[RTW] [dispatch] RTC-Web I-D about interworking between RTC-Web and SIP-RTP

[Markus.Isomaki at nokia.com]

Hi Peter,

I hope I'm answering the right question:

I think something like the STUN connectivity check or authorization is required to be implemented in the browser to prevent the Javascript application from sending RTP or some other UDP data to any arbitrary IP addresses and port. If the browser only allows the sending after a successful connectivity check it can ensure (to some extent) that the other peer also actually wants to receive this traffic. That code needs to reside in the browser so that the browser can act as the gatekeeper.

Markus

From: ext Peter Musgrave [mailto:peter.musgrave at magorcorp.com]
Sent: 09 February, 2011 22:16
To: Adam Roach
Cc: Isomaki Markus (Nokia-CIC/Espoo); rtc-web at alvestrand.no; dispatch at ietf.org; xavier.marjou at orange-ftgroup.com
Subject: Re: [dispatch] [RTW] RTC-Web I-D about interworking between RTC-Web and SIP-RTP

I also agree with the "make RTP just work" - signal where and how you want..

Sorry if I am being dense here - do we not need ICE connectivity checks to finish before RTP can be sent? Or is the point that this will take too long to get into browser code and that ICE in Javascript with STUN in the browser gets rolled out faster?

Peter Musgrave

On 2011-02-09, at 3:07 PM, Adam Roach wrote:


The critical thing seems to be the STUN connectivity check or media authorization part. If we mandate browsers to get that exchange done before they are allowed to generate any RTP packets on behalf of the application, this will ruin the possibility of interop with 99% of existing SIP clients (without some kind of an SBC)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.alvestrand.no/pipermail/rtc-web/attachments/20110209/703d346f/attachment.html>