IETF Logo Mail Archive

Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt

Roman Shpount <roman@telurix.com> Wed, 24 February 2016 20:48 UTC

Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5A121B3FD3 for <mmusic@ietfa.amsl.com>; Wed, 24 Feb 2016 12:48:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fYOAFtZJW9WF for <mmusic@ietfa.amsl.com>; Wed, 24 Feb 2016 12:48:08 -0800 (PST)
Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93DA31B3F6D for <mmusic@ietf.org>; Wed, 24 Feb 2016 12:48:08 -0800 (PST)
Received: by mail-io0-x231.google.com with SMTP id z135so66536236iof.0 for <mmusic@ietf.org>; Wed, 24 Feb 2016 12:48:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=LyijGFIbFB0uaxkQGn77eFT7ZQtvbB+IFD0vy7SCToI=; b=zRWODBaeQG9XeEy9rcMOq7MaLyWI1YaeIm5D0JjN2ENk+xXkajrVm86Zxi+rctcL3h o+zgiTbdI8xRzfgnyTFbrn6yeLs+s1SEOo62Y5i2ECM9RFFkpk2lWRbhn7ilfaeM53+c v/DiLzPVTLPCMoTPzlyfgEe+Ep60CJ0HNyzs9D2NCMSCq+TtTwz/AWdYopBCMhxHmVIs vcKBrJq9OcYHx2GgBM1IhEOZSBUoiPwUkMkXYD8BVspMztI7N2XWWJGZDkDoeqeWqKmV fZkxWK42NVZTty61LcxoMxqtSscn6oah/rPySac+384Jts0+EsCPUBnRDu2Bp8zJ0N8A JFng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=LyijGFIbFB0uaxkQGn77eFT7ZQtvbB+IFD0vy7SCToI=; b=ZJ9admnydFXgbEq1iQY3Zya8WRKn+8UaSWKswKgt6p0nFaKMVDC8nu9tGRtUIn/Aci B9DRq4AJuw0kdPprt8XvuTffbxy46xgK74mhCOp9pYW8vcbf3431CEE0UZI6qb8IRIlx ljwbIBxR1L6VdjYxUhGUNPE8o4fgqh+WfnJQpBm+1Vi0neyMZKoEMmyd1up1Df0neYcL IxP16VVg4XQgciMk70HyY5Wz8yTi/KLtujyp+YcR8cp6Om/coG10xXivgJ+hEHiWBe2t UEKp0KYEJDtF3t5ZFanCz4kENQYkt1Mj0+BCNR5x4yh13cu07ySx1ZcBx/eTmVcIMggr NOlw==
X-Gm-Message-State: AG10YOQQkiNAPV5JdmY0qFro6Mc5jjgbquISYpd+mzgEGXS9AABToMFTYgeFqY7R//8Qdg==
X-Received: by 10.107.135.150 with SMTP id r22mr38586185ioi.92.1456346888064; Wed, 24 Feb 2016 12:48:08 -0800 (PST)
Received: from mail-io0-f172.google.com (mail-io0-f172.google.com. [209.85.223.172]) by smtp.gmail.com with ESMTPSA id l11sm1963715iol.17.2016.02.24.12.48.06 for <mmusic@ietf.org> (version=TLSv1/SSLv3 cipher=OTHER); Wed, 24 Feb 2016 12:48:06 -0800 (PST)
Received: by mail-io0-f172.google.com with SMTP id g203so65744711iof.2 for <mmusic@ietf.org>; Wed, 24 Feb 2016 12:48:06 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.50.28.48 with SMTP id y16mr24006801igg.2.1456346886075; Wed, 24 Feb 2016 12:48:06 -0800 (PST)
Received: by 10.36.105.77 with HTTP; Wed, 24 Feb 2016 12:48:05 -0800 (PST)
In-Reply-To: <56CE145F.5090903@alum.mit.edu>
References: <56B4CDCF.4080100@cisco.com> <56CA320D.9050306@cisco.com> <7594FB04B1934943A5C02806D1A2204B37E389BF@ESESSMB209.ericsson.se> <56CCBE6A.7090709@alum.mit.edu> <7594FB04B1934943A5C02806D1A2204B37E3E3AB@ESESSMB209.ericsson.se> <56CDE4FB.6090002@alum.mit.edu> <7594FB04B1934943A5C02806D1A2204B37E400B7@ESESSMB209.ericsson.se> <56CE145F.5090903@alum.mit.edu>
Date: Wed, 24 Feb 2016 15:48:05 -0500
X-Gmail-Original-Message-ID: <CAD5OKxsUGZRCJack7d2bTZhssh3YSHX=OvyNX_D0GT7+q7Zqnw@mail.gmail.com>
Message-ID: <CAD5OKxsUGZRCJack7d2bTZhssh3YSHX=OvyNX_D0GT7+q7Zqnw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>
Content-Type: multipart/alternative; boundary="089e0158b360d07c26052c8a2e9d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/5Eq7jE73aVh_m9WGvKQf5QeqglQ>
Cc: Jonathan Lennox <jonathan@vidyo.com>, "mmusic@ietf.org" <mmusic@ietf.org>, Christer Holmberg <christer.holmberg@ericsson.com>
Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2016 20:48:10 -0000

On Wed, Feb 24, 2016 at 3:36 PM, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote:

> Can you (as the author of RFC4572) explain the use of multiple
> fingerprints? The dtls-sdp draft talks about the possibility of multiple
> fingerprints, but I can find no explanation of the semantics of that.
>

I think the original explanation was that TLS (or DTLS) session is
terminated if none of the fingerprints matched. In other words, at least
one fingerprint MUSt match for the session to be established,

One of the use cases is when RTP and RTCP DTLS flows are using different
certificates. In this case two fingerprint attributes will be added to SDP
m= line. When separate DTLS associations are established for RTP and RTCP,
each of these association will match one of the fingerprints and fail to
match the other.

Another use case is to generate an offer that will work with remote end
points that support different certificate signature algorithms. For
instance when transitioning from SHA-1 to SHA-256 two certificates would be
created by the origination end point and fingerprints for both will be
included. When DTLS association is negotiated, it will establish which
certificate signature algorithm is supported by both parties and use the
appropriate certificate. Once again, only one of the fingerprints will
match.
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email