Re: [MMUSIC] Bundling data channel and RTP? - Text proposal - Second try
Christer Holmberg <christer.holmberg@ericsson.com> Fri, 12 June 2015 11:54 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AF1E1A90E5 for <mmusic@ietfa.amsl.com>; Fri, 12 Jun 2015 04:54:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xjXZiexqNs9I for <mmusic@ietfa.amsl.com>; Fri, 12 Jun 2015 04:54:53 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 578C21A90E2 for <mmusic@ietf.org>; Fri, 12 Jun 2015 04:54:52 -0700 (PDT)
X-AuditID: c1b4fb3a-f79ec6d000006dc0-fe-557ac88afde3
Received: from ESESSHC012.ericsson.se (Unknown_Domain [153.88.253.125]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id CE.FB.28096.A88CA755; Fri, 12 Jun 2015 13:54:50 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.72]) by ESESSHC012.ericsson.se ([153.88.183.54]) with mapi id 14.03.0210.002; Fri, 12 Jun 2015 13:54:50 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: mmusic <mmusic@ietf.org>
Thread-Topic: [MMUSIC] Bundling data channel and RTP? - Text proposal - Second try
Thread-Index: AdClBipG7UfqYMuMRya9DuFvp6kbcw==
Date: Fri, 12 Jun 2015 11:54:49 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D8BF21F@ESESSMB209.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.17]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpjkeLIzCtJLcpLzFFi42KZGfG3VrfrRFWowZcvehZf3jeyWBzc7Gex daqQxbUz/xgtpi5/zGKxYsMBVouGjVdYLWZcmMrswOHR+mwvq8ff9x+YPHbOusvusWBTqceS JT+ZPFacn8nicWtKQQB7FJdNSmpOZllqkb5dAldGR+9h5oJrmhUNfR/ZGxjPaHQxcnJICJhI XGg/xQphi0lcuLeerYuRi0NI4CijxNS9M6CcxYwSM57OB3I4ONgELCS6/2mDNIgIyEjs3bSZ GaSGWeAvs8S99sNsIAlhgWCJxldXGCGKQiQ+XWiAsvUk5k/oBbNZBFQlri6+xARi8wr4SnTf v88MYjMCXfH91BqwOLOAuMStJ/OZIK4TkFiy5zwzhC0q8fLxP1aQeyQEFCWW98uBmMwCmhLr d+lDdCpKTOl+yA4xXVDi5MwnLBMYRWYhGToLoWMWko5ZSDoWMLKsYhQtTi0uzk03MtJLLcpM Li7Oz9PLSy3ZxAiMuINbflvtYDz43PEQowAHoxIPr4JtVagQa2JZcWXuIUZpDhYlcd4Zm/NC hQTSE0tSs1NTC1KL4otKc1KLDzEycXBKNTAudu9pvNjBUDTX//i1shdOKtlvWFPucP1d75kl ev7g+lUT9LMcZX2sbxofucwRn3lz/ZGHP1keHHHiPKuheWfbL/WwnLgvezXyWIyntEYFK+X6 zbh0vVdZYOuzz9zrnYVFTs5cZVT98a9JrJ31FcfT/S/iGZS057CEXJoqocetrmCmWRDa+0WJ pTgj0VCLuag4EQAIR+MimQIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/1kStrP2rc8bvkNcy0Pqq0uEtyIs>
Cc: "pkyzivat@alum.mit.edu" <pkyzivat@alum.mit.edu>
Subject: Re: [MMUSIC] Bundling data channel and RTP? - Text proposal - Second try
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jun 2015 11:54:54 -0000
Hi,
Based on the input from people, I suggest the following text for the new 'DTLS Considerations' section:
-------------
12. DTLS Considerations
One or more media streams within a BUNDLE group might use the
Datagram Transport Layer Security (DTLS) protocol [RFC6347] in order
to encrypt the data, or to negotiate encryption keys if another
encryption mechanism is used to encrypt media.
When DTLS is used within a BUNDLE group, the following rules apply:
o There can only be one DTLS association [RFC6347] associated with
the BUNDLE group;
o Each usage of the DTLS association within the BUNDLE group MUST
use the same mechanism for determining which endpoints (the
offerer or answerer) becomes DTLS client and DTLS server; and
o If the DTLS client supports DTLS-SRTP [RFC5764] it MUST include
the 'use_srtp' extension [RFC5764] in the DTLS ClientHello message
[RFC5764], The client MUST include the extension even if the usage
of DTLS-SRTP is not negotiated as part of the session.
NOTE: The inclusion of the 'use_srtp' extension during the initial
DTLS handshake ensures that a DTLS renegotiation will not be required
in order to include the extension, in case DTLS-SRTP encrypted media
is added to the BUNDLE group later during the session.
------------
Regards,
Christer
-----Original Message-----
From: mmusic [mailto:mmusic-bounces@ietf.org] On Behalf Of Christer Holmberg
Sent: 31. toukokuuta 2015 10:03
To: Roman Shpount
Cc: mmusic@ietf.org; pkyzivat@alum.mit.edu
Subject: Re: [MMUSIC] Bundling data channel and RTP? - Text proposal
Hi,
>>> I would suggest "use_srtp" extension must always be enabled for DTLS session used in bundle.
>>
>> Assuming SRTP is supported, I assume. If a node doesn't support SRTP
>> to begin with, or if an application is never going to offer (or
>> accept if offered) SRTP, I guess there is no reason to mandate "use_srtp".
>>
>> Now, there are statements in RFC 5764 saying e.g.:
>>
>> "This extension MUST only be used when the data being transported is RTP or RTCP [RFC3550]."
>>
>> That of course makes sense for a non-BUNDLE DTLS connection, but I
>> wonder whether we somehow explicitly need to say that it doesn't apply for BUNDLE?
>
> Another big question how would current browser implementations handle
> a DTLS connection without "use_srtp" extension. I have a strong
> suspicion that DTLS session setup will fail without this extension present.
>
> I think, WebRTC enabled browsers currently export SRTP key material
> during session setup even if no SRTP traffic is ever sent or received
> by this connection and fail the entire connection if key export fails.
> This, most likely, can be modified to only export SRTP key material
> when SRTP session is actually created and defining some sort of fall
> back procedure when a media track is actually added to a connection without "use_srtp" (either failure or require renegotiation with new transport).
Anyone from the browser community that can comment on this?
> To conclude, the group can either decide that all DTLS sessions in
> bundle should be setup with "use_srtp" extension and keep the current
> implementations working as they are currently coded, or allow not to include this extension and fix the implementations.
Currently, I am not aware of any scenarios where people would use BUNDLE without SRTP - or at least using clients that wouldn't support SRTP.
But, as the current trend seems to be to put more and more protocols on DTLS, I think one can assume that there will also be use-cases without SRTP in future.
Regards,
Christer
_______________________________________________
mmusic mailing list
mmusic@ietf.org
https://www.ietf.org/mailman/listinfo/mmusic
- Re: [MMUSIC] Bundling data channel and RTP? - Tex… Christer Holmberg
- Re: [MMUSIC] Bundling data channel and RTP? - Tex… GUBALLA, JENS (JENS)
- Re: [MMUSIC] Bundling data channel and RTP? - Tex… Christer Holmberg
- Re: [MMUSIC] Bundling data channel and RTP? - Tex… Schwarz, Albrecht (Albrecht)
- Re: [MMUSIC] Bundling data channel and RTP? - Tex… Christer Holmberg