IETF Logo Mail Archive

Re: [MMUSIC] [rtcweb] Tunnelling DTLS in SDP

Roman Shpount <roman@telurix.com> Mon, 04 April 2016 15:53 UTC

Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78C3212D603 for <mmusic@ietfa.amsl.com>; Mon, 4 Apr 2016 08:53:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pHBbClSAqDsr for <mmusic@ietfa.amsl.com>; Mon, 4 Apr 2016 08:53:13 -0700 (PDT)
Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com [IPv6:2607:f8b0:4001:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31DD812D5FE for <mmusic@ietf.org>; Mon, 4 Apr 2016 08:53:13 -0700 (PDT)
Received: by mail-ig0-x229.google.com with SMTP id g8so35177583igr.0 for <mmusic@ietf.org>; Mon, 04 Apr 2016 08:53:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=nwfe2jg/zA+WfPnuTDI9eM5g4s0IxSFBLbPK0VkIMXc=; b=LuWLSecE0A0bPEgMO4FkPp4KA8nENrerMTiPKxfSZb7MGihfA6mlgo4VRcbt2R7Y96 XoySA4U25zAxMMGEmFSIvgtGYjttgNg118opR92B7ZNDesUBLDKJ540barxeAQIGS+bW ghy9IZU9L5O5JKzZ+9b4kcOApKZBYunytDinnUuISWQeO+QIXx6MAf+8vL3sE0a03p7Q OG++kccIgCb4B4aPJxtNuNUhj55YLIaX4oIYKt/BRFVpJlQ1wp08QUFJGbCrQL6jVexk +ZTcbtVpWT2uuXU+hzf7aarNVOuwkumaJpATn3VHkRVyk04lePFEK21txC2kCUXj7Bg7 rzcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=nwfe2jg/zA+WfPnuTDI9eM5g4s0IxSFBLbPK0VkIMXc=; b=M0l/ws/c7buEdg4QUrH6uZu4rh1iP6dTXKw3wrOVg06Bva+eK+vWZXdJLJ33iC2PKM IRO3a6SM+HQONmoSOqx+HRgcH4dT4HGlPsUfp4vhAncxjzwScLUj9DS70cQYG9AsBdaU FT44bkDCCVJzhr1w8DrfMXdUw9AnQmHBCP+Ops7fBrDSPUitbIaVX70l4R9VSjpbhCDT StVsIZ0crbPu0XYduOV5xtefnVWbV2hvgLXGhkLTsaxP8WAEXxrh1f3vdi7+0ohkXOVj 87Zat0v6R2fyFoXedE2GZygY0ainwwQDzFs6F1dYWQOG68mSXF5f9dT2GpB+ZS25Q1GI YxXA==
X-Gm-Message-State: AD7BkJLK5YLd8a2cWmNBhJqsjJRPcTTQFW1RU/wFXNtzLCHdYJ/jEQsB1BB5+aJxPC/BlA==
X-Received: by 10.107.137.72 with SMTP id l69mr8111840iod.177.1459785185417; Mon, 04 Apr 2016 08:53:05 -0700 (PDT)
Received: from mail-ig0-f180.google.com (mail-ig0-f180.google.com. [209.85.213.180]) by smtp.gmail.com with ESMTPSA id p1sm11850566iop.12.2016.04.04.08.53.05 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 04 Apr 2016 08:53:05 -0700 (PDT)
Received: by mail-ig0-f180.google.com with SMTP id gy3so35129605igb.1; Mon, 04 Apr 2016 08:53:05 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.107.30.71 with SMTP id e68mr8044333ioe.145.1459785168790; Mon, 04 Apr 2016 08:52:48 -0700 (PDT)
Received: by 10.36.106.194 with HTTP; Mon, 4 Apr 2016 08:52:48 -0700 (PDT)
In-Reply-To: <CABcZeBOM1KoXpXFhvjS753EVpsMENWVen3CCdFj8ry36vPH0dg@mail.gmail.com>
References: <CABcZeBOM1KoXpXFhvjS753EVpsMENWVen3CCdFj8ry36vPH0dg@mail.gmail.com>
Date: Mon, 04 Apr 2016 11:52:48 -0400
X-Gmail-Original-Message-ID: <CAD5OKxtaw3P-csYvxSsqK6_BD6AywTkK7hCc-04APa7ib2Ea1Q@mail.gmail.com>
Message-ID: <CAD5OKxtaw3P-csYvxSsqK6_BD6AywTkK7hCc-04APa7ib2Ea1Q@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="001a1140d71e6f72a6052faab865"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/xjHz8uJFq26aVb8E_OlDddLCxMo>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, mmusic WG <mmusic@ietf.org>
Subject: Re: [MMUSIC] [rtcweb] Tunnelling DTLS in SDP
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 15:53:15 -0000

The proposal makes sense to me.

1. Why do you need to send both fingerprints and certificates in answer? If
certificate is sent, fingerprint can be calculated from it and will be
completely redundant.

2. Can you show where and how the DTLS-SRTP keys are going to be sent? I
assume they will be transmitted together with ChangeCipherSpec.

I think sending certificate in the answer instead of data path does not
compromise security since if signaling path is compromised, data traffic
can be redirected to MITM agent which can collect exactly the same data.

This has the benefit over sending DTLS handshake using ICE/STUN messages
that it does not need to deal with packet fragmentation and reassembly.

Regards,
_____________
Roman Shpount

On Mon, Apr 4, 2016 at 9:10 AM, Eric Rescorla <ekr@rtfm.com> wrote:

> Hi folks,
>
> I wanted to call your attention to a draft I just published with a
> possibly stupid
> idea.
>
> https://tools.ietf.org/html/draft-rescorla-dtls-in-sdp-00
>
> A nontrivial fraction of call setup time in WebRTC is the DTLS handshake.
> This document describes how to piggyback the first few handshake messages
> in the SDP offer/answer exchange, thus reducing latency.
>
> Comments welcome.
>
> -Ekr
>
>
>
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>
>

v2.23.0 | Report a Bug | By Email