IETF Logo Mail Archive

Re: [clue] Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)

Christer Holmberg <christer.holmberg@ericsson.com> Sun, 02 December 2018 11:32 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: clue@ietfa.amsl.com
Delivered-To: clue@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13E7D130EC2 for <clue@ietfa.amsl.com>; Sun, 2 Dec 2018 03:32:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.759
X-Spam-Level:
X-Spam-Status: No, score=-5.759 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.46, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com header.b=Owr4/Wbr; dkim=pass (1024-bit key) header.d=ericsson.com header.b=aiXF125s
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QGsUdJ3tK8Av for <clue@ietfa.amsl.com>; Sun, 2 Dec 2018 03:32:18 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5A3B4130EC6 for <clue@ietf.org>; Sun, 2 Dec 2018 03:32:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1543750331; x=1546342331; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=LxX87jDOZXvQmpeweRAczbX+bbGhuOVUpZOHCI8lVuk=; b=Owr4/Wbr/38brpHUVl9/zbj0sqr33+mhgOYskzVHqxGez5NDeKNgZFVLMGQQ10WR Mn5wvxMENPy02KX20i2g+N6iMrEDL7MSyfXYA1DOmLpQp9KGoMY129sx8aDQ8Kj4 EnJQ2u9jhdjoyD+ropPvrxdLHwvQoVuRZIv9Y2Mo2dU=;
X-AuditID: c1b4fb3a-45fff70000002747-6f-5c03c2bbadcf
Received: from ESESBMB505.ericsson.se (Unknown_Domain [153.88.183.118]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id E0.49.10055.BB2C30C5; Sun, 2 Dec 2018 12:32:11 +0100 (CET)
Received: from ESESBMR503.ericsson.se (153.88.183.135) by ESESBMB505.ericsson.se (153.88.183.172) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Sun, 2 Dec 2018 12:32:11 +0100
Received: from ESESSMB505.ericsson.se (153.88.183.166) by ESESBMR503.ericsson.se (153.88.183.135) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3; Sun, 2 Dec 2018 12:32:11 +0100
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (153.88.183.157) by ESESSMB505.ericsson.se (153.88.183.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1466.3 via Frontend Transport; Sun, 2 Dec 2018 12:32:11 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LxX87jDOZXvQmpeweRAczbX+bbGhuOVUpZOHCI8lVuk=; b=aiXF125si3C8Pq2Ez139UCm/VdVE24qrEzO19nVzfLpsKMqUnDkfr++rYdJ8TuRn6wCZ+Hl4YCKa1jtXgWdywE6cnIRcSt4yLfQor8KnM94kVyp8EAIgytZNvQ+n7Fbvw1tsZME/FLrvhvV+L3Gfjh0T7meBe78mbJX0GVUV/8k=
Received: from AM6PR07MB5621.eurprd07.prod.outlook.com (20.178.91.14) by AM6PR07MB5687.eurprd07.prod.outlook.com (20.178.86.156) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1404.8; Sun, 2 Dec 2018 11:32:09 +0000
Received: from AM6PR07MB5621.eurprd07.prod.outlook.com ([fe80::a5dd:4302:feec:e113]) by AM6PR07MB5621.eurprd07.prod.outlook.com ([fe80::a5dd:4302:feec:e113%3]) with mapi id 15.20.1382.020; Sun, 2 Dec 2018 11:32:09 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Eric Rescorla <ekr@rtfm.com>, "rohanse2@cisco.com" <rohanse2@cisco.com>
CC: "clue@ietf.org" <clue@ietf.org>, "roni.even@mail01.huawei.com" <roni.even@mail01.huawei.com>, IESG <iesg@ietf.org>, "clue-chairs@ietf.org" <clue-chairs@ietf.org>, "draft-ietf-clue-signaling@ietf.org" <draft-ietf-clue-signaling@ietf.org>
Thread-Topic: [clue] Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)
Thread-Index: AQHUhjdgpUz/KcEeFEiscEBad2aFOqVjunMAgAexAIA=
Date: Sun, 02 Dec 2018 11:32:09 +0000
Message-ID: <1648CE33-0DFB-487A-9C11-F78945F30844@ericsson.com>
References: <154268892146.26648.17870778354406192041.idtracker@ietfa.amsl.com> <6E58094ECC8D8344914996DAD28F1CCD18C762DF@DGGEMM506-MBX.china.huawei.com> <CABcZeBMcQxZuRUFx=tz==C5eCc8zNBrxkKaZfBa+gYnyaV3FOQ@mail.gmail.com> <6E58094ECC8D8344914996DAD28F1CCD18C7B5DE@DGGEMM506-MBS.china.huawei.com> <CABcZeBOPPojS2zsR6uZCagcs7yBBmtMW9rcyPw_gEK44u7GH1w@mail.gmail.com> <b9922f72-932c-a509-95c2-c86765d5ce6d@alum.mit.edu> <CABcZeBNb4nG7U9KdMLCT8f4oOYXqWydM_1JQPbfceSu31+Bg1A@mail.gmail.com> <e8a805d2-762d-6cd7-bed5-4518e943453c@alum.mit.edu> <8524dc46c43e4f5084fbbd2e566f9c28@XCH-RCD-016.cisco.com> <CABcZeBNwvzJ98qrCW6tiTozBsKiGJEnVi5MBQz32Udrizp180Q@mail.gmail.com>
In-Reply-To: <CABcZeBNwvzJ98qrCW6tiTozBsKiGJEnVi5MBQz32Udrizp180Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.13.0.181109
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [89.166.49.243]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; AM6PR07MB5687; 6:JABOd9OMaI3GqH4aLy+sAoW1tJyYutKh+9+kfMclGsKaaUcZN9cOS5g6vtUdWu68eHWvQia1UutfC0Hh+EUfmBxciPuTzwPBX+xJ8C4Vlp711jQcWX2cPyAld/5Jm5g5gywdLMFPnJY0ySOfruOZR+gwOUSqRKovpSvhzKTq4ip94pCATeIUoayJ5v8OTWQ6BxBON58tl42M4o3bF4fbHrSZkSCFJHJGabewgWcUoSU4yNcqc2p0WhZ48q505caxDY/btRPiYNiH9MKk7VMPqhBabCrE8UFbJ8Cz1llxVeYfEfEmvYVbkn4j/Q1TvJExYdqVbfD6cxAimEz2/a3QbAGuivlF5A2MvgNUDuRJFAfNyTS1xOtEz7cVjCi+MuMQjOM6kAK2kw1oBTfeF2ttICAlzR9ksW8AzXENCB/q0xHLo6Vjkin0G52D8/yI4fSUe4t9sHs8+Hhsqv16wyJDZA==; 5:BKb7IRUg9HKaGTPRQX07gSzzYWLusrDZUjuWqeby89DiJN7512pueJ7ngAJQ9tmafAO9ALy11DqzZWGIdw3PfCctBLKbjrKY2MvEK/ck0YUrkFuNoXgT5/ODBLXpEL9iDZtRgJ582SquN2++Nh9foAJlj4ufLhUvOXMf+UFlyrI=; 7:NIf2W3mQNzCBgnBo2vQrgVcmARumz1AGe0rmsiMulDEG5rCQ8mCBEwOyo21fLm2YoqCa5Fj+xQCyoc7mH1iSkMdZBDY+sPdVh7JMfvbeS1EAziWUQpgNpXU/HdLeICz1isQIUjCYcahT3p1Ag9Vzjw==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: f9cd1178-b52d-4a42-0e12-08d65849cbea
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390098)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:AM6PR07MB5687;
x-ms-traffictypediagnostic: AM6PR07MB5687:
x-microsoft-antispam-prvs: <AM6PR07MB568771F9140E8A42DE5DF8D393AD0@AM6PR07MB5687.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(3231455)(999002)(944501488)(52105112)(3002001)(10201501046)(148016)(149066)(150057)(6041310)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123558120)(201708071742011)(7699051)(76991095); SRVR:AM6PR07MB5687; BCL:0; PCL:0; RULEID:; SRVR:AM6PR07MB5687;
x-forefront-prvs: 087474FBFA
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(136003)(39860400002)(346002)(396003)(376002)(13464003)(189003)(199004)(66066001)(6436002)(3846002)(6486002)(446003)(606006)(99286004)(2501003)(229853002)(6246003)(4326008)(11346002)(6116002)(14444005)(256004)(93886005)(105586002)(81156014)(81166006)(8936002)(58126008)(86362001)(316002)(8676002)(76176011)(14454004)(54906003)(106356001)(33656002)(53546011)(36756003)(110136005)(186003)(26005)(6506007)(82746002)(966005)(44832011)(2906002)(68736007)(5660300001)(102836004)(83716004)(97736004)(478600001)(7736002)(486006)(71200400001)(71190400001)(25786009)(53936002)(2616005)(6512007)(476003)(6306002)(236005)(54896002); DIR:OUT; SFP:1101; SCL:1; SRVR:AM6PR07MB5687; H:AM6PR07MB5621.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: R84jwvw+G2pqznMbdFgA/T3CxAZsl9u0q/N1krzTqTwFBvhgxDMsJ5LWDY948YRxKG8ZkzebR77B1hvljbJnsYfFr/JpzjvFr/j0bFHgUZgW8ixf7ArFatl4dkZoroGleEqYlAygZPgYhGRBqQ6tb8ewyxSfD0zuWTnaxn/s8UIIDiXoFZPLvCqgGBaxesz3XQVQvBmGIwlVqpYD0JYchA1iuXUyTNNwylCQkxL8IAlX6iX1QmAaAIWUwgB4pUHvXZwQecfkjrqYNaFZoxgw5L5NjHISOdKNxxvqAU9bhpjb6uWad5+OzEtYvmw45q0brGyFmqLUUCyZYS7etHPbq2o0whXH2DBF9CrlUqDrJvk=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_1648CE330DFB487A9C11F78945F30844ericssoncom_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f9cd1178-b52d-4a42-0e12-08d65849cbea
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Dec 2018 11:32:09.5694 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR07MB5687
X-OriginatorOrg: ericsson.com
X-Brightmail-Tracker: H4sIAAAAAAAAA02Sa0gUURTHuXNndselheuWeVAq2oLSyk0LmiwshXRBjEqSMKM2ndR8srOZ lh82SkklNStKMbVceogUabn2wtxSUDBXl/ygPTTXLDSzh5aYW44zhd/+//P/nXvOvVwWa/oY LzYx1cQbUw3JWoWKLt1nzVj32IZj1l99vZmbKLEouKZ2B+a+dNdR3K2Rl0ruyu/zmPv2Z1zJ Oc/8wtuV+ovT9xi9xTJF6Rvr+xn9hcFcvIuOVm2N45MTM3ijLuiQKuFjtY1KP+NAmYU3axkz snagfMSyQDZCc+GKfKRiNeQFgoqRQSyZCQSjI1PK/2amp5WRTDUFtjctCtHQpBjDq7NDMlZM wdn6HzI2gKDhci0lTlEQDgpca/KRG7uIhMPMnS5aZDCZRNDYNMSIwUJyGHpb82kJioWcZ1Oy DoS63MtYPIcmK+FcyTKxrCbb4Ppbszz4NgN9NgslBm5kN3S+LVOKGpHF8LO9dq6OiSf0Oivn NBACliedWNIe8GnQNbeDB9FBTnuR3GuAppp+mVkOHWMDcu8S6K4sQOJgID0KGDZXKaVgHYxf uiQ3REDhuyFGguwInMMuGfKFye9XkKSTIM9Sj4uRf9m8BSUdC09v1OCyuZu6Q1upky6bfQBM fODuI52ELIeLBQNKSa+GnPKrstaDtdBKz2eqEFuDPAReEFLiAwL8eGNirCCkpfql8qY6NPvl mu9PBzai5uFgGyIs0i5QB9/BMRrGkCFkpdgQsFi7SB16n4rRqOMMWSd4Y9pB47FkXrAhb5bW eqpDjnDRGhJvMPFJPJ/OG/+lFOvmZUZ5Dx3WjtEHmyoaNJVNITtWFa/P7vlCHxwdPL3dQ7d2 Q19Heosq6oPdXpNodujCd24Jx3tcjsh3D54ndB1oC2qIN1WHDYxFhWX6+3RGmiqLcpxtocfL eRd5Ofy+a2+63VvNL7V7CyctX0uPq7rcI9xCssl05OTna7q8/aPdR6NPaWkhweDvi42C4S98 p35qbgMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/clue/iIFqhfdgFgnyCtG-PHr8fQ3cMZU>
Subject: Re: [clue] Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)
X-BeenThere: clue@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CLUE - ControLling mUltiple streams for TElepresence <clue.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/clue>, <mailto:clue-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/clue/>
List-Post: <mailto:clue@ietf.org>
List-Help: <mailto:clue-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/clue>, <mailto:clue-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Dec 2018 11:32:22 -0000

Hi,

Would requiring SRTP be an option? Note that CLUE has been adopted (many years ago) in environments where usage of DTLS-SRTP is not defined.

Regards,

Christer

From: clue <clue-bounces@ietf.org> on behalf of Eric Rescorla <ekr@rtfm.com>
Date: Tuesday, 27 November 2018 at 17.12
To: Robert Hansen <rohanse2@cisco.com>
Cc: "clue@ietf.org" <clue@ietf.org>, Roni Even <roni.even@mail01.huawei.com>, "iesg@ietf.org" <iesg@ietf.org>, "clue-chairs@ietf.org" <clue-chairs@ietf.org>, "draft-ietf-clue-signaling@ietf.org" <draft-ietf-clue-signaling@ietf.org>
Subject: Re: [clue] Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)


On Tue, Nov 27, 2018 at 1:55 AM Rob Hanton (rohanse2) <rohanse2@cisco.com<mailto:rohanse2@cisco.com>> wrote:
We did have specific protections as mandantory to use in earlier drafts. From version 05:

   ... discussion of video hammer attack ...
   This attack can be prevented by ensuring that the media recipient
   intends to receive the media packets.  Because of the way that CLUE
   can increase the severity of this attack, as well as because of the
   general increased awareness of the need to secure critical payloads,
   a CLUE-capable device MUST secure all CLUE-controlled RTP "m" lines
   using SRTP [RFC3711], and MUST support and use key negotiation and
   receiver intent assurance via DTLS [RFC5763] on these "m" lines.  For
   backwards compatibility, this is not a mandatory requirement for non-
   CLUE-controlled "m" lines.

https://datatracker.ietf.org/doc/draft-ietf-clue-signaling/05/?include_text=1

This was then changed in version 06 and onwards following the discussion at IETF 92 and later where there was opposition to making the use of DTLS/SRTP mandatory to use. If I recall the two major concerns people had were:
1) This prevents implementations using a superior mechanism should one be developed

I don't think this is a real objection, If a new mechanism should be developed, then presumably it would also be documented in an RFC and we could update this one.

2) This prevents two devices from the same vendor using some alternate means of authentication (potentially proprietary) that would reduce the need for DTLS/SRTP
(Minutes: https://datatracker.ietf.org/doc/minutes-92-clue/ )

It's not a matter of authentication. It's a matter of path validation. For instance, if you were to have a situation where you had a cryptographic key but it did not have an interactive handshake, that would not provide the correct function. By contrast, ICE would.


So while everyone agreed that DTLS/SRTP should be mandatory to implement so it was always available, consensus ended up being removing the requirement to use DTLS/SRTP and instead having more generic language:

   This attack can be prevented by ensuring that the media recipient
   intends to receive the media packets.  As such all CLUE-capable
   devices MUST support key negotiation and receiver intent assurance
   via DTLS-SRTP [RFC5763] on CLUE-controlled RTP "m=" lines.  All CLUE-
   controlled RTP "m" lines must be secured and implemented using
   mechanisms such as SRTP [RFC3711].  CLUE implementations MAY choose
   not to require the use of SRTP to secure legacy (non-CLUE-controlled)
   media for backwards compatibility with older SIP clients that are
   incapable of supporting it.

https://datatracker.ietf..org/doc/draft-ietf-clue-signaling/?include_text=1<https://datatracker.ietf.org/doc/draft-ietf-clue-signaling/?include_text=1>

Yes, but the problem is that this doesn't require any kind of consent validation at all, which creates an unacceptable amplification risk.

It seems to me that there are a number of options here:

1. Require DTLS-SRTP
2. Require ICE
3. Require *some* path-validating consent mechanism

However, just leaving the amplification attack does not seem OK.

-Ekr



All drafts have always had an exception for non-CLUE-controlled lines for backwards compatibility.

Rob

-----Original Message-----
From: Paul Kyzivat <pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>>
Sent: 26 November 2018 19:49
To: Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>>
Cc: Roni Even <roni.even@huawei.com<mailto:roni.even@huawei.com>>; IESG <iesg@ietf.org<mailto:iesg@ietf.org>>; Daniel Burnett <danielcburnett@gmail.com<mailto:danielcburnett@gmail.com>>; clue@ietf.org<mailto:clue@ietf.org>; roni.even@mail01.huawei.com<mailto:roni.even@mail01.huawei.com>; clue-chairs@ietf.org<mailto:clue-chairs@ietf.org>; draft-ietf-clue-signaling@ietf.org<mailto:draft-ietf-clue-signaling@ietf.org>
Subject: Re: Eric Rescorla's No Objection on draft-ietf-clue-signaling-14: (with COMMENT)

On 11/25/18 2:29 PM, Eric Rescorla wrote:
>
>
> On Sun, Nov 25, 2018 at 9:35 AM Paul Kyzivat <pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>
> <mailto:pkyzivat@alum.mit.edu<mailto:pkyzivat@alum.mit.edu>>> wrote:
>
>     On 11/25/18 8:14 AM, Eric Rescorla wrote:
>      >
>      >
>      > On Sat, Nov 24, 2018 at 9:41 PM Roni Even (A)
>     <roni.even@huawei.com<mailto:roni.even@huawei.com> <mailto:roni.even@huawei.com<mailto:roni.even@huawei.com>>
>      > <mailto:roni.even@huawei.com<mailto:roni.even@huawei..com> <mailto:roni.even@huawei.com<mailto:roni.even@huawei.com>>>> wrote:
>      >
>      >     Hi,____
>      >
>      >     The point that is made that in general CLUE is similar to no CLUE
>      >     RTP media calls. The difference is that since the EP may open
>     more
>      >     than one RTP video channel there is a greater risk of sending
>     more
>      >     media to the victim.
>      >
>      >
>      > Yes, but in order to have a useful countermeasure, that needs to be
>      > mandatory, and yours is not.
>
>     But one of the goals of clue is to be backward compatible with regular
>     sip calls. If we impose constraints on the media over and above those
>     required for regular sip calls then we lose that.
>
>
> ISTM that that's already not true for these media flows, because 4..4.1
> requires them to be inactive and you need to use an SCTP/DTLS control
> channel to negotiate them.
> What I'm saying is that those other flows should also have a consent
> check

I was more concerned with the basic audio and/or video in the initial invite, before it is known whether the answerer supports clue. I don't have a particular problem with putting further restrictions on the clue controlled media.

        Thanks,
        Paul

v2.23.0 | Report a Bug | By Email