Re: [rtcweb] Review request for RTCWeb standard signaling protocol

Randell Jesup <> Wed, 19 October 2011 07:17 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2204E11E8095 for <>; Wed, 19 Oct 2011 00:17:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.549
X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id bN6tdK4sdx0K for <>; Wed, 19 Oct 2011 00:17:56 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 69F0811E8096 for <>; Wed, 19 Oct 2011 00:17:56 -0700 (PDT)
Received: from ([] helo=[]) by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <>) id 1RGQPP-0001wg-8f for; Wed, 19 Oct 2011 02:17:51 -0500
Message-ID: <>
Date: Wed, 19 Oct 2011 03:13:11 -0400
From: Randell Jesup <>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
References: <><><><><><> <> <2E239D6FCD033C4BAF15F3 86A979B F51159950@so> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
Subject: Re: [rtcweb] Review request for RTCWeb standard signaling protocol
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 19 Oct 2011 07:17:57 -0000

On 10/18/2011 10:19 AM, Tim Panton wrote:
> On 18 Oct 2011, at 14:59, Roy, Radhika R USA CIV (US) wrote:
>> Tim:
>> The puzzle is this. The other user may not agree completely with the offer of the first user. Even the other user may agree with a given codec type, he/she may not agree other features including bandwidth of the codec.
>> It simple turns out that a freedom needs to be given for negotiations some-like offer/answer.
> The example I gave had _no_ negotiation, no back and forth, because the application's webserver was
> told all the capabilities in advance, (at login in my example), it simply _decided_ based on
> it's view of the union of the capabilities of the two ends. It then informed them of the choice
> (which may have been asymmetric by the way) and told them to get on with it.
> To the extent that there was a 'negotiation',  it took place in a single thread on the web server,
> with no propagation delays or locks needed.

This example you give raises some security issues based on the current 
proposals.  We require that the user ok access to the camera and 
microphone; this is a call set up "on the fly" with apparently no 
individual certification from the user.

This use-case would require the JS application get pre-authorization of 
media access, before any actual access occurs, and have that access 
persist until <something>, across multiple individual connections.

So is this outside of the current security model, since it seems to 
bring in a number of new requirements?  To support this, we would need:

1) pre-authorization of camera/mic access
2) authorization continues until a particular active state with the 
server ends (leaving the game)

This could be handled most simply by considering this to be a single 
'call' to the server, which has a default 'forked' instance answered by 
the server with media 'on-hold'.  This 'call' is also forked by the 
server as needed to other players who happen to be nearby/call/etc. 
Since these are forks of an existing call, no individual authorization 
is required (effectively it's the equivalent to a mesh conference where 
users join and leave over time).  The 'call' ends when the user 
terminates the call to the server.

With that sort of setup, I think we can probably handle it within the 
current security model.  The big thing we would need to make sure of is 
making sure forking is available, and that authorization could occur at 
the start with the server, even if the server doesn't want to actually 
receive media.  (In a push, it could receive and drop media.)

As this is all forking of an initial "call", you can handle it with 
normal forking negotiation.  The server would take the two active 
"calls" from the users, and generate a forked "answer" to each.  It does 
point out that each side thinks it made an offer and the other side 
answered.  It requires the server handle the answer generation correctly 
in order to give a proper answer that will match what the device it's 
masquerading as will be ok with.

> Offer - Answer really only crops up because there is a requirement (which I personally put very low on our priorities) to be able
> to interop with legacy video phones without  needing a media gateway.

I do not see that as the reason for offer-answer semantics; and I don't 
know that we can meet that requirement thus far - and which requirement 
from the use-case document covers this?  What exactly does it require?

Randell Jesup