Re: [MMUSIC] starting DTLS handshake before the answer is received (dtls-sdp draft)
Bernard Aboba <bernard.aboba@gmail.com> Tue, 02 May 2017 23:43 UTC
Return-Path: <bernard.aboba@gmail.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0916129AE3 for <mmusic@ietfa.amsl.com>; Tue, 2 May 2017 16:43:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.701
X-Spam-Level:
X-Spam-Status: No, score=0.701 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G7_mTX0FMtMv for <mmusic@ietfa.amsl.com>; Tue, 2 May 2017 16:43:23 -0700 (PDT)
Received: from mail-ua0-x22c.google.com (mail-ua0-x22c.google.com [IPv6:2607:f8b0:400c:c08::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6BD20129BA2 for <mmusic@ietf.org>; Tue, 2 May 2017 16:42:04 -0700 (PDT)
Received: by mail-ua0-x22c.google.com with SMTP id e55so62778554uaa.2 for <mmusic@ietf.org>; Tue, 02 May 2017 16:42:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc; bh=1iSTAw3jvC9m96sNJcp6wxhQym4DskJQAv4wUsilgUo=; b=PxJLXFKCuzR5Cmn7Zu+jI5BKpZ0VnLqAGNzMSXmMfBd3bMfh4cmVLuDLXSAR8vRbvM Tl2/XSDkZUoDzb87V8iUoWnF/1Sij5DxWunlFKd7SCFH8yi0n2HvSfz6ReivN54lxpFj 7vKDJHNwAW8kUByUJhWoM7CbXlQZXCNFvXZqgBYBQk2TByhpTlNP5X6vDAR6XGPiO0So cAlCCKP9guj2zAADfcvH50fBOx8RXJEYWFwgzGTl/redBeQ2pZ2/hgaBsKKZMwZecXTE 0O5VO0ZjNzSatr+HKsPCE2oUPLa4nm9K5zwV4RKIvbrgyRXFZzO0988FaeVCLq6kiQA1 NdpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=1iSTAw3jvC9m96sNJcp6wxhQym4DskJQAv4wUsilgUo=; b=XI+dP/NmyGXc4Vebr/nab87O9VEesg74qxsXwwWpd+HwrMaC5MWh0grtIYFOd8I00w tOFeSZ32ImuOBlk5VGIkwi4xctd3VPGttlaTv0rSSFPJi3FkOdaJy7h4l0GTZ/RLVXXE OyLIdPj7eTGH07Aok7858cfpiRRM99Z98Nseaj3csVYRkWqRng1yhUHqO/KQ3YD66Hq9 VRfB+9lVYUd4dmipyOhoxt3W7cuz/9G79742/7zUTb66PyikgNOTr5CpT5JzNJ6/TrqU OUmMZwqQ/j+5e7ixMp1g3gOvb8l0V+D6dU0uHtyAR4Ur17c4JmLS5jv57lOsgjQvxR3t BEgg==
X-Gm-Message-State: AN3rC/5jSIe8R9r0VNXz/PyKwcL1yB7UCcUzfVY+LQjBS6AHC7Mto7bn v6uxPrlOfETTxCclMAlbzk6GfFDU0g==
X-Received: by 10.159.34.196 with SMTP id 62mr16960507uan.42.1493768523200; Tue, 02 May 2017 16:42:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.49.18 with HTTP; Tue, 2 May 2017 16:41:42 -0700 (PDT)
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Tue, 02 May 2017 16:41:42 -0700
Message-ID: <CAOW+2dvAPQ-TwsARY2342eck4yOuLu_is7bd5OQCsSQ2Vu1Vzw@mail.gmail.com>
To: mmusic@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c03c91033c009054e9316e2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/LWZ7ty1f9kQH6kvK0F8PjdpCd1s>
Subject: Re: [MMUSIC] starting DTLS handshake before the answer is received (dtls-sdp draft)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 May 2017 23:43:27 -0000
Roman Shpount said: "We also are planning to update the dtls-sdp draft which will prohibit to start DTLS handshake until the answer is received." [BA] The logic here is that in WebRTC an incoming DTLS packet cannot be responded to until "consent" is provided, which requires an ICE request and response, which needs the remote ICE ufrag/password, which is in the answer. While I can understand explaining this in the dratf, a prohibition seems redundant, because it already follows from other requirements (such as consent and full ICE). It's a bit like passing a law prohibiting objects in earth's gravity from "falling up" - gravity just doesn't work that way, so no need for a law. Also, there can be situations with ICE lite, or with ORTC where ICE O/A could be separated from DTLS O/A), so consent could exist prior to receipt of the DTLS answer, where the original logic wouldn't hold.
- Re: [MMUSIC] starting DTLS handshake before the a… Bernard Aboba
- Re: [MMUSIC] starting DTLS handshake before the a… Roman Shpount