Re: [rtcweb] Strawman for how to prevent voice-hammer without ICE
Matthew Kaufman <matthew.kaufman@skype.net> Thu, 28 July 2011 17:30 UTC
Return-Path: <matthew.kaufman@skype.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AD4621F8B6A for <rtcweb@ietfa.amsl.com>; Thu, 28 Jul 2011 10:30:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.841
X-Spam-Level:
X-Spam-Status: No, score=-1.841 tagged_above=-999 required=5 tests=[AWL=-0.482, BAYES_00=-2.599, SARE_LWSHORTT=1.24]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WyEXdqc5gyy3 for <rtcweb@ietfa.amsl.com>; Thu, 28 Jul 2011 10:30:40 -0700 (PDT)
Received: from mx.skype.net (mx.skype.net [78.141.177.88]) by ietfa.amsl.com (Postfix) with ESMTP id 8300A21F8B6E for <rtcweb@ietf.org>; Thu, 28 Jul 2011 10:30:40 -0700 (PDT)
Received: from mx.skype.net (localhost [127.0.0.1]) by mx.skype.net (Postfix) with ESMTP id CA6751711; Thu, 28 Jul 2011 19:30:39 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=skype.net; h=subject :mime-version:content-type:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=mx; bh=7r uzpW1QlUwv+gANpR9BFWRSLSs=; b=WFFC8Fg9KsfAFjKDFTSLCKFeqyg+kzxAxC MjTumPtylcej+66d7xubCvq/q4anvHUhjXm9kEmLe0SxvutfjY0UzkpN/ze3vEjw 9N5F5x1LsAxtZevl/yqBWfcHfRaSAiJeHT1dl2TcSX/hKJtgjnW/GnvFv083LsbO vPAwQavPE=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=skype.net; h=subject:mime-version :content-type:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to; q=dns; s=mx; b=BM6D5d8+kAx4czr7oaPK64 WIYld1Jkw2xR+RXLe3dGVWv6VLy5d30glXaoA0fFP31g+vXLwkb/683RRCMtVjxd UIVXLb5e9a7a8Wt7SLTKoMdyiFIxXN4Q78Ufch/OTM1uMAWs32DgqbLEQB5MRzfk 3bK2FgWoB/nSD1nrtl5AY=
Received: from zimbra.skype.net (zimbra.skype.net [78.141.177.82]) by mx.skype.net (Postfix) with ESMTP id C8FC47F8; Thu, 28 Jul 2011 19:30:39 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1]) by zimbra.skype.net (Postfix) with ESMTP id B177A3508145; Thu, 28 Jul 2011 19:30:39 +0200 (CEST)
X-Virus-Scanned: amavisd-new at lu2-zimbra.skype.net
Received: from zimbra.skype.net ([127.0.0.1]) by localhost (zimbra.skype.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YEvCQ8PbypHQ; Thu, 28 Jul 2011 19:30:39 +0200 (CEST)
Received: from dhcp-103b.meeting.ietf.org (dhcp-103b.meeting.ietf.org [130.129.16.59]) by zimbra.skype.net (Postfix) with ESMTPSA id B97FF3508138; Thu, 28 Jul 2011 19:30:38 +0200 (CEST)
Mime-Version: 1.0 (Apple Message framework v1082)
Content-Type: text/plain; charset="us-ascii"
From: Matthew Kaufman <matthew.kaufman@skype.net>
In-Reply-To: <4E31951E.1080108@jdrosen.net>
Date: Thu, 28 Jul 2011 13:30:37 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <92DE2A51-4E57-4B5F-A65A-DAB5C7317D08@skype.net>
References: <B6527F21-4DE2-46B1-AE2E-891D56461313@acmepacket.com> <4E31951E.1080108@jdrosen.net>
To: Jonathan Rosenberg <jdrosen@jdrosen.net>
X-Mailer: Apple Mail (2.1082)
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Strawman for how to prevent voice-hammer without ICE
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Jul 2011 17:30:41 -0000
On Jul 28, 2011, at 12:58 PM, Jonathan Rosenberg wrote: > Let me suggest a variation on this.. > > The rtcweb client can send RTP packet, voice-only, for a brief period of time (say, 2x the RTCP interval). It waits to receive an RTCP packet. The RTCP packet should have an RR which reflects back the SSRC sent by the client, if it does, the rtcweb client continues. If not, it stops sending. > > The purpose of the RTCP SSRC check is to emulate what the STUN transaction ID provides; that there is something on the media path which is expecting this RTP packet. Not as good as STUN which also has the short term credential, but its something. Lacks both the short term credential and is not enough bits to protect against attackers who can generate a flurry of forged RTCP packets. See my previous email. Matthew Kaufman
- [rtcweb] Strawman for how to prevent voice-hammer… Hadriel Kaplan
- Re: [rtcweb] Strawman for how to prevent voice-ha… Matthew Kaufman
- Re: [rtcweb] Strawman for how to prevent voice-ha… Elwell, John
- Re: [rtcweb] Strawman for how to prevent voice-ha… Hadriel Kaplan
- Re: [rtcweb] Strawman for how to prevent voice-ha… Elwell, John
- Re: [rtcweb] Strawman for how to prevent voice-ha… Hadriel Kaplan
- Re: [rtcweb] Strawman for how to prevent voice-ha… Hadriel Kaplan
- Re: [rtcweb] Strawman for how to prevent voice-ha… Jonathan Rosenberg
- Re: [rtcweb] Strawman for how to prevent voice-ha… Hadriel Kaplan
- Re: [rtcweb] Strawman for how to prevent voice-ha… Matthew Kaufman
- Re: [rtcweb] Strawman for how to prevent voice-ha… Matthew Kaufman
- Re: [rtcweb] Strawman for how to prevent voice-ha… Harald Alvestrand
- Re: [rtcweb] Strawman for how to prevent voice-ha… Hadriel Kaplan
- Re: [rtcweb] Strawman for how to prevent voice-ha… Bernard Aboba