IETF Logo Mail Archive

[MMUSIC] RFC 6544: DTLS over 4571 framing over TCP

Jonathan Lennox <jonathan@vidyo.com> Thu, 13 November 2014 19:32 UTC

Return-Path: <jonathan@vidyo.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBCB91ACD0F for <mmusic@ietfa.amsl.com>; Thu, 13 Nov 2014 11:32:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p_EQyO8NPu9F for <mmusic@ietfa.amsl.com>; Thu, 13 Nov 2014 11:32:34 -0800 (PST)
Received: from server209.appriver.com (server209e.appriver.com [8.31.233.120]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A6F01A8AF3 for <mmusic@ietf.org>; Thu, 13 Nov 2014 11:32:34 -0800 (PST)
X-Note-AR-ScanTimeLocal: 11/13/2014 2:32:28 PM
X-Policy: vidyo.com - vidyo.com
X-Primary: jonathan@vidyo.com
X-Note: This Email was scanned by AppRiver SecureTide
X-Note: SecureTide Build: 11/7/2014 8:53:38 PM UTC
X-Virus-Scan: V-
X-Note-SnifferID: 0
X-Note: TCH-CT/SI:0-615/SG:5 11/13/2014 2:31:29 PM
X-GBUdb-Analysis: 0, 67.231.149.202, Ugly c=0.737526 p=-0.970382 Source White
X-Signature-Violations: 0-0-0-10995-c
X-Note-419: 15.6266 ms. Fail:0 Chk:1329 of 1329 total
X-Note: SCH-CT/SI:0-1329/SG:1 11/13/2014 2:32:27 PM
X-Note: Spam Tests Failed:
X-Country-Path: ->UNITED STATES->LOCAL->UNITED STATES->
X-Note-Sending-IP: 67.231.149.202
X-Note-Reverse-DNS: mx0a-00198e01.pphosted.com
X-Note-Return-Path: jonathan@vidyo.com
X-Note: User Rule Hits:
X-Note: Global Rule Hits: G241 G242 G243 G244 G248 G249 G361
X-Note: Encrypt Rule Hits:
X-Note: Mail Class: VALID
X-Note: Headers Injected
Received: from [67.231.149.202] (HELO mx0a-00198e01.pphosted.com) by server209.appriver.com (CommuniGate Pro SMTP 6.0.8) with ESMTP id 171231689 for mmusic@ietf.org; Thu, 13 Nov 2014 14:32:28 -0500
Received: from pps.filterd (m0073109.ppops.net [127.0.0.1]) by mx0a-00198e01.pphosted.com (8.14.7/8.14.7) with SMTP id sADJWSLN005843 for <mmusic@ietf.org>; Thu, 13 Nov 2014 14:32:29 -0500
Received: from mail.vidyo.com ([162.209.16.214]) by mx0a-00198e01.pphosted.com with ESMTP id 1qn2nm0038-2 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK) for <mmusic@ietf.org>; Thu, 13 Nov 2014 14:32:28 -0500
Received: from 492132-EXCH1.vidyo.com ([fe80::50:56ff:fe85:4f77]) by 492133-EXCH2.vidyo.com ([fe80::50:56ff:fe85:6b62%13]) with mapi id 14.03.0195.001; Thu, 13 Nov 2014 13:32:27 -0600
From: Jonathan Lennox <jonathan@vidyo.com>
To: mmusic <mmusic@ietf.org>
Thread-Topic: RFC 6544: DTLS over 4571 framing over TCP
Thread-Index: AQHP/3iOolFwBA8/I0ak56FUZ4KvaQ==
Date: Thu, 13 Nov 2014 19:32:26 +0000
Message-ID: <44035890-A516-4D01-A679-A85032AA10ED@vidyo.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [31.133.187.214]
Content-Type: multipart/alternative; boundary="_000_44035890A5164D01A679A85032AA10EDvidyocom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.13.68, 1.0.28, 0.0.0000 definitions=2014-11-13_08:2014-11-13,2014-11-13,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000 definitions=main-1411130148
Archived-At: http://mailarchive.ietf.org/arch/msg/mmusic/RKWHa3h1BAxevuE_GI17KkI-gGk
Subject: [MMUSIC] RFC 6544: DTLS over 4571 framing over TCP
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Nov 2014 19:32:38 -0000

Here’s the citation from RFC 6544 for DTLS over RFC 4571 framing over TCP.

3.  Overview of Operation

   [...]

   ICE requires an agent to demultiplex STUN and application-layer
   traffic, since they appear on the same port.  This demultiplexing is
   described in [RFC5245<https://tools.ietf.org/html/rfc5245>] and is done using the magic cookie and other
   fields of the message.  Stream-oriented transports introduce another
   wrinkle, since they require a way to frame the connection so that the
   application and STUN packets can be extracted in order to
   differentiate STUN packets from application-layer traffic.  For this
   reason, TCP media streams utilizing ICE use the basic framing
   provided in RFC 4571<https://tools.ietf.org/html/rfc4571> [RFC4571<https://tools.ietf.org/html/rfc4571>], even if the application layer
   protocol is not RTP.

   When Transport Layer Security (TLS) or Datagram Transport Layer
   Security (DTLS) is used, they are also run over the RFC 4571<https://tools.ietf.org/html/rfc4571> framing
   shim, while STUN runs outside of the (D)TLS connection.  The
   resulting ICE TCP protocol stack is shown in Figure 1, with (D)TLS on
   the left side and without it on the right side.

                       +----------+
                       |          |
                       |    App   |
            +----------+----------+     +----------+----------+
            |          |          |     |          |          |
            |   STUN   |  (D)TLS  |     |   STUN   |    App   |
            +----------+----------+     +----------+----------+
            |                     |     |                     |
            |      RFC 4571<https://tools.ietf.org/html/rfc4571>       |     |      RFC 4571<https://tools.ietf.org/html/rfc4571>       |
            +---------------------+     +---------------------+
            |                     |     |                     |
            |         TCP         |     |         TCP         |
            +---------------------+     +---------------------+
            |                     |     |                     |
            |         IP          |     |         IP          |
            +---------------------+     +---------------------+

              Figure 1: ICE TCP Stack with and without (D)TLS

v2.23.0 | Report a Bug | By Email