[rtcweb] Single-origin and consent

Randell Jesup <randell-ietf@jesup.org> Thu, 20 October 2011 17:44 UTC

Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 4CF0321F8BB7 for <rtcweb@ietfa.amsl.com>; Thu, 20 Oct 2011 10:44:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.533
X-Spam-Status: No, score=-2.533 tagged_above=-999 required=5 tests=[AWL=0.066, BAYES_00=-2.599]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id ZMZzCM4YA0TK for <rtcweb@ietfa.amsl.com>; Thu, 20 Oct 2011 10:44:44 -0700 (PDT)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com []) by ietfa.amsl.com (Postfix) with ESMTP id A1D6C21F8BE8 for <rtcweb@ietf.org>; Thu, 20 Oct 2011 10:44:44 -0700 (PDT)
Received: from pool-173-49-141-165.phlapa.fios.verizon.net ([] helo=[]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1RGwfb-00086w-F7 for rtcweb@ietf.org; Thu, 20 Oct 2011 12:44:43 -0500
Message-ID: <4EA05CF0.6010904@jesup.org>
Date: Thu, 20 Oct 2011 13:40:00 -0400
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <9C8CA816-65FB-41A0-999C-4C43128CAAB4@danyork.org> <BLU152-W43CB8DACCEA54AA5558B2493EA0@phx.gbl> <E857C96A-0E73-486F-BF23-36BA897B449C@cisco.com> <BLU152-W19B31DA6C6DB2FE60FC51C93EB0@phx.gbl> <CABcZeBNbSk-4kfzNtXUSnFMhkcockTXudAYzEET30a0v+-kxBA@mail.gmail.com>
In-Reply-To: <CABcZeBNbSk-4kfzNtXUSnFMhkcockTXudAYzEET30a0v+-kxBA@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
Subject: [rtcweb] Single-origin and consent
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 17:44:45 -0000

On 10/20/2011 11:36 AM, Eric Rescorla wrote:
> On Thu, Oct 20, 2011 at 7:32 AM, Bernard Aboba
> <bernard_aboba@hotmail.com>  wrote:
>> No, I'm saying that *if* a developer remains within the "single origin"
>> model, that a number of requirements for peer-to-peer operation do not
>> apply.
>> Also that the APIs should also enable media to be sent over a websocket to
>> the "single origin" as well as a PeerConnection.
> I don't think I'm following you're argument. ISTM that there are two
> conditions that one
> might term "single origin":
> 1. Alice and Bob are on the same site (e.g., PokerStars) and are
> calling each other via P2P media,
> 2. Alice and Bob are on the same site and are calling each other
> via media over WS.

I'll add a third: Alice and Bob are on the same site, and are 
participating in a (potentially) multi-person conference run through the 
site, which is acting as a mixer or at least relay.  Media is sent via 
normal PeerConnection channels, encrypted with DTLS-SRTP.  In this 
limited case, each participant is sending media to the same site (*) as 
the JS code is loaded from.

So, the questions here would be
a) can we relax ICE consent checks if the site/app so wishes and
b) should we?

I think we can (if the app tells us to, since it's "same-origin" and the 
app should know), but I'm a little less certain of the "should".  Is 
there an attack wherein someone could 'host' some JS content (app) on a 
site and use it to attack/DoS that site from multiple places?  It seems 
at least plausible.

Randell Jesup