Re: [rtcweb] Stephen Farrell's Discuss on draft-ietf-rtcweb-stun-consent-freshness-15: (with DISCUSS and COMMENT)
Eric Rescorla <ekr@rtfm.com> Wed, 05 August 2015 17:39 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C44B81A88A5 for <rtcweb@ietfa.amsl.com>; Wed, 5 Aug 2015 10:39:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YnQdVFlO_WLA for <rtcweb@ietfa.amsl.com>; Wed, 5 Aug 2015 10:39:42 -0700 (PDT)
Received: from mail-wi0-f177.google.com (mail-wi0-f177.google.com [209.85.212.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCE891A888A for <rtcweb@ietf.org>; Wed, 5 Aug 2015 10:39:38 -0700 (PDT)
Received: by wibhh20 with SMTP id hh20so34692487wib.0 for <rtcweb@ietf.org>; Wed, 05 Aug 2015 10:39:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=7cmZKhVAsb38nHb0gqG6qnIx+CgHnbYo50qQnDl9VV8=; b=jTxX6OblKl+R5gKj08RU8sl2bZSHAjeveI7fy27s/wpHAtFVt7SE6plECJhsqK2/D+ Jjno8iSJyDlO7ZlKkgux77d+1Zs7lCAxtyEiUOjytXuqlMMY1CQrbY+EWbJFmmtCPa0k XTgYrch7HiMmGnS8gTjD6L+YtcsZGAq6jf4dVwfBujRKoG9gZwZvfirA9VSsyYhLdpx9 QASECsLRsgUgWQdIpVaa/R9978CHMGRgmn+E7ZcRd3JMmnkYI4f+9ct6tf3/lf1Do6Y1 cyoxnYPn79KQ37CFeKa7mi6wTVqn1zbp+CbpO8YzHM+8pVOkT5rOYAPAHcBS+B/H1vsH 4lVQ==
X-Gm-Message-State: ALoCoQmbpMUvFyPiq03nG2NdjOzjTxfUDfjCBv/Kxm2hvwO6vZQcPkmYlueA/k8p6WQz/mWp9xdr
X-Received: by 10.180.75.78 with SMTP id a14mr798860wiw.68.1438796377097; Wed, 05 Aug 2015 10:39:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.27.85.86 with HTTP; Wed, 5 Aug 2015 10:38:57 -0700 (PDT)
In-Reply-To: <55C24293.5000603@cs.tcd.ie>
References: <20150805130607.20844.70680.idtracker@ietfa.amsl.com> <CABcZeBMWVU9a1_e_47qddA04WhXG55QYzFA=dTrYgi+DuLQhKA@mail.gmail.com> <55C24293.5000603@cs.tcd.ie>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 05 Aug 2015 10:38:57 -0700
Message-ID: <CABcZeBO=vnb0jz+4QVK1h6b4C5huG7a32CuZ8x41FdKvxziiMw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="f46d0438eb9df6feb1051c93e2ba"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/yeRaDczjPiKeksre1vbNjhwwZ6g>
Cc: draft-ietf-rtcweb-stun-consent-freshness <draft-ietf-rtcweb-stun-consent-freshness@ietf.org>, rtcweb-chairs@ietf.org, "draft-ietf-rtcweb-stun-consent-freshness.shepherd" <draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-rtcweb-stun-consent-freshness.ad" <draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org>
Subject: Re: [rtcweb] Stephen Farrell's Discuss on draft-ietf-rtcweb-stun-consent-freshness-15: (with DISCUSS and COMMENT)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Aug 2015 17:39:44 -0000
On Wed, Aug 5, 2015 at 10:06 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Hiya. > > On 05/08/15 16:00, Eric Rescorla wrote: > > On Wed, Aug 5, 2015 at 6:06 AM, Stephen Farrell < > stephen.farrell@cs.tcd.ie> > > wrote: > > > >> Stephen Farrell has entered the following ballot position for > >> draft-ietf-rtcweb-stun-consent-freshness-15: Discuss > >> > >> When responding, please keep the subject line intact and reply to all > >> email addresses included in the To and CC lines. (Feel free to cut this > >> introductory paragraph, however.) > >> > >> > >> Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html > >> for more information about IESG DISCUSS and COMMENT positions. > >> > >> > >> The document, along with other ballot positions, can be found here: > >> > https://datatracker.ietf.org/doc/draft-ietf-rtcweb-stun-consent-freshness/ > >> > >> > >> > >> ---------------------------------------------------------------------- > >> DISCUSS: > >> ---------------------------------------------------------------------- > >> > >> > >> > >> Apologies that these discuss points are maybe asking > >> fairly fundamental questions. That could be that this > >> is really the first of the new security things required > >> by rtcweb to get to the IESG. Or maybe I'm misreading > >> stuff here, if so, sorry;-) > >> > >> (1) Why call this "consent?" That term is (ab)used in > >> many ways on the web, and adding another variation > >> without a definition that distinguishes this from "click > >> ok to my 200 page anti-privacy policy" or "remember that > >> example.com is allowed use my camera/mic" seems like a > >> terrible idea. I also don't see how this can ever be > >> something to which a normal person can "consent" (i.e. > >> consciously agree while fully understanding) so the term > >> is IMO very misleading, and will I fear be used to > >> mislead further. (See also some of the comments below - > >> I do not think we ought be as fast and loose with this > >> aleady terribly badly used term.) To summarise: I'd love > >> if you did s/consent/anything-else/g but if not, please > >> define consent here in a way that clearly and > >> unambiguously distinguishes this usage from other abuses > >> of the term. > >> > > > > You should probably propose a new term at this point. > > Really? Happy to try (and fail:-) How'd "willing to take > rtcweb traffic" work? I suspect it wouldn't though. > > But I'm not clear if you're agreeing that that term > is problematic or just asking me to suggest something in > the hope I realise the futility of what I'm requesting? Maybe something between the two. > > I'm not sure what you mean by "OK" and "require". > > The physics of the > > situation > > is that if you want to do a call between two people not on the same > network, > > then you minimally need STUN. > > Sure. But if they're on the same n/w? Do we agree that > in that case, there shouldn't be a need for a new STUN > or TURN server in the call? Yes. > And that if this draft meant > such a server was needed even in that case, then that'd > be an issue? Yes, I think it shouldn't require that. > If you want it to (almost) always work you > > need TURN. This isn't a spec requirement but just a result of the network > > topology. As far as I know, the specs don't require that the site supply > > a STUN/TURN server and the implementations don't either, but I'm not > > sure what else you're looking for. > > So one non-inevitable consequence of the how this draft > is written is that the STUN/TURN server gets to know the > call duration. This isn't correct. The STUN server doesn't know and the TURN server only knows if the relay candidate is slected. > That could have been avoided I think if > some other design had been chosen. Part of my question > then is why exposing that additional meta-data to a server > that most users won't know exists, and that is likely > controlled by some entity the user has no clue is even > involved in their calls, is acceptable. I don't understand what you are concerned about here. >> (3) (end of p5) You have a MUST NOT here that is > >> depenedent on current browser implementations. Why is > >> that an IETF thing and not a W3C thing? But more > >> interestingly, can one securely use this protocol > >> without the kind of JS vs. browser sandboxing etc that's > >> needed in the web? If the answer is "no" then don't you > >> need to say that this protocol can only safely be used > >> for such implementations? (In section 2, which almost > >> but not quite says that.) > >> > > > > This is just only relevant in this case. It doesn't apply to non-JS > > implementations. > > Not sure I'm following. Are you saying that this protocol > would be safe even if there wasn't the split between JS > and non-JS code running on the browser? If so, that's good. > I'm saying that the primary concern of this document is that attackers will force people's Web browsers to spam other people with RTP traffic and that that isn't as big an issue in non-Web contexts, which is why we don't do continuing consent for (say) SIP + ICE. -Ekr > Cheers, > S. > > > > > -Ekr > > > > ---------------------------------------------------------------------- > >> COMMENT: > >> ---------------------------------------------------------------------- > >> > >> > >> - abstract: why is only sending "media" mentioned here? > >> What about data channels? And the body of the document > >> in fact says this all applies to any non-ICE data and > >> not only media. > >> > >> - intro: "initial consent to send by performing STUN" I > >> do not find the word consent in either rfc5245 or 3489, > >> but perhaps it is used somewhere else. Where? And with > >> what meaning? > >> > >> - section 4, 2nd last para - I think the conclusion is > >> bogus. An implementation knows when the keying it's > >> using can not involve >1 (nominally operating) party. > >> > >> - 5.1, 3rd para: "Explicit consent to send is > >> obtained..." is misleading. That is not a concept that > >> an implementation of STUN will embody. > >> > >> - 5.1, What is the "Note" about TCP for? Why is this > >> needed? > >> > >> > >> _______________________________________________ > >> rtcweb mailing list > >> rtcweb@ietf.org > >> https://www.ietf.org/mailman/listinfo/rtcweb > >> > > >
- [rtcweb] Stephen Farrell's Discuss on draft-ietf-… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Christer Holmberg
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Eric Rescorla
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Eric Rescorla
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Eric Rescorla
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Eric Rescorla
- [rtcweb] TURN permissions for private ips (was: R… Philipp Hancke
- Re: [rtcweb] [tram] TURN permissions for private … Simon Perreault
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Alissa Cooper
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti
- Re: [rtcweb] [tram] TURN permissions for private … Simon Perreault
- Re: [rtcweb] [tram] TURN permissions for private … Eric Rescorla
- Re: [rtcweb] [tram] TURN permissions for private … Philipp Hancke
- [rtcweb] Stephen Farrell's Discuss on draft-ietf-… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Muthu Arul Mozhi Perumal
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Christer Holmberg
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Christer Holmberg
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Xavier Marjou
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Alissa Cooper
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] [tram] TURN permissions for private … Emil Ivov
- Re: [rtcweb] [tram] TURN permissions for private … Jonathan Lennox
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti
- Re: [rtcweb] [tram] TURN permissions for private … Martin Thomson
- Re: [rtcweb] [tram] TURN permissions for private … Jonathan Lennox
- Re: [rtcweb] [tram] TURN permissions for private … Roman Shpount
- Re: [rtcweb] [tram] TURN permissions for private … Martin Thomson
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti
- Re: [rtcweb] [tram] TURN permissions for private … Emil Ivov
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti
- Re: [rtcweb] [tram] TURN permissions for private … Emil Ivov
- Re: [rtcweb] [tram] TURN permissions for private … Pal Martinsen (palmarti)
- Re: [rtcweb] [tram] TURN permissions for private … Emil Ivov
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Tirumaleswar Reddy (tireddy)
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Martin Thomson
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Muthu Arul Mozhi Perumal
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti
- Re: [rtcweb] [tram] TURN permissions for private … Cullen Jennings
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti