►
From YouTube: IETF92-RTCWEB-20150326-1740
Description
RTCWEB meeting session at IETF92
2015/03/26 1740
A
A
So
basically
we
had
the
things
in
blue
up
here.
The
things
that
we've
got
left
a
little
agenda
bash.
We
have
working
group
last
call
resolutions,
it's
basically
all
the
security
issues
so
a
little
bit.
It's
probably
gonna
be
like
20
minutes
for
us,
and
then
we
have
three
other
drafts
to
discuss
and
I
guess
Ted,
you
ask
you
said
we
were
going
to
swap
some
orders
and
now
I
can't
remember
what
we
were
in
a
swap
or
20,
suggesting.
A
A
Alright,
so
without
further
ado,
Martin
is
here
right:
excellent
I
uploaded
the
version
you
sent
me
the
link
to
Martin,
so
I
guess.
Basically
what
happened
was
we
put
the
security
arts
draft
out
of
working
group
out
of
the
working
group
with
the
ad,
and
then
we
found
some
oops?
We
need
to
pull
it
back,
so
these
are
the
beginnings
of
looking
at
them.
I
just
want
to
point
out
also
that
Bernard
took
all
of
the
open
issues
that
he
was
aware
of
what
he
went
through
the
list
and
put
in
the
issue
tracker.
A
C
A
C
Next-
let's
just
all
right,
so
it
was
observed
that
we
don't
actually
tell
people
what
hash
algorithm
to
use
for
the
a
vehicle
fingerprint
line.
So
I
am
going
to
suggest
that
we
mandate
the
use
of
shower
256
and
allow
people
to
use
char
one
for
the
for
the
near
future,
though
I
recommend
that
we
get
it
in
our
heads
that
we're
going
to
turn
this
off
at
some
time
in
the
in
the
near
future.
C
E
F
F
F
C
H
C
G
D
G
G
If
we're
going
to
operate
with
older
versions,
we
have
to
be
able
to
at
least
for
some
reasonable
period
both
except
in
generate
sha-1
generate
yeah,
because
it
because
o,
because
those
things
take
shower
right,
900,
x
and
by
the
way
and
by
the
way,
like
yeah,
I,
they're,
probably
gonna,
require,
by
the
way
some
modification
in
the
JavaScript
to
like
strip
out,
probably
sure
brother
Raju
2610
bet.
People
won't
handle
multiple
fingerprints
very
well,
but
that's
at
least
JavaScript
fix.
So
no
big
deal
right
on
yeah.
D
G
G
On
a
collision
in
the
full
certificate,
well
in
it,
so
the
self-signed
certificates
right
a
collision
would
not
be
sufficient,
because
why
would
you?
Because,
because
why
would
you
generate
two
certificates
with
the
same
digest,
different
keys?
How
will
be
incented
yet
so
in
order
how
collision?
What
you
would
need
would
be
a
context
in
which
you're
using
a
certain.
G
Know
what
ways
that
wait,
a
second
the
zone,
so
in
this
case
right
the
person
who's
producing
the
fingerprint,
is
the
person
who
made
the
server
right.
So
a
collision
attack
requires
making
to
search
with
making
intrusion
at
the
same
time
with
the
same
fingerprint
right
and
so
since
you're
the
person
doing
that.
Why
would
you
produce
one
that
to
the
delighted
so
something?
The
only
case
I
can
think
of
the
relevant
would
be
one
in
which
someone
which
you're
using
third-party
issued
certs
and
you
just
and
someone
somehow
convince
a
third
party.
G
D
E
So
back
to
some
of
the
logic
that
Eric
was
starting
on,
which
is
there's
the
stuff
you
have
to
be
able
to
validate
right,
and
so
the
legacy
guys
probably
going
to
send
your
shell
one.
So
you
really
must
be
able
to
validate
them.
You
if
we're
going
to
say
that
shot
256
is
what
you
should
use
by
default.
You
have
to
be
able
to
elevate
that
as
well,
and
so
the
only
remaining
question
is:
should
you
force
people
to
validate
sha-512
or
should
it
should
be
something
lower
right?
E
C
G
D
G
Invalidate
right
and
and
in
terms
of
the
interview
profile
for
older
things,
that's
got
to
be
shot
one
for
now
and
I,
don't
see
how
we
can
get
around
requiring
that
if
you
want
to
work-
and
so
maybe
the
future
shy
when
we
really
busted
and
we'll
hope,
you'll
stop
accepting
it,
but
hopefully
we'll
have
enough
warning
that
people
can
upgrade
their
other.
Their
legacy
endpoints,
but
I,
just
I,
just
like
I,
would
prefer
respective
Jays
only
them.
G
I
G
I
was
it
if
we
can
make
it
I'm
saying
if
we
can
convince
ourselves
that
we
convince
ourselves
that
there
was
only
a
finite
amount
of
legacy
equipment
and
that
that
could
somehow
be
fixed.
You
know
I'd
be
willing
to
convention
schedule
for
deprecating
sha-1,
but
I
mean
I
again
like
absent
any
again.
Mr.
presenter
research
obsolete
any
evidence
of
a
pre
image
or
an
analysis
source
of
collision
as
a
problem.
In
this
case,
I,
like
like
I,
feel
like
maybe
a
little
premature
to
be
like
trying
to
deprecate
shot
one
all.
H
H
H
H
C
Think
I
think,
for
the
purposes
of
this
we're
going
to
have
to
pick
one
because
that's
how
certificates
work
and
we
have
chosen
sha256
if
anyone
out
there
is
validating
sha-1
and
expects
that
to
also
be
the
same
hash,
that's
used
in
the
generation
in
the
creation
of
a
signature
on
the
certificate
boom
and
I'm
not
going
to
be
all
that
said
about
that.
So
we.
A
H
C
We
don't
actually
okay,
so
just
again
take
a
step
back.
The
signature,
that's
on
the
certificate
that
we
present
in
here
is
completely
immaterial.
The
only
question
is
whether
or
not
someone's
actually
doing
unnecessary
validation
on
that
certificate
and
choking
as
a
result
of
what
it
sees.
That's.
Alright,
if
there's
md
2
in
the
certificate,
I
propose
we
accept
it
so
I
I
guess
here's
we
can
you.
G
Know
sure
here's
just
result
this,
so
is
it.
I
postulate
that
nobody,
in
fact,
in
force
of
this
rule
about
the
hash
hours
would
be
the
same,
and
so,
unless
somebody
tells
me,
unless
I
here
pretty
soon
that
they
that
they,
that
someone-
that's
not
the
case,
I
pros,
we
said
we
were
wrong
and
then,
and
that
would
leave
you
so
Riley
you
still
can,
even
if
even
if
the
rule
remains
youth
during
multiple
certificates,
just
be
a
pansy
ass
right.
How.
C
G
Sorry,
the
need
for
I've
posed,
I've,
Rosalie,
relax
or
restriction
on
having
to
have
different,
haven't
had
the
same
algorithm
and
we
on,
and
we
remain
mostly
silent
about
what
what
the
surface
should
be
signed
with,
but
both
I
mean
I,
say
repose
sha256
it
should
be,
but
like
they
also
you're,
not
supposed
to
check
out
or
something
yeah,
although
maybe
I'd
be
willing
to
say
you
should
check
it
to
be
reasonably.
Modern
cuz
like
putting
in
like
md2
would
not
be
really
good.
That's.
D
D
H
G
D
A
C
J
That
this
is
the
logic
of
the
same
hatch.
Rule
in
sdp
right
use
the
same
hash
two
to
generate
the
fingerprint
in
sdp,
as
you
did
in
the
certificate
itself,
so
you
only
need
to
know
one
hash
function.
If
you
can't
read
it
out
of
the
SDP,
then
you
won't
be
able
to
understand
it
in
the
certificate
anyway.
J
I
Look
I
mean
we
need
to
go
play
with
this
entice
a
little
bit
cone
jetting
start
as
an
individual
contributor
I,
but
I
mean
if
we're
going
to
break
backwards,
compatibility
with
equipment
that
correctly
implements
the
rfcs
that
we've
published
without
believing
that
we
need
to
go
and
update
those
rfcs
to
fix
them.
I'm
going
to
complain
like
the
app
for
no
security
gain
that
just
doesn't
sound
right
to
me.
So
I
mean
I'm
game
to
fix
this
and
make
sure
that
we
have
it
right.
Okay,.
I
G
G
A
C
Well,
we
will
do
that
and
and
I
do
actually
have
a
draft
updating
the
April
fingerprint
doc
that
deals
with
the
issue
of
hash,
agility
and
and
and
this
certificate
issue.
So
I
can
resurrect
that
and
send
us
a
list.
If
that's
what
people
want
right,
this
one's
fun
I
can
go
through
the
long
explanation
on
this
one
Oh.
C
Apart
from
them,
I
will
be
going
with
most
emotional
work,
something
unsend
at
the
list.
There
are
a
few
of
us
who
have
the
state
in
their
heads.
Okay,
so
Magnus
noted
this.
This
issue,
I,
don't
know
if
Magnus
was
paying
attention
to
the
blogs
and
various
other
things
at
the
time
that
he
was
away,
but
this
turned
out
to
be
a
bit
of
a
who
are
on
the
on
the
internet,
and
people
got
really
excited
a
bit
about
this
exact
issue
and
we
have
a
bug.
That's
quite
kind
of
interesting
to
read.
C
C
Maybe
we
fail
to
document
it.
Maybe
maybe
that's
true.
Maybe
that's
an
action
that
we
have
to
take
out
of
this
notice.
My
proposal
doesn't
actually
suggest
that
we
do
nothing.
The
concern
risers
are
arises
from
out
of
two
things.
People
are
concerned
that,
if
they're
using
a
VPN
for
privacy
purposes
we're
like
spraying,
their
IP
addresses
all
over
the
Internet
and
exposes
Lant
apology,
even
users
who
aren't
concerned
about
using
these
VPN
devices.
C
The
concern
is
that
the
browsers
are
unable
to
properly
distinguish
between
what
is
a
network
where
the
topology
should
be
hidden
and
a
network
that
where
the
topology
is
simply,
you
know
how
the
topology
is,
and
people
who
are
on
say
a
normal
VPN
really
do
want
in
a
lot
of
situations
to
be
able
to
use
their
local
network
to
make
their
phone
calls
and
and
what
not
and
don't
want
to
pay
the
price
of
trombone
that
all
of
their
media
traffic
all
the
way
back
back
home.
So
we
have
a
problem
and
the
other.
C
The
other
point
here
that
has
been
made
a
number
of
point,
the
number
of
times
that
people
seem
to
not
appreciate
very
well
is,
if
you
actually
care
about
your
privacy,
you
actually
have
to
take
considerably
more
steps
than
just
turning
on
a
VPN.
People
don't
realize
this,
but
you
know
when,
when
people
shipped
or
they
turn
off
things
like
web
RTC
right
because
they
understand
exactly
this
sorta
and
they
turn
off,
JavaScript
I
mean
yeah.
C
K
I
think
the
thing
that
we
missed
in
the
first
go-round
on
this,
our
only
I
missed,
is
a
you
know.
We
all
kind
of
knew
that
the
local
addresses
would
be
service
to
the
browser,
but
it
wasn't
aware
of
the
fact
that,
if
you're
in
a
multi-homed
case
or
I
can
have
multiple
active
routes
that
you
can
actually
you
know,
send
stun
out
that
second
route.
You
know
the.
K
What
we
did
in
chrome
to
solve
this
was
basically
have
a
mode
where,
when
you
bind,
you
don't
bind
every
interface,
you
just
bind
to
the
any
address,
and
so
you
can
still
get
stung
candidates.
Just
fine.
You
took
a
turn
candidates,
just
fine,
but
don't
have
to
limit
yourself
to
just
turn
candidates.
It's
just
yeah.
You
don't
give
out
any
look.
K
Like
he's
and
don't
give
out
anything
else
that
wouldn't
be
found
through
going
to
the
default
route,
and
so
what
I
would
suggest
that
this
document
is
that
the
solution
that
if
people
agree
this
is
a
good
solution,
we
kind
of
document.
This
isn't
like
you
know.
If
you
know
there
are
trade-offs,
but
if
this
is
something
you
want
to
sort
of
optimized,
for
this
is
the
approach
that
we
recommend
all.
A
L
Ahead,
sorry,
oh
hi,
to
all
this
trouble
just
mention
that
in
the
report
I
have
seen
this
one
single
VPN
product
for
the
mac
that
causes
the
causes.
The
local
address
to
be
revealed.
I
have
not
seen
it
happened
with
any
any
other
way.
P
answer
that
it's
nice
to
be
in
a
place
where
people
don't
go
in
a
wild
panics
about
this.
G
Had
the
right
to
take
on
this
bit,
we
are
on
so
my
comic.
My
slightly
more
concrete
version
of
us
disposal
is
which
is
docking
with
the
sis
dative
plight
and
document
what
you
could
do
in
order
in
order,
if
you
wish
to
care
about
this
and
say
browsers,
may
wish
to
supply
some
mode,
which
you
get
into
an
unspecified
way
that
odd
that
that
behaves
the
way
Justin
Justin
between
on
on
that
I
realized.
That
will
not
please
all
the
people
who
wish.
G
We
would
not
wish
me
to
turn
off
web
RTC
of
a
default,
but
those
people
are
not
going
to
get
what
they
want.
The
one
thing
I
would
also
mention
is
color
mention
this
to
me
privately.
Is
that
on
most,
my
understanding
is
that
most
organizations
care
a
security
and
run
VPNs
also
strongly
disagreeing
these
on.
These
don't
want
VPNs,
and
so
we
really,
I
think
we
I
mean
if
we
can
find
some
guidance.
G
D
B
Rt
is
an
individual
contributor.
I
am
generally
okay
with
the
idea
of
making
this
a
descriptive
text.
I
am
concerned,
however,
and
I
don't
care
whether
we
deal
with
it
here
or
in
the
web
RTC
context
about
making
this
something
that
the
user
has
to
to
find
the
invisible
control
for
on
page
three
of
the
about
colon
thing,
and
so
it
would
suggest
that,
as
part
of
this
text,
we
say
here
example
cases
where
it
should
be
the
default.
B
K
Would
Justin
Bieber
I
think
I
just
been
a
lot
careful
about
that?
You
know
that
I
think
the
notion
of
private
browsing
is
that
you
leave
no
trace
not
that
you're
not
identified
two
websites
fact
even
says
something
like
that
when
you
go
into
incognito
mode
and
I
just
you
know,
we
shouldn't
overstate
kind
of
what
incognito
mode
actually
does
you're,
not
invisible,
I!
Think
it's
fine.
If
you're
using
liked
or
something
else,
we
were
explicitly
privacy-preserving
but
like.
Let's
not
overload
the
meaning
of
like
incognito.
G
So
I
mean
we
sort
of
bandied
about
one
point,
actually
suggesting
a
standardized
affordance
for
the
VPN
to
tell
you
like,
you
should
kick
yourself
into
this
mode.
I,
don't
think
we
should
I.
Don't
think
about
is
easier
standardized
that,
but
that
such
a
thing
but
like
if,
if
someone
came
up
with
some
importance
for
that
that
made
some
sense,
I
think
we
do
going
to
listen
to
it,
but
I
don't
know
to
do
with
that.
Right.
G
B
Tetra
deacon,
I
I
understand
the
concern
that
Justin
raises
I.
However,
I
think
that
this
actually
is
sort
of
a
broad
question
of
when
somebody
is
making
use
of
one
of
these,
and
you
have
this
sort
of
weird
you're
leaking
things
you
would
not
necessarily
expect
and
clearly,
when
you're
browsing
even
in
incognito
mode,
you
know
you
are
leaking
the
IP
address,
from
which
you
are
browsing,
that
there's
kind
of
no
way
around
that
right
leaking
other
addresses,
some
of
which
may
give
a
great
deal
more
information
in.
B
In
this
context,
I
think
means
that,
if
we're
not
going
to
have
a
relatively
clear
affordance
to
say,
here's
how
you
turn
this
on,
then
we're
going
to
have
to
infer
it
in
some
way
and
if
he's
opposed
to
inferring
it
on
cool,
then
I
think
we
should
send
a
message
over
to
our
brethren
and
WebRTC
that
we
would
like
an
affordance
to
this.
So.
I
The
next
thing
I'd
like
to
mention
is
that
if
you
expect
privacy
you're
going
to
have
to
be
running
an
application
inside
of
your
JavaScript
here,
that
is
focused
around
providing
you
privacy
and
that
application
can
easily
strip
any
address,
as
it
feels
are
inappropriate.
It
could
remove
all,
but
the
turn
addresses
so
the
application
itself
can
do
this.
It's
just
not
the
browser's
going
to
guarantee
it
for
you
at
all
and
I,
don't
I,
don't
think
this
is
what
private
browsing
mode
was
was
meant
for
it
all
to
respond
to
that.
I
In
fact,
one
of
the
you
know
biggest
use
cases
of
WebRTC
that's
actively
deployed
today
involves
us
something
that's
mostly
done
in
private
browsing
mode.
It.
You
know
these
web
interface
things.
So
the
dolt
can't
find
it
right
so
I
and
it's
not
it's
not
linked
to
that
type
of
privacy.
So
I
just
don't
think
do
that.
M
M
You
really
need
I
mean
if
those
people
are
concerned
about
that,
you
steal
them
towards
something
like
tor
browser
that
is
going
to
sort
of
take
care
of
all
that
for
them,
because
having
users
try
to
piecemeal
this
together
is
giving
them
a
gun
without
any
instructions,
not
even
telling
which
end
is
dangerous
and
Sango
all
right.
We're
going
to
show
the
last
word.
K
K
You
know,
makes
WebRTC
kind
of
hurts
the
brand,
so
I
think
that
you
know
making
this
have
a
standardized
way
to
do
it
and
making
it
rap
promote
prominent
impress
is
a
good
way
of
doing
it,
doing
it
incognito
mode,
I,
don't
think
it's
a
good
idea,
because,
like
the
fact
that
you're
going
to
be
trombone
routing
when
you're
in
incognito
mode
versus
like
in
normal
browsing,
that's
hard
to
explain
to
people
those
type
of
behavioral
differences
or
not,
what
one
would
expect
yeah.
That's
it.
H
H
But
anyway
so,
but
I
think
you
know,
I
think
you
know
also
the
you
know
the
application
can
do.
It
answer,
isn't
the
right
answer,
because
the
threat
model
here
is
the
hostile
javascript
that
calls
create
pure
connect
or
calls
crate
offer
in
order
to
enumerate
your
local
IP
addresses
it's
not.
This
is
not
you're
trying
to
use
an
application
that
provides
privacy,
it's
you're,
hitting
some
random
web
page.
H
H
N
Joe
Hall
CT
I
still
don't
understand
web
RTC
I'm.
Sorry.
So
I'm
going
to
say
some
nice
stuff
right
here.
I
think
what
you're
seeing
in
the
internet
wars
on
this
particular
topic
are
you
can
land
on
a
page
that
has
no
indicia
of
being
a
signaling
server?
Maybe
that's
the
right
word
or
whatever.
That
throws
some
javascript.
That
then
exposes
that
you
know
folks,
like
us,
go
to
some
great
lengths
to
make
sure
the
FBI
has
to
do
some
pretty
crazy
stuff
to
get
access
to
your
to
local,
IP
and
stuff,
like
that.
So.
H
O
E
B
G
Be
satisfactory
to
me
the
satisfaction
Justin
so
what's
right,
and
so
so
I
think
what
what
let
me
try,
John
I
think
Justin
described
pretty
accurately
what
you
would
do.
If
you
heard
about
this
and
then
we
should
say
describe
that
text
say
we
don't
recommend
using
kind
of
VPNs
with
that
said,
browser
supply
to
go
forward.
This
is
anything
Justin's
are
set.
A
C
A
E
I
went
back
over
the
list
there,
a
couple
others
I,
don't
know
that
we
have
to
go
through
all
of
them,
but
basically
there
was
one
issue
on
srt
p.m.
ki,
and
I
think
everyone
agreed
that
nobody's
implementing
this
in
WebRTC
do
not
use,
but
it's
not
in
a
draft.
So
we
should
say
that
I
think
there
was
another
one.
E
E
E
L
L
I'm,
not
counting
minor
and
textual
clarifications
that
I'm
just
doing
because
Magnus
review
this
stuff.
Thank
you
and
that
these
are
actual
technical
changes.
Seven
to
eight
next
slide,
HTTP
proxy
had
the
reference
for
HTTP
connect,
saying
yeah,
you
should
support
this
and
that
it
has.
Instead
a
reference
to
draft
ITF
HTTP
be
a
channel
protocol.
L
That
means
that
it
should
be
a
shorter
and
care.
What
exactly
does
it
also
downgrades
the
requirement
to
am
a
with
the
based
on
the
discussion
at
the
previous
IDF
that
more
or
less
cited
said?
Well,
all
the
browsers
are
going
to
do
it
for
commercial
reasons
and
that
we
shouldn't
force
everyone
to
do
it
so
may,
but
I
messed
up
the
edit
I
lost
a
couple
of
references
to.
L
L
So
transport
07
indicated
that
there's
a
mandatory
configuration
that
says
all
the
video
is
bundled
in
one
transport.
All
the
audio
is
bundle
in
another
transport
and
all
the
data
is
bundled
somewhere
else,
since
Jason
doesn't
offer
a
way
to
get
there.
We
shouldn't
make
it
mandatory,
so
I
changed
it.
P
My
name
is
Wesley,
I
mean
I
I
do
like
that
prod,
actually,
because
I
think
it
has
some
usage
when
you're
trying
to
apply
a
flow
based
us
on
it.
However,
and
I
think
it's
actually
this
decision
here
to
make
about
it's
not
about
which
spec
you
want
to
change,
we
actually
specifying.
Yes,
if
I
we
do
it
or
are
we
removing
it
from
transporter?
P
D
L
The
by
media
type
is
yeah
or
we
lose
the
ability
to
mandate
that
all
browsers
be
able
to
do
this.
The
draft
still
says
that
it
may
do
this,
and
the
reason
for
the
change
was
I
raised
this
on
the
mailing
list.
I
got
comments
from
acre
and
from
Justin
saying
that
this
is
the
way
they
thought
it
should
be.
No
other
comments
where
a
season
list,
so
I
acted
as
acted
in
the
assumption
that
this
represents
the
consensus.
H
Jonnicks
I
mean
my
impression
was
mostly
from
talking
to
Peter,
rather
than
actually
reading
it
is
that
they're,
the
one
dot
are
one
that
one
AP
is
will
have
AP
is
that
can
support
multiple
bundle?
Groups
10
well,
not
so
defer
to
one
that
one
I
think
it's
useful
feature,
but
not
a
you
know
a
world
breaking
future
if
it's
not
present
so
one
that
one
seems
to
get
find
ways
to
do
it.
I.
L
O
Peter
Thatcher,
so
there
are
two
separate
things
here.
One
is
what
the
policy
does
when
it,
when
you
call
create
offer
what
sdp
it
spits
out,
and
the
second
thing
is
what
sdp
is
allowed
in
set
locals
that
remote.
So
if
we
allow
multiple
bunder
groups,
inset
remote
and
you
can
still
have
bundled
over
up
audio,
bundled
over
one
transport,
nvidia
bundled
over
another
transport,
regardless
of
the
policy
issue.
I
S'ok
on
jen's
I
mean
my
understanding
is
if
we
sent
it-
and
this
is
building
just
what
you
said.
Basically
there.
What
Peter
said
of
you
know
if
you
get
an
offer
coming
in,
that
supports
multiple
bundle
groups,
you
know,
bundle
supporting
bundle
requires
you
to
be
able
to
support
that,
and
we
would
expect
something
reasonable
to
happen,
including
the
possibility
of
negotiating
all
those
from
us.
So,
from
a
transport
point
of
view,
we
can
clearly
have
more
than
one
bundle
and.
L
That
this,
the
decision,
I
heard
in
the
room
now
yesterday
when
we
discuss
bundle,
was
that
it
was
allowed
specifically
on
a
question
from
our
friends
at
Mozilla
to
reject
all.
But
one
bundle
group
and
I'm
happy
with
the
revisit
that
one.
But
what
yeah,
except
the
hemlines,
but
except
only
one
bundle
group
right.
I
So
I
don't
think
there
was
ever
a
decision
consensus
on
yesterday.
That
was
where
the
discussion
was
going,
which,
which
seems
to
be
a
reasonable
thing,
but
it
was
certainly
also
be
possible
for
them.
I
thought
we're
discussing
today
for
them
to
when
they
got
this
offer
and
from
some
nom
no
RTC
device
that
had
multiple
ones,
they
may
reject
all
the
bundles.
They
may
accept
one
of
the
bundles
they
may
accept
more
than
one
of
the
bundles
right.
I
That's
what
was
the
discussion
I
think
everybody
was
on
at
least
agreement
of
that
there
was
disagreement
of
whether
there
was
api's
that
would
cause
you
to
create
multiple
bundles
in
a
browsers
I'm,
leaving
that
issue
alone
right
now,
because
I
don't
think
I
was
anything
to
do
with
transport
yeah,
but
so
I
think
transport
certainly
has
to
allow
for
more
than
one
bundle.
Yes,.
L
P
Yeah,
my
name
is
wisdom.
Yeah
I'm
fine
with
that,
as
long
as
it's
possible
and
I
think,
but
that
possibility
certain
degree
needs
to
be
reflected
up.
The
stack
assembly,
sufficient
degree.
I
would
say
that
you
actually
have
shared
some
chance
of
actually
using
this
I
mean
yes,
I
can
understand
if
some
implementation
at
this
point
doesn't
support
it,
but.
G
G
The
way
you
suggest
here,
namely
audio
one
trench
in
one
below
group
and
video
and
open
a
group
on
you,
could
accept
that
regardless
of
what's
among
the
policy
you've
been
set
for,
was
correct
because
it
only
affects
bungo,
only
not
the
bundle
group
assignments,
and
so
the
I
think
they're.
Quite
so
so
so
it
certainly
ought
to
be
the
case
that
browsers
should
be
allowed
to
it.
G
But
its
efficiency
on
the
relevant
question
for
me
is
on,
should
the
do.
We
need
API
surface
for
the
offer
to
control
bundler
group
assignment
and
that's
where
we're
going
to
ground
their
day
and
as
I
understood.
Cohen's
argument
was
that
the
process
that
because
bundle
groups,
are
tied
to
transport
parameters
and
because
so-and-so
our
cost
per
settings?
If
you
have
different
or
qua
settings-
and
you
must
have
a
necessity-
a
different
metric,
but
that
correct
I.
I
I
We
have
agreement
in
the
working
group
to
add
that
we
don't
have
a
pull
request
because
we
were
waiting
for
the
doohickeys
to
get
in
first
before
we
could
send
the
pull
request.
It
was
one
of
the
driving
cases
for
adding
the
doohickeys,
but
you
know
yes
we're
going
to
have
a
pull
request
on
that
right.
No,
we
don't
have
that.
G
Maybe
we
do
I
hate
this
separately,
but
I'm
just
trying
and
trying
to
put
my
head
around
it.
This
interaction,
because,
presumably
what
would
happen
I
mean
if
that
say
we
had
a
pull
request
for
that.
Would
I
be
able
to
frog
the
priority
settings
after
the
connection
was
set
up
and
without
requiring
negotiation
too
deep,
bungle
things.
What
would
our
set
right
say?
We
have
everything
bungled
in
one
group
and
then
I
say
well,
actually
audience
really
high
and
visually
your
low.
G
I
K
Yeah
just
inferred
yeah
I'm,
just
really
I
could
point
that
sort
of
makes
some
sense,
but
it's
a
sort
of
implicit
API.
They
were
saying
like
d,
bungalow
or
bangla
these
things
based
on
something.
That's
not
just
about
bundling
and
like
my
main
concern
here.
Is
that
or
any
API
surface?
That's
not
as
simple
as
a
policy.
You
know
we've
talked
about
well,
you
know
you
can
bungle
audio
and
video
separately
and,
like
that,
make
some
sense,
but
you
know
kung
collins
also
talked
about
you
know.
K
This
sort
of
notion
of
I
want
to
send
thumbnails
in
one
bundle
and
main
video
another
bundle,
and
so,
like
I,
think
the
API
surface
going
to
be
much
more
detail
here
than
any
simple
policy
setting.
So
I
think
we
could.
You
know
for
the
one
point
out
of
things.
We
can
still
have
a
lot
of
things
still
to
figure
out
in
this.
My
general
feeling
is
that
we
should
just
tolerate
whatever
we
receive,
but
what
we
generate
should
be
very
simple.
B
M
O
Peter
Thatcher
I
was
just
going
to
point
out
that
in
the
w3c
world
this
could
all
be
solved
not
with
a
policy
but
rather
with
RTP
sender,
dot
set
transport
because
then
the
JavaScript
could
do
whatever
it
wants
arranging
the
different
things.
And
if
you
were
crazy,
you
could
even
make
that
fire
on
negotiate
needed
in
a
bundle
groups
appear,
but
it
would
be
effectively
one
method
that
would
be
very
flexible
rather
than
a
complicated
policy.
That's
one
possibility.
L
Thank
you
I
think
the
conclusion
from
the
discussions,
as
far
as
we
have
a
conclusion
is
that
this
that
the
text
in
dash
08
seems
to
say
roughly
what
we
wanted
to
say,
but
that
there's
a
huge
amount
of
of
uncertainty
and
people
need
to
go
back
and
read
jsf
and
transport
and
bundle
all
at
the
same
time
and
suggest
changes
on
lists
by
the
way
this
draft
is
now
on.
Github
get
up
is
a
very
fine
place
for
suggesting
text.
I
mean
many.
People
have
figured
out
how
to
suggest
text
and
get
up.
L
L
Okay,
next
slide:
okay,
srip
DTRS
over
ice
five
doubles.
This
is
just
after
reading,
through
the
dtls
document
and
the
dtls
srtp
document
and
seeing
what
text
they
used.
I
came
up
with
a
following
and
notes
to
add
to
the
text
basically
saying:
btls
srtp,
as
defined
in
RFC
55-7
64
defines
protection
of
data
carried
over
a
single
UDP
source
and
destination
port
here
in
the
context
of
using
eyes,
the
term
singing
UDP,
source
and
destination
port
pair
needs
to
be
understood
as
a
single
eyes
component,
as
defined
in
RFC
552
425.
L
K
K
E
What
Justin
said,
in
addition
right
realize
single
eyes
component
is
only
one
side
of
it
and
if
you
have
working
this
doesn't
work
spoki.
Well
that
if
you
have
forking,
then
you
have
multiple
ice
transports
right,
we're
all
with
the
same
component,
because
the
component
only
refers
to
the
offer
right
now:
components.
E
L
A
O
So
Keith
dry
here
I
just
wanted
to
express
a
concern
that
you're
inviting
the
entire
IETF
discussion,
apparently
to
go
to
get
up
when
the
official
means
of
communication
is
the
IETF
released
or
the
list
for
this
working
group.
So
at
least
issues
of
a
discussion
nature
should
make
their
way
in
some
form
to
the
RTC
web
working
group
list.
Not
just
hide
on
get
up.
D
A
A
M
J
Slides
are
going
to
look
really
familiar
to
a
lot
of
people,
so
return.
Five
is
the
same
as
return
for,
but
it's
got
new
figures.
It's
a
little
bit
easier
to
understand.
It's
a
little
bit
clearer
and
it
has
this
nice
extra
discussion
about
handling
these
multi-tenant
cloud
turn
servers,
which
is
an
interesting
use
case,
and
thanks
very
much
Don
Johnston
and
John
Yoakam
food
did
a
very
detailed,
thorough
review
to
help
with
this
next
ok.
So
this
is
the
same
as
always.
The
turn
serve
is
normally
configured
by
the
web
page.
J
Oh,
and
it
looks
like
this-
is
just
this
should
look
familiar,
you
get
a
host
candidate.
Maybe
you
get
a
server
reflexive
candidate.
If
you're
going
to
relay
candidate
from
the
turn
server,
you
speak
different
protocols
to
them,
so
we
actually
have
this
requirement
in
what
is
now
actually
an
RFC
that
the
enterprise
turn
servers
have
to
be
somehow
integrated
into
WebRTC,
but
we've
never
actually
clarified
how
their
integrated
return
is
designed
to
pin
down
exactly
what
it
is
that
you're
supposed
to
do.
J
If
you
happen
to
find
yourself
with
an
enterprise
turns
over
so
we
have.
This
is
a
these
figures
are
basically
Alan
Alan's
figures
adapted
from
from
ascii
art
format,
into
slide
format,
so
suppose
that
you
had
a
turn
server.
That
was
somehow
in
the
basically
in
the
DMZ
we'll
call
this
a
border
turn
server.
It's
it's
somehow
associated
with
your
network
border
stuff.
Then
you
could
get
a
candidate
on
it.
J
Potentially,
if
you
knew
about
it-
and
it's
marked
as
I've
mark
it
here
as
a
border
candidate,
we've
somehow
gotten
it
from
this
turns
over,
but
next
slide.
We
don't
know
what
to
do
with
it.
But
we
might
really
want
to
use
it
because
in
some
cases
the
firewall
will
actually
block
all
of
the
traffic
that
you
wanted
to
use
to.
The
application
turns
over,
for
example,
or
to
use
the
server
reflexive.
J
So
on
those
networks
where
the
where
the
network
operator
has
blocked
UDP
in
general,
but
has
it
has
allowed
it
to
authorized
users
via
the
enterprise
turn
server,
maybe
for
quality
of
service
reasons.
Who
knows
we
would
like
to
be
able
to
use
that
candidate
so,
but
to
do
that
we
need.
We
need
some
idea
on
what
to
do
with
it.
Currently,
we
can't
even
assign
it
a
type
because
we
don't
have
any
standards
to
define
how
to
handle
such
a
thing.
J
So
to
be
clear,
this
is
not
just
taking
that
turn
server
and
dumping
it
into
the
list
of
turn.
Servers
along
with
the
application
turn
server.
Instead,
it's
a
little
bit
like
a
VPN.
It's
a
lot
like
a
proxy,
so
next
slide.
So
if
you,
if
you
think
of
that
as
a
proxy,
then
what
you
actually
want
to
do.
Is
you
want
to
open
that
port
and
treat
it
as
a
host
port
on
a
new
virtual
interface
represented
by
that
turn
server?
J
You
might
even
want
to
do
stun
over
that
interface,
although
in
most
cases
that's
actually
redundant,
you
don't
really
want
to
do
that,
but
maybe
you
do
it
and
you
just
it's
irrelevant,
doesn't
hurt
and
you
most
importantly,
want
to
connect
through
to
the
application
provided
turn
server
in
case.
The
application
really
needs
you
to
be
running
through
that
turn
server,
for
example,
because
it's
trying
to
hide
your
identity
from
the
other
person
that
you're
talking
to
or
again
for
quality
of
service
or
routing
control
reasons.
J
In
order
to
do
this,
you
need
a
double
turn
connection,
you're,
actually
tunneling
a
turn
connection
to
the
application
turn
server
through
the
enterprise
turns
over
and
as
there's
no
problem
with
that
that
doesn't
require
any
change
to
turn.
It
just
is
a
strategy
that
the
client
needs
to
use
if
it
finds
itself
in
this
case
next,
so
we
call
this
a
proxy.
It's
very
analogous
to
the
classic
kind
of
web
proxies
that
we're
used
to
I'm,
not
talking
about
the
like
awful
inline
proxies
that
are
messing
with
your
traffic
I'm.
J
Talking
about
the
auto
discovered
proxies
like
the
things
you
find
in
the
web
proxy
auto
discovery
protocol,
which
has
been
around
since
nineteen,
ninety
nine
or
the
things
that
the
user
configures
the
door
operating
system
or
something
okay.
Next,
so
right
so
like
this
is
what
an
HTTP
HTTP
proxy
looks
like
it
lives
in
the
DMZ.
You
somehow
find
out
about
it
through
some
auto
discovery
protocol.
J
Your
traffic
is
actually
addressed
to
that
proxy
and
you
speak
some
protocol
to
it
to
make
it
make
connections
on
your
behalf
and
that's
exactly
what
we're
talking
about
here
for
turn,
the
only
difference
is
TCP
versus
UDP.
Basically,
so
there's
one
interesting
case
that
that
Alan
and
John
found
what
we
were
talking
about
this.
What
if
hypothetically
your
application
were,
had
a
contract
with
a
cloud
turned
server
provider?
That
was
providing
their
turns
over
and
wanted
all
traffic
to
go
through.
J
J
That's
right,
I!
Guess
you
could
do
other
interesting
things.
So
so
we
thought
about
this
and
decided
you
actually
next
slide.
You
actually
do
have
to
go
through
twice,
and
the
reason
that
you
have
to
go
through
twice
is
that
the
potentially
the
authorization
is
independent
for
these
two
things,
and
you
can
imagine,
for
example,
a
cloud
provider
giving
statistics
back
to
the
back
to
the
people
who
are
paying
for
the
traffic.
C
J
I
I
Scram
auto-discovery,
okay,
so
I.
I
do
not
think
it's
possible
to
analyze
the
security
property
disease
and,
more
specifically,
whether
this
is
going
to
be
used
to
man
in
middle.
My
traffic,
which
is
a
major
concern
in
the
security
and
analysis
of
security
documents
of
ITF
and
so
I,
do
not
want
us.
I
think
that
that
issue
needs
to
be
answered
in
a
concrete
way
in
the
documents
before
I
can
decide.
Whether
I
think
that
we
should
reference
this
document
or
not.
I
J
I
O
K
I
think
we
could
talk
I
think
we
could
talk
about.
You
know
how
auto-discovery
works
and
kind
of
security
documents,
but
as
ben
says,
this
is
really
orthogonal
to
that.
This
is
saying:
if
we,
finally,
these
things,
here's
what
we
do
with
it
I
think
we
should
treat
that
separately
and
sigh
as
working
away
from
if
you'll
be
following
these
things.
Is
this
the
right
way
to
handle
it.
H
I
In
something
that
may
allow
random
people
at
the
starbucks
demand
in
the
middle
all
my
traffic
now,
the
proxy
pac
file
is
somewhat
different
if
we
said
that
that
was
going
to
be
the
method
we
used
for
this,
and
we
also
described
mine
its
second
question,
which
is
how
do
we
get
the
credentials
to
use
these
servers,
which
I
got
a
complete
blow
off
answer?
Oh,
you
just
use
the
enterprise
potentials
anything.
How
does
that
really
work
in
practice?
We're
going
to
need
a
lot
more
specific
than
that
I.
D
Alan
Johnson,
so
this
is
really
just
about
how
we
can
get
to
turn
servers
in
a
given
into
a
single
candidate
Billy
and
make
it
work,
and
we
need
that
to
happen.
Otherwise,
when
we
get
behind
an
enterprise
system,
WebRTC
is
not
going
to
work
very
well,
and
this
is
the
solution
for
that
and
if
there
are
security
issues,
we
need
to
work
through
some
of
those,
but
also
point
out
that
this
is
for
cases
where
people
control
the
network.
D
B
D
B
Keep
going
back
died
right
there
we
go
so
as
I
understand
it.
The
border
turned
proxy.
There's
that
there's
a
now
invisible
dot
that
represents
the
border
turn
proxy,
which
is
now
forwarding
the
the
traffic
through
to
the
turn
server
in
the
cloud.
Is
that
correct?
Okay?
So
it's
like
a
miniscule
risking
missing
there,
and
the
theory
is
that
in
this
case
the
relay
to
candidate
is
turn
in
turn
right,
and
so
how
is
it
that
the
browser
and
application
context
know
that
they
are
to
generate
turn
in
turn?
The.
D
J
The
answer
is
that
it
it's
up
to
the
browser
to
determine
what
is
a
trustworthy
mechanism
of
accepting
a
turn
configuration.
For
example,
you
could
imagine
an
a
registry
setting
that
allows
an
enterprise
to
just
exactly
the
same
as
proxy
configuration
to
set
an
operating
system,
setting
that
that
adds
a
turn
proxy
alongside
its
HTTP
proxy,
so
that
UDP
traffic
can
exit
the
network
in
the
same
way
that
allows
TCP
traffic
to
exit
the
network
through
that
age,
Judy
proxy.
So.
J
B
K
B
So
given,
given
that,
let's
assume
that
there's
a
case
here
where
the
so
there
are,
there
are
a
number
of
fragilities
and
introducing
this
in
addition
to
the
potential
optimization.
So
as
I
understand
it,
you
you,
you
believe
that
there
are
going
to
be
enough
cases
here
where
the
NAT
firewall
will
simply
block
the
UDP
outbound
traffic,
unless
it's
going
to
a
turn
server.
That
RTC
will
have
no
effective
candidates,
because
it
won't
even
be
able
to
able
to
reach
the
turn
server
in
the
cloud.
Much
less
be
able
to
send
direct
connect.
B
So
I
understand
that
that's
the
that's
the
the
motivating
example
here,
I
think
the
problem
I
I'm
having
it
and
I
think
maybe
a
generalization
of
the
problem
that
Cullen
raised
is
you
you
can't
solve
that
case
by
introducing
fragility
into
other
cases
and
so
I'm
a
bit
worried
about
the
case
where
somebody
who
has
such
a
setting
starts
to
send
to
turn
and
turn
to
the
turn
server
in
the
cloud
which
then
goes
I
have
no
idea
where
send
they
turn
inside
this
I.
Don't.