Re: [MMUSIC] DTLS-SDP: connection, dtls_connection, or dtls_ufrag?

Christer Holmberg <> Wed, 30 September 2015 07:38 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id A12AD1A1BC9 for <>; Wed, 30 Sep 2015 00:38:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6PjQdsWRP6j9 for <>; Wed, 30 Sep 2015 00:38:49 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 1A0F11A1BC6 for <>; Wed, 30 Sep 2015 00:38:48 -0700 (PDT)
X-AuditID: c1b4fb2d-f79626d000004282-88-560b91860dec
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id 09.96.17026.6819B065; Wed, 30 Sep 2015 09:38:47 +0200 (CEST)
Received: from ([]) by ([]) with mapi id 14.03.0248.002; Wed, 30 Sep 2015 09:38:42 +0200
From: Christer Holmberg <>
To: Roman Shpount <>, Paul Kyzivat <>
Thread-Topic: [MMUSIC] DTLS-SDP: connection, dtls_connection, or dtls_ufrag?
Thread-Index: AdDx2gLCSWNnBQhESimZajIbwKOs+gIlWtiAAAgZAtAAE4UmAAADtCmAAAIjngAAFzeZoA==
Date: Wed, 30 Sep 2015 07:38:42 +0000
Message-ID: <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B37AE5E08ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuphkeLIzCtJLcpLzFFi42KZGfG3Rrd9IneYwbarTBZTlz9msVix4QCr xYwLU5kdmD3+vv/A5LFkyU8mj1tTCgKYo7hsUlJzMstSi/TtErgyDi24wlKwKaWiYe5JlgbG K4ldjJwcEgImEr8ff2eDsMUkLtxbD2RzcQgJHGWUuLpvFyOEs4RR4vGHXSxdjBwcbAIWEt3/ tEEaRAS8Jfr6OthBwswC6hJXFweBhIWBwm/mr2SFKPGRWL73KJQdJvH8+F6wXSwCqhK3O2+x gNi8Ar4SuzY9YYFY9YlJ4tLtk8wgCU6BQImnz48ygtiMQMd9P7WGCcRmFhCXuPVkPhPE0QIS S/acZ4awRSVePv7HCnKPhICixPJ+OYjyfIlpb98xQewSlDg58wnLBEbRWUgmzUJSNgtJ2Syw zzQl1u/ShyhRlJjS/ZAdwtaQaJ0zlx1ZfAEj+ypG0eLU4uLcdCNjvdSizOTi4vw8vbzUkk2M wOg7uOW37g7G1a8dDzEKcDAq8fAqOHGHCbEmlhVX5h5ilOZgURLnbWF6ECokkJ5YkpqdmlqQ WhRfVJqTWnyIkYmDU6qBcUnnt1Bhgcp8oc2rp82+u1T1L+/dBTa7PZqNbxv/Tfx//rTFt8s8 ccmdskULNzB3rT4cNv2zRLNXdcIyo3WTZpnudq/LbJw3jzk/zf/ySafrdfP8Z8azeQUIHpdb Yap25dyNba3RaRv7z/371GqSv26W8EOFr3a82oXp5so7YwrkeObkNMbFKrEUZyQaajEXFScC ADByBXufAgAA
Archived-At: <>
Cc: "" <>
Subject: Re: [MMUSIC] DTLS-SDP: connection, dtls_connection, or dtls_ufrag?
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 30 Sep 2015 07:38:51 -0000


The scope of the document is to define generic SDP offer/answer procedures for DTLS. That includes re-using/clarifying the existing procedures in DTLS-SRTP as much as possible, and make some technical changes (mainly related to how/if a change transport address information affects a DTLS association), and define an attribute that can be used to explicitly indicate whether to create a new DTLS association.

The intention is NOT to change the existing setup attribute, or do to anything else.



From: mmusic [] On Behalf Of Roman Shpount
Sent: 30. syyskuuta 2015 1:28
To: Paul Kyzivat
Subject: Re: [MMUSIC] DTLS-SDP: connection, dtls_connection, or dtls_ufrag?

On Tue, Sep 29, 2015 at 5:26 PM, Paul Kyzivat <<>> wrote:
This proposal is good except that it is unclear how to deduce which
version of connection or setup attribute is supported by the remote end
point. Without such indication there is a high chance that remote end
point will not be able to correctly parse and process the connection or
setup attribute with transport suffix.

Can you clarify what situation you are concerned about?

As long as we are defining behavior for cases that aren't currently supported at all, then it is simply a matter of writing the specs the way we want them.

Are you concerned with backward compatibility with implementations in the wild?

I am concerned about existing implementations which are currently in the wild. There are plenty of implementations that do support "setup" attribute for DTLS (including all the WebRTC enabled browsers). If existing "setup" attribute would be extended to include the protocol suffix it will not be properly handled by current implementations. If setup attribute is used with protocol prefix, it is unclear if it will be correctly recognized by the remote party.

On the other hand we can definitely use protocol attribute syntax for the connection attribute for DTLS, since this behavior is not defined anywhere yet.

Also, please let me know if you need a more detailed explanation of dtls_ufrag option and its rational or if you simply need more time to get it sorted out.

Roman Shpount