Re: [MMUSIC] Bundling data channel and RTP? - Text proposal - Second try
Christer Holmberg <christer.holmberg@ericsson.com> Fri, 12 June 2015 11:54 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF1E1A90E5 for <mmusic@ietfa.amsl.com>; Fri, 12 Jun 2015 04:54:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xjXZiexqNs9I for <mmusic@ietfa.amsl.com>; Fri, 12 Jun 2015 04:54:53 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 578C21A90E2 for <mmusic@ietf.org>; Fri, 12 Jun 2015 04:54:52 -0700 (PDT)
X-AuditID: c1b4fb3a-f79ec6d000006dc0-fe-557ac88afde3
Received: from ESESSHC012.ericsson.se (Unknown_Domain [153.88.253.125]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id CE.FB.28096.A88CA755; Fri, 12 Jun 2015 13:54:50 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.72]) by ESESSHC012.ericsson.se ([153.88.183.54]) with mapi id 14.03.0210.002; Fri, 12 Jun 2015 13:54:50 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: mmusic <mmusic@ietf.org>
Thread-Topic: [MMUSIC] Bundling data channel and RTP? - Text proposal - Second try
Thread-Index: AdClBipG7UfqYMuMRya9DuFvp6kbcw==
Date: Fri, 12 Jun 2015 11:54:49 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D8BF21F@ESESSMB209.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.17]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpjkeLIzCtJLcpLzFFi42KZGfG3VrfrRFWowZcvehZf3jeyWBzc7Gex daqQxbUz/xgtpi5/zGKxYsMBVouGjVdYLWZcmMrswOHR+mwvq8ff9x+YPHbOusvusWBTqceS JT+ZPFacn8nicWtKQQB7FJdNSmpOZllqkb5dAldGR+9h5oJrmhUNfR/ZGxjPaHQxcnJICJhI XGg/xQphi0lcuLeerYuRi0NI4CijxNS9M6CcxYwSM57OB3I4ONgELCS6/2mDNIgIyEjs3bSZ GaSGWeAvs8S99sNsIAlhgWCJxldXGCGKQiQ+XWiAsvUk5k/oBbNZBFQlri6+xARi8wr4SnTf v88MYjMCXfH91BqwOLOAuMStJ/OZIK4TkFiy5zwzhC0q8fLxP1aQeyQEFCWW98uBmMwCmhLr d+lDdCpKTOl+yA4xXVDi5MwnLBMYRWYhGToLoWMWko5ZSDoWMLKsYhQtTi0uzk03MtJLLcpM Li7Oz9PLSy3ZxAiMuINbflvtYDz43PEQowAHoxIPr4JtVagQa2JZcWXuIUZpDhYlcd4Zm/NC hQTSE0tSs1NTC1KL4otKc1KLDzEycXBKNTAudu9pvNjBUDTX//i1shdOKtlvWFPucP1d75kl ev7g+lUT9LMcZX2sbxofucwRn3lz/ZGHP1keHHHiPKuheWfbL/WwnLgvezXyWIyntEYFK+X6 zbh0vVdZYOuzz9zrnYVFTs5cZVT98a9JrJ31FcfT/S/iGZS057CEXJoqocetrmCmWRDa+0WJ pTgj0VCLuag4EQAIR+MimQIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/1kStrP2rc8bvkNcy0Pqq0uEtyIs>
Cc: "pkyzivat@alum.mit.edu" <pkyzivat@alum.mit.edu>
Subject: Re: [MMUSIC] Bundling data channel and RTP? - Text proposal - Second try
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jun 2015 11:54:54 -0000
Hi, Based on the input from people, I suggest the following text for the new 'DTLS Considerations' section: ------------- 12. DTLS Considerations One or more media streams within a BUNDLE group might use the Datagram Transport Layer Security (DTLS) protocol [RFC6347] in order to encrypt the data, or to negotiate encryption keys if another encryption mechanism is used to encrypt media. When DTLS is used within a BUNDLE group, the following rules apply: o There can only be one DTLS association [RFC6347] associated with the BUNDLE group; o Each usage of the DTLS association within the BUNDLE group MUST use the same mechanism for determining which endpoints (the offerer or answerer) becomes DTLS client and DTLS server; and o If the DTLS client supports DTLS-SRTP [RFC5764] it MUST include the 'use_srtp' extension [RFC5764] in the DTLS ClientHello message [RFC5764], The client MUST include the extension even if the usage of DTLS-SRTP is not negotiated as part of the session. NOTE: The inclusion of the 'use_srtp' extension during the initial DTLS handshake ensures that a DTLS renegotiation will not be required in order to include the extension, in case DTLS-SRTP encrypted media is added to the BUNDLE group later during the session. ------------ Regards, Christer -----Original Message----- From: mmusic [mailto:mmusic-bounces@ietf.org] On Behalf Of Christer Holmberg Sent: 31. toukokuuta 2015 10:03 To: Roman Shpount Cc: mmusic@ietf.org; pkyzivat@alum.mit.edu Subject: Re: [MMUSIC] Bundling data channel and RTP? - Text proposal Hi, >>> I would suggest "use_srtp" extension must always be enabled for DTLS session used in bundle. >> >> Assuming SRTP is supported, I assume. If a node doesn't support SRTP >> to begin with, or if an application is never going to offer (or >> accept if offered) SRTP, I guess there is no reason to mandate "use_srtp". >> >> Now, there are statements in RFC 5764 saying e.g.: >> >> "This extension MUST only be used when the data being transported is RTP or RTCP [RFC3550]." >> >> That of course makes sense for a non-BUNDLE DTLS connection, but I >> wonder whether we somehow explicitly need to say that it doesn't apply for BUNDLE? > > Another big question how would current browser implementations handle > a DTLS connection without "use_srtp" extension. I have a strong > suspicion that DTLS session setup will fail without this extension present. > > I think, WebRTC enabled browsers currently export SRTP key material > during session setup even if no SRTP traffic is ever sent or received > by this connection and fail the entire connection if key export fails. > This, most likely, can be modified to only export SRTP key material > when SRTP session is actually created and defining some sort of fall > back procedure when a media track is actually added to a connection without "use_srtp" (either failure or require renegotiation with new transport). Anyone from the browser community that can comment on this? > To conclude, the group can either decide that all DTLS sessions in > bundle should be setup with "use_srtp" extension and keep the current > implementations working as they are currently coded, or allow not to include this extension and fix the implementations. Currently, I am not aware of any scenarios where people would use BUNDLE without SRTP - or at least using clients that wouldn't support SRTP. But, as the current trend seems to be to put more and more protocols on DTLS, I think one can assume that there will also be use-cases without SRTP in future. Regards, Christer _______________________________________________ mmusic mailing list mmusic@ietf.org https://www.ietf.org/mailman/listinfo/mmusic
- Re: [MMUSIC] Bundling data channel and RTP? - Tex… Christer Holmberg
- Re: [MMUSIC] Bundling data channel and RTP? - Tex… GUBALLA, JENS (JENS)
- Re: [MMUSIC] Bundling data channel and RTP? - Tex… Christer Holmberg
- Re: [MMUSIC] Bundling data channel and RTP? - Tex… Schwarz, Albrecht (Albrecht)
- Re: [MMUSIC] Bundling data channel and RTP? - Tex… Christer Holmberg