Re: [MMUSIC] Bundling data channel and RTP? - Text proposal

Christian Groves <Christian.Groves@nteczone.com> Wed, 27 May 2015 08:43 UTC

Return-Path: <Christian.Groves@nteczone.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C83351A9035 for <mmusic@ietfa.amsl.com>; Wed, 27 May 2015 01:43:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N3HwqB-y67MJ for <mmusic@ietfa.amsl.com>; Wed, 27 May 2015 01:43:04 -0700 (PDT)
Received: from cserver5.myshophosting.com (cserver5.myshophosting.com [175.107.161.1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 822D91A900B for <mmusic@ietf.org>; Wed, 27 May 2015 01:43:02 -0700 (PDT)
Received: from ppp118-209-177-117.lns20.mel8.internode.on.net ([118.209.177.117]:51884 helo=[192.168.1.22]) by cserver5.myshophosting.com with esmtpsa (TLSv1:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from <Christian.Groves@nteczone.com>) id 1YxWvS-000oCS-1L for mmusic@ietf.org; Wed, 27 May 2015 18:42:58 +1000
Message-ID: <5565838D.2020005@nteczone.com>
Date: Wed, 27 May 2015 18:42:53 +1000
From: Christian Groves <Christian.Groves@nteczone.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: mmusic@ietf.org
References: <7594FB04B1934943A5C02806D1A2204B1D852384@ESESSMB209.ericsson.se> <55634C34.4080304@alum.mit.edu>
In-Reply-To: <55634C34.4080304@alum.mit.edu>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 8bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - cserver5.myshophosting.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - nteczone.com
X-Get-Message-Sender-Via: cserver5.myshophosting.com: authenticated_id: christian.groves@nteczone.com
X-Source:
X-Source-Args:
X-Source-Dir:
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/bkcK4HOYSh7zr4RJ_ZEHaENZBbQ>
Subject: Re: [MMUSIC] Bundling data channel and RTP? - Text proposal
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2015 08:43:10 -0000

Hello Christer,

With respect to the text below I don't think you need the "When DTLS is 
used for more than one media stream within a BUNDLE group". All you need 
to say is that there may only be one DTLS association per BUNDLE. Also 
it could be more confusing to mention more than one media stream, 
because SRTP doesn't use DTLS for the media stream, only key exchange.

One interesting question that Albrecht brought up in a separate email 
discussion is what happens if you first establish a DTLS association for 
datachannel and then at a later stage you add SRTP media? I take it that 
you'd have to re-establish the DTLS connection and perform a handshake 
using the "use_srtp" extension. That makes transitioning messy.

Regards, Christian

On 26/05/2015 2:22 AM, Paul Kyzivat wrote:
> On 5/25/15 3:14 AM, Christer Holmberg wrote:
>> Hi,
>>
>> Below is a suggestion for a "DTLS considerations" section. Let me 
>> know if you think there are more rules/restrictions that we should 
>> document.
>
> My reply to your other message implies that it is probably important 
> to say more than this.
>
> Also, I *think* it is possible to mix RTP over UDP with RTP over DTLS 
> in the same bundle. (Though I can't think of any utility to doing so.) 
> I don't think what you say below is inconsistent with that, but it 
> might be good to think through the implications.
>
>     Thanks,
>     Paul
>
>> --------------------
>>
>> X.  DTLS Considerations
>>
>>     One or more media streams within a BUNDLE group can use
>>     the Datagram Transport Layer Security (DTLS) protocol [RFC6347]
>>     in order to encrypt the data, or to negotiate encryption keys
>>     if another encryption mechanism is used to encrypt media.
>>
>>     When DTLS is used for more than one media stream within a BUNDLE
>>     group, the following rules apply:
>>
>>     o  A single DTLS association [RFC6347] MUST be used for all media
>>     using DTLS; and
>>
>>         o  Each media protocol using DTLS MUST use the same mechanism 
>> for
>>     determining which endpoint (the offerer or answerer) becomes DTLS 
>> client and DTLS server.
>>
>> --------------------
>>
>> Regards,
>>
>> Christer
>>
>>
>>
>> -----Original Message-----
>> From: mmusic [mailto:mmusic-bounces@ietf.org] On Behalf Of Christer 
>> Holmberg
>> Sent: 25 May 2015 04:59
>> To: Christian Groves; mmusic@ietf.org
>> Subject: Re: [MMUSIC] Bundling data channel and RTP?
>>
>> Hi,
>>
>> I wonder whether we should have a "DTLS considerations" section in 
>> BUNDLE, and specify that all bundled media MUST use the same DTLS 
>> connection for key management, encryption etc.
>>
>> Would it even be possible to establish multiple DTLS connections on a 
>> single 5-tuple?
>>
>> Regards,
>>
>> Christer
>>
>> -----Original Message-----
>> From: mmusic [mailto:mmusic-bounces@ietf.org] On Behalf Of Christian 
>> Groves
>> Sent: 22 May 2015 10:20
>> To: mmusic@ietf.org
>> Subject: Re: [MMUSIC] Bundling data channel and RTP?
>>
>> Hello Magnus and Martin,
>>
>> Thanks for confirming that.
>>
>> It would be good to cover bundling the SRTP and DTLS/SCTP m-lines the 
>> BUNDLE and JSEP drafts.
>>
>> Regards, Christian
>>
>>
>>
>> On 20 May 2015 at 17:21, Christian 
>> Groves<Christian.Groves@nteczone.com>  wrote:
>>
>>> Can anyone confirm the intention that a single DTLS connection is used
>>> for SRTP key exchange and also SCTP packets?
>>
>> Yes, the record layer carries SCTP and exporters from the same 
>> session are used to key SRTP.
>>
>>
>>
>> On 21/05/2015 7:34 PM, Magnus Westerlund wrote:
>>> Christian Groves skrev den 2015-05-21 02:21:
>>>> Can anyone confirm the intention that a single DTLS connection is
>>>> used for SRTP key exchange and also SCTP packets?
>>>>
>>>> draft-ietf-rtcweb-transports-08 indicates:
>>>>
>>>> /WebRTC implementations MUST support multiplexing of DTLS and RTP 
>>>> over//
>>>> //   the same port pair, as described in the DTLS_SRTP specification//
>>>> //   [RFC5764], section 5.1.2.  All application layer protocol
>>>> payloads//
>>>> //   over this DTLS connection are SCTP packets./
>>>>
>>>> To me this implies a single DTLS connection. However in RFC5764
>>>> clause
>>>> 4.1 it says:
>>>> /Once the "use_srtp" extension is negotiated, the RTP or RTCP//
>>>> //   application data is protected solely using SRTP. Application
>>>> data is//
>>>> //   never sent in DTLS record-layer "application_data" packets.
>>>> Rather,//
>>>> //   complete RTP or RTCP packets are passed to the DTLS stack, 
>>>> which//
>>>> //   passes them to the SRTP stack, which protects them 
>>>> appropriately.//
>>>> /
>>>> In the second sentence "application data" is not qualified with "RTP
>>>> or RTCP" so it could be taken that its not possible to use the DTLS
>>>> connection for anything else. However I take it that as the rest of
>>>> the paragraph talks about RTP or RTCP that these were meant when
>>>> application data is mentioned?
>>>>
>>>> Can only one add some clarity?
>>>>
>>>
>>> Yes, that is clearly the intention as I understand it in WebRTC.
>>>
>>> Cheers
>>>
>>> Magnus Westerlund
>>>
>>> ----------------------------------------------------------------------
>>> Services, Media and Network features, Ericsson Research EAB/TXM
>>> ----------------------------------------------------------------------
>>> Ericsson AB                 | Phone  +46 10 7148287
>>> Färögatan 6                 | Mobile +46 73 0949079
>>> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
>>> ----------------------------------------------------------------------
>>>
>>>
>>
>> _______________________________________________
>> mmusic mailing list
>> mmusic@ietf.org
>> https://www.ietf.org/mailman/listinfo/mmusic
>>
>> _______________________________________________
>> mmusic mailing list
>> mmusic@ietf.org
>> https://www.ietf.org/mailman/listinfo/mmusic
>>
>> _______________________________________________
>> mmusic mailing list
>> mmusic@ietf.org
>> https://www.ietf.org/mailman/listinfo/mmusic
>>
>
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www.ietf.org/mailman/listinfo/mmusic
>