Re: [MMUSIC] Handling of unverified data and media

Peter Thatcher <pthatcher@google.com> Thu, 30 March 2017 19:14 UTC

Return-Path: <pthatcher@google.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 512F1126B6D for <mmusic@ietfa.amsl.com>; Thu, 30 Mar 2017 12:14:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tJoj0np3gt2B for <mmusic@ietfa.amsl.com>; Thu, 30 Mar 2017 12:14:40 -0700 (PDT)
Received: from mail-qk0-x22d.google.com (mail-qk0-x22d.google.com [IPv6:2607:f8b0:400d:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 02D16126B72 for <mmusic@ietf.org>; Thu, 30 Mar 2017 12:14:39 -0700 (PDT)
Received: by mail-qk0-x22d.google.com with SMTP id d201so19156617qkc.0 for <mmusic@ietf.org>; Thu, 30 Mar 2017 12:14:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Y98aApw3WqICzHZ0C9UODhP9r36V3IXoXMJTgbrY7Lk=; b=Om6ZkRmRrdqW3mImAf7FznN04+OwrCsIDjpW4pWduUP+H3OFWsRdVQF50wDWO62ZXp 47kaQWONusd4KW8jBCWKQ2pR45oZe6AKjThn6V8oKV0vyk3nbfvjtHa4n9lRVzMZujii 6sJ0jn43x/Ewvf5N2UTx2fBF1Rm5oS12KW4gTPPuppKQdI1PCtF4crV8hT4tCPuvNQia qXn4WLZN6abzn8A2WBfSDQfGG3YWsXEQCrVku3OPRprEi7e0WjAW2dQ+mHoZVCaimS2S lJNFXgdgjlTCbpB93kMsO1c2EnWlf9powwWy5gbb9tu2oGp/zHAq/yCOmVl+2nYzjUDf 0r/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Y98aApw3WqICzHZ0C9UODhP9r36V3IXoXMJTgbrY7Lk=; b=FTNr2CaE+cdfNeKnjenRLTVdCOJaAzcdxQDTT/EjDA0fmpyYpBCEMbInL+DgxVuwH9 pYSQLdnt0k7AD5ziyIxuEx5DJGYrXkuKosPXvzm4MyGLX1Y63sl1/JWVZ/E2jRrqQ33K uP+aO/XhI3OvuwfHZWjcnwSuOTXhttKFcvsKNK5cMe+qT/tVAQ+R/cn6qh8sjQv9yDpN rKenEFcuGawTeDS7jFhIs9P5biLqDgc3ZBdnNb4TWjsQmALQLmMHer4neqyyS+nwFt/o 3O31OAvSuk1nyeMF3Ed47hl1vPyXNzS+fZ2WmTIdPB0PE1DzAEm40T/OkyoU0VNFSTn1 SOJQ==
X-Gm-Message-State: AFeK/H15JQP9fA5xdGPYVLnfpQ0a1hvFhZpl0eo1I8qgyV6I97YDkbBjKgSp5RVKUgiO+LiT5C8INqCX4jDMuYX6
X-Received: by 10.55.183.133 with SMTP id h127mr1430002qkf.121.1490901277726; Thu, 30 Mar 2017 12:14:37 -0700 (PDT)
MIME-Version: 1.0
References: <CAOW+2dseq8AmLKXFGUaiss8ahpkY1ZzYUD_KdirFE1rskfvqjw@mail.gmail.com> <CABkgnnUc-XsYivUzSs6W4it_Krykr-reJMDJXqKf5FvGw_NBPg@mail.gmail.com> <CAD5OKxvXTsTPaKFNdwS6tPBTAksD=jgiAFGuGMgbepOtBoFT+Q@mail.gmail.com> <CABcZeBO9MP0fqg=ubpgU8+3L9koB5grCyp-O8hS9Pis942-rhA@mail.gmail.com> <CAOW+2due+uNyWn-3GQnpXrR-L55XVZSXXRmC0E9-5BSGKynUYA@mail.gmail.com> <CABcZeBPr4OjUBSUdS3wWmUuRJh7XmgxfVaY1F15mjMAqjbTZRg@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B4CB06D6C@ESESSMB109.ericsson.se> <67E58DC2-89CB-45AB-9452-C6A7DFEA34A4@vidyo.com> <7594FB04B1934943A5C02806D1A2204B4CB0B034@ESESSMB109.ericsson.se> <CF91D618-CC36-4811-A1BE-CAC48EF66900@iii.ca>
In-Reply-To: <CF91D618-CC36-4811-A1BE-CAC48EF66900@iii.ca>
From: Peter Thatcher <pthatcher@google.com>
Date: Thu, 30 Mar 2017 19:14:26 +0000
Message-ID: <CAJrXDUGy10nV3bWYsiLFc0czu5ydmwU-uf9AC=O+zfUxken+=w@mail.gmail.com>
To: Cullen Jennings <fluffy@iii.ca>, Christer Holmberg <christer.holmberg@ericsson.com>
Cc: mmusic <mmusic@ietf.org>
Content-Type: multipart/alternative; boundary=94eb2c0600560e4ed3054bf781aa
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/P79WOReUoyfXHX7tzLcd60iyR4Y>
Subject: Re: [MMUSIC] Handling of unverified data and media
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 19:14:42 -0000

We have a mailing list discussion (here), a bug (
https://github.com/w3c/webrtc-pc/issues/849) and a PR (
https://github.com/w3c/webrtc-pc/pull/1026#issuecomment-279238215) about
this.  I've copied the following comments to the latter two, so I'm adding
them here as well.

TL;DR: I don't think unverified media is compatible with ICE+DTLS.  Here is
why (you can go see the bug, too):


   1.

   You can *receive* DTLS from the remote side before receiving the remote
   description (and thus fingerprint). This happens if the remote side sends
   an ICE connectivity check and the local side sends a response and then the
   remote side sends a DTLS packet.
   2.

   You cannot *send* DTLS from the local side before receiving the remote
   description (and thus fingerprint). This is because you can't send an ICE
   connectivity check until you have the remote ICE ufrag and pwd, and thus
   can't get an ICE connectivity check response, and thus can't send DTLS.
   This is because you can't send anything other than ICE until you get an ICE
   connectivity check response.
   3.

   Since you can't send DTLS, you can't complete the handshake, and thus
   can't extract the SRTP key.


Maybe I'm missing something, but I think this is impossible.

On Sat, Mar 25, 2017 at 1:12 PM Cullen Jennings <fluffy@iii.ca> wrote:

>
> On Mar 13, 2017, at 3:44 PM, Christer Holmberg <
> christer.holmberg@ericsson.com> wrote:
>
> My question is: is this something that’s causing problems in real
> deployments, and requires a change in the standard?
>
>
> 1-800 go fedex. See webrtc requirements documents from many years ago.
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www.ietf.org/mailman/listinfo/mmusic
>