Re: [rtcweb] Requiring ICE for RTC calls
Matthew Kaufman <matthew.kaufman@skype.net> Mon, 26 September 2011 15:47 UTC
Return-Path: <matthew.kaufman@skype.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0EE121F8C10 for <rtcweb@ietfa.amsl.com>; Mon, 26 Sep 2011 08:47:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.226
X-Spam-Level:
X-Spam-Status: No, score=-5.226 tagged_above=-999 required=5 tests=[AWL=1.073, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nuN0l0zvoBCo for <rtcweb@ietfa.amsl.com>; Mon, 26 Sep 2011 08:47:20 -0700 (PDT)
Received: from mx.skype.net (mx.skype.net [78.141.177.88]) by ietfa.amsl.com (Postfix) with ESMTP id D850F21F8C0F for <rtcweb@ietf.org>; Mon, 26 Sep 2011 08:47:19 -0700 (PDT)
Received: from mx.skype.net (localhost [127.0.0.1]) by mx.skype.net (Postfix) with ESMTP id 90A9416F6; Mon, 26 Sep 2011 17:50:00 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=skype.net; h=message-id :date:from:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; s=mx; bh=Y/4AR+leWLFNJ6 qhXvyFEPoTx88=; b=fHikMOP0c/AQycX1EVOqZmL3umPlIcIqus4uM0ds0QScmN MOcd2E9yn4OxaZw9fiMPTPh41eXhnsYmm3YbP5FWSoroktivFG1y40bo6lG4mdfv KYRcaJD63hYs3FgBcy6WNhdnagbEdq68KLEPGJAgVJCdGpfVcrki/z4Bcjn54=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=skype.net; h=message-id:date:from :mime-version:to:cc:subject:references:in-reply-to:content-type: content-transfer-encoding; q=dns; s=mx; b=ot3BtEVuY8/QA81bIZjTxB 3DLxoQU7GyIS02o8CqskgZkO344CKbGRTi8iVNxHH9izpmf1h8ZEQAMJ47krF+9j DC/IgYKtrYZrqH4LLoUtoz1GWqaFMaYpzb6GAs0SwFyCyaJ0zCDUQMfhVaQlX7An PpJM6iwWXw5Y7ZaILBw2M=
Received: from zimbra.skype.net (zimbra.skype.net [78.141.177.82]) by mx.skype.net (Postfix) with ESMTP id 8F04D7F6; Mon, 26 Sep 2011 17:50:00 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zimbra.skype.net (Postfix) with ESMTP id 5BE6C1672681; Mon, 26 Sep 2011 17:50:00 +0200 (CEST)
X-Virus-Scanned: amavisd-new at lu2-zimbra.skype.net
Received: from zimbra.skype.net ([127.0.0.1]) by localhost (zimbra.skype.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S6oPLmdpDBmH; Mon, 26 Sep 2011 17:49:59 +0200 (CEST)
Received: from [10.10.155.2] (unknown [198.202.199.254]) by zimbra.skype.net (Postfix) with ESMTPSA id A05231672683; Mon, 26 Sep 2011 17:49:58 +0200 (CEST)
Message-ID: <4E809EE6.2050702@skype.net>
Date: Mon, 26 Sep 2011 08:48:54 -0700
From: Matthew Kaufman <matthew.kaufman@skype.net>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20110902 Thunderbird/6.0.2
MIME-Version: 1.0
To: Iñaki Baz Castillo <ibc@aliax.net>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com>
In-Reply-To: <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Cc: Randell Jesup <randell-ietf@jesup.org>, rtcweb@ietf.org
Subject: Re: [rtcweb] Requiring ICE for RTC calls
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Sep 2011 15:47:21 -0000
On 9/26/2011 8:29 AM, Iñaki Baz Castillo wrote: > 2011/9/26 Matthew Kaufman<matthew.kaufman@skype.net>: >> For example, an evil overlord that creates a web site for allowing its >> clients to attack systems behind a firewall could relax those requirements >> and not mandate ICE/SRTP when opening arbitrary connections to systems >> behind said firewall. >> >> The "configuration" must be retrieved by the WebRTC client *from the system >> it will be sending traffic to*... the best format we have for that is to >> send a (rate-limited) STUN connectivity check with short-term credentials >> and see if it is replied to properly. That's how ICE works. > I understand your points and I agree. That would be the perfect scenario. That would be the only scenario that is safe enough to ship in a browser. > But I'm worried about the price to pay for these security constrains > (no interoperability with 95% of SIP-PSTN providers within next 3-5 > years). The alternative is that you don't ship anything in the browser, because the browser *cannot* become an attack vector as a result of adding this feature. And "interoperability with SIP-PSTN providers" is only relevant if you are trying to turn the browser into another phone. We have enough phones. What we don't have are new real-time communication experiences that can only be created within this environment. Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cameron Byrne
- [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cameron Byrne
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Ravindran Parthasarathi
- Re: [rtcweb] Requiring ICE for RTC calls Bernard Aboba
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Requiring ICE for RTC calls Justin Uberti
- Re: [rtcweb] Requiring ICE for RTC calls Saúl Ibarra Corretgé
- [rtcweb] RFC 5245 interpretation (Re: Requiring I… Harald Alvestrand
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Justin Uberti
- Re: [rtcweb] RFC 5245 interpretation (Re: Requiri… Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] RFC 5245 interpretation (Re: Requiri… Christer Holmberg
- Re: [rtcweb] Requiring ICE for RTC calls Bernard Aboba
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Requiring ICE for RTC calls Dzonatas Sol
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Bernard Aboba
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Justin Uberti
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] RFC 5245 interpretation (Re: Requiri… Ravindran Parthasarathi
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Ravindran Parthasarathi
- Re: [rtcweb] Requiring ICE for RTC calls Eric Rescorla
- [rtcweb] Solutions sought for non-ICE RTC calls, … Harald Alvestrand
- Re: [rtcweb] Requiring ICE for RTC calls Olle E. Johansson
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Olle E. Johansson
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Matthew Kaufman
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Matthew Kaufman
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Matthew Kaufman
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Randell Jesup
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Igor Faynberg
- [rtcweb] ICE deployment experience (Re: Solutions… Harald Alvestrand
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Cullen Jennings
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Cameron Byrne
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Eric Rescorla
- Re: [rtcweb] Requiring ICE for RTC calls Harald Alvestrand
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Olle E. Johansson
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Olle E. Johansson
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Richard Shockey
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Richard Shockey
- Re: [rtcweb] Requiring ICE for RTC calls Eric Rescorla
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Martin J. Dürst
- Re: [rtcweb] Requiring ICE for RTC calls Harald Alvestrand
- Re: [rtcweb] SBC hardware and SHA1 Olle E. Johansson
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] SBC hardware and SHA1 Hadriel Kaplan
- Re: [rtcweb] SBC hardware and SHA1 Cameron Byrne
- Re: [rtcweb] SBC hardware and SHA1 Olle E. Johansson
- Re: [rtcweb] SBC hardware and SHA1 Olle E. Johansson
- Re: [rtcweb] SBC hardware and SHA1 Eric Rescorla
- Re: [rtcweb] SBC hardware and SHA1 Dzonatas Sol
- Re: [rtcweb] SBC hardware and SHA1 Ravindran Parthasarathi
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Saúl Ibarra Corretgé
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings