqP+2ENGJt-X43oXaS+A@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Harald Alvestrand <harald@alvestrand.no>
Content-Type: multipart/alternative; boundary="047d7b5d971b265de204fd9fbb89"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/xieIEcTBIC6ke3LFHBRAQAVx6dY
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Question about ICE-Lite server
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jul 2014 19:46:32 -0000

>
> To me this sounds like "can an endpoint participate in ICE without
> participating in the exchange of candidates" - and my immediate reaction is
> "if it could, it would be a security risk".
>
> I don't think it's possible. And I think that's a Good Thing.
>
>
Since ICE-Lite server does not send any connectivity checks, it can operate
with virtually no information about the remote side. It certainly does not
need any information about the candidates. All it cares about that the
other side supports ICE, if there was an ICE mismatch and if remote side is
full or lite implementation. All checks from remote side are validated
using the local password. If remote side is lite or does not support ICE
media can be sent immediately, otherwise it will need to wait for a
connectivity check with the use attribute. Very, very simple.
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email