Re: [MMUSIC] Bundling data channel and RTP? - Text proposal

Christer Holmberg <> Thu, 28 May 2015 06:30 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 6E1131A1AFF for <>; Wed, 27 May 2015 23:30:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id LIEIndqFSuiJ for <>; Wed, 27 May 2015 23:30:52 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D056A1A1AA6 for <>; Wed, 27 May 2015 23:30:51 -0700 (PDT)
X-AuditID: c1b4fb2d-f794d6d000004501-81-5566b6190d2d
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id 32.2A.17665.916B6655; Thu, 28 May 2015 08:30:50 +0200 (CEST)
Received: from ([]) by ([]) with mapi id 14.03.0210.002; Thu, 28 May 2015 08:30:49 +0200
From: Christer Holmberg <>
To: Roman Shpount <>, Christian Groves <>
Thread-Topic: [MMUSIC] Bundling data channel and RTP? - Text proposal
Date: Thu, 28 May 2015 06:30:48 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B1D86C915ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrCIsWRmVeSWpSXmKPExsUyM+Jvra7UtrRQg4OdrBZf3jeyWExd/pjF YsWGA6wWDRuvsFrMuDCV2YHVo/XZXlaPv+8/MHksWfKTyWPF+ZksHremFASwRnHZpKTmZJal FunbJXBltP57yV6wbiFjxcX9cxkbGDvmMnYxcnJICJhI/Ht8khnCFpO4cG89G4gtJHCUUeLk J+8uRi4gezGjxJ8bd5i6GDk42AQsJLr/aYPUiAhESrSefM0OUsMsMJ9RYsnp1ewgCWEBF4lf S3pYIIpcJVY8/80MYWdJbD+1G2wxi4CqRM/p6WD1vAK+EouPgdSDLJvFInG1YRUTSIJTIFDi /q/vYBcxAl33/dQasDizgLjErSfzmSCuFpBYsuc81AeiEi8f/2OFsJUkVmy/xAhRny9x/dsc VohlghInZz5hmcAoOgvJqFlIymYhKZsF9DOzgKbE+l36ECWKElO6H7JD2BoSrXPmsiOLL2Bk X8UoWpxaXJybbmSsl1qUmVxcnJ+nl5dasokRGK0Ht/zW3cG4+rXjIUYBDkYlHt4H69JChVgT y4orcw8xSnOwKInzenWFhAoJpCeWpGanphakFsUXleakFh9iZOLglGpgTGxLK8jm8f77f/f6 wHkOLT3Pw5e9YxD/a3HKbDFz62qd/+vvX3P/sqD/vcOJuTed7cK3nihteLSscmUsf/ElbieX Q1suCC08efOB9o+DPzxmqvOYe5WKfdndskjjiELovrvCFvPvLD6c80PmeFR0uHp59cyPVvev dZ8oDyyK7///7tusFU7vjyuxFGckGmoxFxUnAgBVoB/mtwIAAA==
Archived-At: <>
Cc: "" <>, "" <>
Subject: Re: [MMUSIC] Bundling data channel and RTP? - Text proposal
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 May 2015 06:30:55 -0000

Hi Roman,

So, if I understand you correctly, we do *NOT* need to mandate inclusion of “use_srtp” until SRTP/SRTCP is actually used. However, we could still RECOMMEND it, in order to avoid a re-handshake for that purpose when SRTP/SRTCP is added.



From: Roman Shpount []
Sent: 28 May 2015 05:20
To: Christian Groves
Cc: Christer Holmberg; Makaraju, Maridi Raju (Raju);;
Subject: Re: [MMUSIC] Bundling data channel and RTP? - Text proposal

If  "use_srtp" extension is specified, there is going to be SRTP/SRTCP keying material present and associated with each DTLS cipher state. If DTLS re-handshake occurs within the same session, the new RTP/RTCP keying material will be negotiated. Since no SRTP/SRTCP packets would be exchanged before SRTP/SRTCP stream was added to the bundle, these packets would not contribute to cipher state expiration. Cipher state can still expire due to the number of data packets transmitted or time, which can still cause new SRTP/SRTCP keying material to be negotiated.

Technically speaking either DTLS client or server can initiate a re-handshake at any time. It is an implementation detail on what would cause a re-handshake, and it can be done based on the number of packets sent or received, or based on time. If re-handshake is done based on the number of packets, both SRTP/SRTCP and data packets should have separate counters and cause a re-handshake once a certain value is passed.

As far as I know, DTLS re-handshake is not currently supported by either Chrome or Firefox, which means keying material for both data and SRTP/SRTCP will stay the same for the duration of the session.
Roman Shpount

On Wed, May 27, 2015 at 8:06 PM, Christian Groves <<>> wrote:
To be clear this means that the SRTP and SRTCP ( (because of the possibility of RTP/RTCP muxing) key negotiation occurs even before RTP/STRP media is added to the BUNDLE, and the keying material for both are maintained for the life of the BUNDLE? If the keys are unused they wouldn't expire because max lifetime is based on the number of protected packets.


On 28/05/2015 3:17 AM, Christer Holmberg wrote:

I guess we could add some text to the DTLS Considerations section.



Sent from my Windows Phone
From: Roman Shpount <<>>
Sent: ‎27/‎05/‎2015 23:31
To: Makaraju, Maridi Raju (Raju) <<>>
Cc: Christer Holmberg <<>>; Christian Groves <<>>;<> <<>>;<> <<>>
Subject: Re: [MMUSIC] Bundling data channel and RTP? - Text proposal

On Wed, May 27, 2015 at 7:37 AM, Makaraju, Maridi Raju (Raju) <<> <<>>> wrote:

    > >One interesting question that Albrecht brought up in a separate email
    > discussion is what happens if you first establish a >DTLS
    > for datachannel and then at a later stage you add SRTP media? I
    take it
    > that you'd have to re-establish >the DTLS connection and perform a
    > handshake using the "use_srtp" extension. That makes transitioning
    > messy.
    > There is a related (not BUNDLE specific) discussion on when one is
    > allowed to re-establish a DTLS connection, and the idea (I don't
    > the exact details in front of me) is that it can happen only
    when an IP
    > address or port changes. That obviously does not have to occur
    if you
    > add SRTP.
    Will there be an issue if "use_srtp" extension is always included
    even when
    SRTP media is not present at that time? I don't see any issue.
    This is how Chrome works today; it always includes the extension.

I agree, DTLS session should always be setup with "use_srtp" extension. There is little or no additional overhead, but this removes the latency required for a new DTLS session when and if SRTP is added. Since there is no new DTLS session there is no need for a new underlying transport and additional IPs. Nice and clean.

This should probably be stated somewhere in the document.
Roman Shpount