Re: [rtcweb] Requiring ICE for RTC calls

Matthew Kaufman <> Mon, 26 September 2011 15:47 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A0EE121F8C10 for <>; Mon, 26 Sep 2011 08:47:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -5.226
X-Spam-Status: No, score=-5.226 tagged_above=-999 required=5 tests=[AWL=1.073, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id nuN0l0zvoBCo for <>; Mon, 26 Sep 2011 08:47:20 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id D850F21F8C0F for <>; Mon, 26 Sep 2011 08:47:19 -0700 (PDT)
Received: from (localhost []) by (Postfix) with ESMTP id 90A9416F6; Mon, 26 Sep 2011 17:50:00 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed;; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=mx; bh=Y/4AR+leWLFNJ6 qhXvyFEPoTx88=; b=fHikMOP0c/AQycX1EVOqZmL3umPlIcIqus4uM0ds0QScmN MOcd2E9yn4OxaZw9fiMPTPh41eXhnsYmm3YbP5FWSoroktivFG1y40bo6lG4mdfv KYRcaJD63hYs3FgBcy6WNhdnagbEdq68KLEPGJAgVJCdGpfVcrki/z4Bcjn54=
DomainKey-Signature: a=rsa-sha1; c=nofws;; h=message-id:date:from :mime-version:to:cc:subject:references:in-reply-to:content-type: content-transfer-encoding; q=dns; s=mx; b=ot3BtEVuY8/QA81bIZjTxB 3DLxoQU7GyIS02o8CqskgZkO344CKbGRTi8iVNxHH9izpmf1h8ZEQAMJ47krF+9j DC/IgYKtrYZrqH4LLoUtoz1GWqaFMaYpzb6GAs0SwFyCyaJ0zCDUQMfhVaQlX7An PpJM6iwWXw5Y7ZaILBw2M=
Received: from ( []) by (Postfix) with ESMTP id 8F04D7F6; Mon, 26 Sep 2011 17:50:00 +0200 (CEST)
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5BE6C1672681; Mon, 26 Sep 2011 17:50:00 +0200 (CEST)
X-Virus-Scanned: amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id S6oPLmdpDBmH; Mon, 26 Sep 2011 17:49:59 +0200 (CEST)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id A05231672683; Mon, 26 Sep 2011 17:49:58 +0200 (CEST)
Message-ID: <>
Date: Mon, 26 Sep 2011 08:48:54 -0700
From: Matthew Kaufman <>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: Iñaki Baz Castillo <>
References: <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Cc: Randell Jesup <>,
Subject: Re: [rtcweb] Requiring ICE for RTC calls
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 26 Sep 2011 15:47:21 -0000

On 9/26/2011 8:29 AM, Iñaki Baz Castillo wrote:
> 2011/9/26 Matthew Kaufman<>:
>> For example, an evil overlord that creates a web site for allowing its
>> clients to attack systems behind a firewall could relax those requirements
>> and not mandate ICE/SRTP when opening arbitrary connections to systems
>> behind said firewall.
>> The "configuration" must be retrieved by the WebRTC client *from the system
>> it will be sending traffic to*... the best format we have for that is to
>> send a (rate-limited) STUN connectivity check with short-term credentials
>> and see if it is replied to properly. That's how ICE works.
> I understand your points and I agree. That would be the perfect scenario.

That would be the only scenario that is safe enough to ship in a browser.

> But I'm worried about the price to pay for these security constrains
> (no interoperability with 95% of SIP-PSTN providers within next 3-5
> years).

The alternative is that you don't ship anything in the browser, because 
the browser *cannot* become an attack vector as a result of adding this 

And "interoperability with SIP-PSTN providers" is only relevant if you 
are trying to turn the browser into another phone. We have enough 
phones. What we don't have are new real-time communication experiences 
that can only be created within this environment.

Matthew Kaufman