Presentation is loading. Please wait.

Presentation is loading. Please wait.

RTCWEB STUN Usage for Consent Freshness and Session Liveness draft-muthu-behave-consent-freshness-01 Authors: D. Wing, Muthu A M. Perumal, R. Ram Mohan,

Similar presentations


Presentation on theme: "RTCWEB STUN Usage for Consent Freshness and Session Liveness draft-muthu-behave-consent-freshness-01 Authors: D. Wing, Muthu A M. Perumal, R. Ram Mohan,"— Presentation transcript:

1 RTCWEB STUN Usage for Consent Freshness and Session Liveness draft-muthu-behave-consent-freshness-01 Authors: D. Wing, Muthu A M. Perumal, R. Ram Mohan, H. Kaplan July 30, 2012 IETF-84 Vancouver, BC, Canada draft-muthu-behave-consent-freshness-011

2 What is “Consent”  Purpose of Consent: avoid denial of service  Consent o Permission to send traffic  Consent freshness o Permission to continue sending traffic  Traffic sender requests consent of the receiver draft-muthu-behave-consent-freshness-012

3 Problem Description (1/3) draft-muthu-behave-consent-freshness-013

4 Our Approach to Consent Use ICE Connectivity Checks – RTCWEB needs ICE anyway – Transaction-ID protects from off-path attackers No longer need ICE ‘indications’ for firewall and NAT keepalives – RFC6263 – Instead, keepalive using connectivity checks – Provides both Consent and “Liveliness” draft-muthu-behave-consent-freshness-014

5 Need WG Feedback on several things 1.Consent with authentication? 2.When to stop sending after no consent? 3.Consent frequency when sending 4.Consent frequency when not sending – (liveliness / keepalive) 5.RTCP 6.APIs draft-muthu-behave-consent-freshness-015

6 1. Consent with authentication Need WG feedback Authentication options 1.STUN Binding method with authentication (SHA-1) – Objection: CPU hit for PSTN gateway, SBC, mixer 1.STUN Binding method without authentication (no SHA-1) – Objection: security is different – Objection: no longer compatible with normal ICE draft-muthu-behave-consent-freshness-016

7 2. When to stop sending Need WG feedback How long to wait for the consent response before stop sending ? o 39.5 seconds using STUN defaults o Based on fixed seconds? o Based on fixed packets per second? o Based on fixed bandwidth? o Based on 3x, 4x previous STUN round-trip time? draft-muthu-behave-consent-freshness-017

8 3. Consent Frequency when Sending Need WG feedback How frequently to request consent when actively sending? Every 5 seconds? Every minute? Every hour? draft-muthu-behave-consent-freshness-018

9 4. Consent frequency when not sending (liveliness / keepalive) Need WG feedback Every 15 seconds – as recommended by RFC6263 Recommend using PCP to reduce frequency? draft-muthu-behave-consent-freshness-019

10 5. RTCP Need WG feedback Get consent for RTCP if on different port? o RTCP is typically rate limited draft-muthu-behave-consent-freshness-0110

11 6. APIs Need WG feedback What APIs do we need? o Consent transaction failed o Set consent frequency (?) o Others? draft-muthu-behave-consent-freshness-0111

12 WG Feedback: Summary 1.Consent with authentication? 2.When to stop sending after no consent? 3.Consent frequency when sending 4.Consent frequency when not sending – (liveliness / keepalive) 5.RTCP 6.APIs draft-muthu-behave-consent-freshness-0112

13 draft-muthu-behave-consent-freshness  Interest in Consent and Liveliness?  Is document going in the proper direction? draft-muthu-behave-consent-freshness-0113

14 End draft-muthu-behave-consent-freshness-0114

15 draft-muthu-behave-consent-freshness-0115

16 Problem Description (2/3)  ICE connectivity checks verify consent only at session establishment  Existing ICE keepalives are one-way o STUN “Indication” o Not confirmed o Not authenticated draft-muthu-behave-consent-freshness-0116

17 Problem Description (3/3)  Related problem: Session liveness o Detect connection failure after session establishment o Optimize consent freshness and liveness tests to avoid sending recurring messages draft-muthu-behave-consent-freshness-0117

18 Design Considerations (1/8)  STUN Binding Request o ICE says MUST use short term authentication o But SHA-1 impacts performance of aggregation equipment (e.g., PSTN gateways, mixers, SBCs)  STUN transaction ID o Uniformly and randomly chosen from the interval 0.. 2^ 96-1 o Good enough for preventing off-path attacks o MUST NOT be chosen or controlled by Javascript draft-muthu-behave-consent-freshness-0118

19 Design Considerations (3/8)  Only obtain Consent when sending traffic o Reduces bandwidth usage o Conserves batteries draft-muthu-behave-consent-freshness-0119

20 Design Considerations (2/8)  ICE requires an agent to be prepared to receive connectivity checks after ICE concludes  So, let’s do ICE connectivity checks for ‘Consent’  Reusing STUN Binding method allows to interoperate with existing ICE/ICE-lite implementations  No need to also perform ICE/RTP keepalive draft-muthu-behave-consent-freshness-0120


Download ppt "RTCWEB STUN Usage for Consent Freshness and Session Liveness draft-muthu-behave-consent-freshness-01 Authors: D. Wing, Muthu A M. Perumal, R. Ram Mohan,"

Similar presentations


Ads by Google