Re: [MMUSIC] SCTP-SDP: Virtual Connection impact

[Roman Shpount <roman@telurix.com>]

On Wed, Apr 15, 2015 at 4:18 PM, Paul Kyzivat <pkyzivat@alum.mit.edu> wrote:

>
> I didn't intend to propose that the tactical solution not be done.
> A strategic one will take longer than people want to wait.
>

Agreed.


>
> But I did mean to suggest that we ought to start looking at the strategic
> solution - that ICE ought to simply be one way to discover multiple paths
> for a multipath transport, rather than being used in lieu of defining
> multipath versions of those transports.
>

As far as strategic directions are concerned, ICE has no reason to exist on
its own. It would always needs to be paired with security and this implies
DTLS. DTLS on the other hand, can benefit greatly from ICE functionality so
that it can traverse NAT environments and recover from path failures. If
ICE and DTLS handshakes are unified, then connection setup can be
accelerated. Finally, ICE and DTLS implement a lot of common functionality
in different ways, so there two implementation of mutual party
authentication, keep-alive, role determination, structured data
encapsulation and parsing. Having a single implementation of all of those
would make protocol more reliable and secure.

What I am trying to say is that I do not see future versions of ICE running
without DTLS, so strategically it would be better to extend DTLS to include
ICE functionality and end up with a single consistent secure protocol.

One more thing: DTLS would also need to be extended to work well with
offer/answer and bundle. This would means some sort of ID field, similar to
RTP SSRC in all DTLS packets to allow to multiplex multiple DTLS sessions
over the same transport channel both during setup and normal operations.
_____________
Roman Shpount