Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism (Re: Summary of ICE discussion)

Randell Jesup <randell-ietf@jesup.org> Tue, 11 October 2011 00:16 UTC

Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF7C721F8B52 for <rtcweb@ietfa.amsl.com>; Mon, 10 Oct 2011 17:16:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RSaER-H-0Yv3 for <rtcweb@ietfa.amsl.com>; Mon, 10 Oct 2011 17:16:00 -0700 (PDT)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id 579D521F8B43 for <rtcweb@ietf.org>; Mon, 10 Oct 2011 17:16:00 -0700 (PDT)
Received: from pool-173-49-141-165.phlapa.fios.verizon.net ([173.49.141.165] helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1RDQ0l-00012o-85 for rtcweb@ietf.org; Mon, 10 Oct 2011 19:15:59 -0500
Message-ID: <4E9389C0.5050607@jesup.org>
Date: Mon, 10 Oct 2011 20:11:44 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <4E8B192E.80809@ericsson.com> <E6AA070839B987489960B202AD80E18D019D9119@ftrdmel0.rd.francetelecom.fr> <4E935A8B.8020700@alvestrand.no> <CABcZeBNd0wnAv3KHkzCa4g6tFmGJhADOQDCz-7G=DYwp1yOGzA@mail.gmail.com>
In-Reply-To: <CABcZeBNd0wnAv3KHkzCa4g6tFmGJhADOQDCz-7G=DYwp1yOGzA@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: Re: [rtcweb] Sebastien Cubaud's non-ICE mechanism (Re: Summary of ICE discussion)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Oct 2011 00:16:01 -0000

On 10/10/2011 7:04 PM, Eric Rescorla wrote:
> On Mon, Oct 10, 2011 at 1:50 PM, Harald Alvestrand<harald@alvestrand.no>  wrote:
>> Changing the subject to keep threads separate....
>>
>> On 10/09/2011 12:00 PM, sebastien.cubaud@orange.com wrote:
>>> Here are the steps I foresee before allowing the establishment of a media
>>> session:
>>>
>>> - Let's consider A (a RTC-Web compliant browser) connected to server S and
>>> wishing to share real-time media with destination B (potentially a SIP
>>> endpoint or a browser)
>>> - A&    B learn via the signalling channel the triple @IP, transport proto
>>> and associated listening port of the remote media
>>> - A sends a few RTP packets to B (3 as in RFC 2833/4733 or more?).- This
>>> would allow the mechanism to resist against packet loss -. The format of such
>>> packets are to be discussed
>>> - Assuming B receives these packets, it then sends via the signalling
>>> channel an information from the media path unknown from S (i.e. not accessible via
>>> JS).
>>> I propose to use the min of the sequence number of the RTP packets
>>> received (which is random per RFC 3550)
>>
>> The sequence number is a 16-bit number, so there are 16 bits of randomness
>> to play with here.
>> An attack based on just returning a random number will succeed 1 out of
>> 65.536 times; if any of the 3 packets' sequence numbers are acceptable, it
>> will succeed 1 out of 21.845 times.

If you use the sequence number and the timestamp, you have 48 bits of 
entropy...


-- 
Randell Jesup
randell-ietf@jesup.org