IETF Logo Mail Archive

Re: [rtcweb] Resolving RTP/SDES question in Paris

"Ravindran, Parthasarathi" <pravindran@sonusnet.com> Tue, 20 March 2012 14:24 UTC

Return-Path: <pravindran@sonusnet.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DB7121F85A1 for <rtcweb@ietfa.amsl.com>; Tue, 20 Mar 2012 07:24:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.149
X-Spam-Level:
X-Spam-Status: No, score=-6.149 tagged_above=-999 required=5 tests=[AWL=-0.450, BAYES_00=-2.599, J_CHICKENPOX_44=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MCODZZizzaJE for <rtcweb@ietfa.amsl.com>; Tue, 20 Mar 2012 07:24:28 -0700 (PDT)
Received: from na3sys010aog103.obsmtp.com (na3sys010aog103.obsmtp.com [74.125.245.74]) by ietfa.amsl.com (Postfix) with ESMTP id 8276C21F85A0 for <rtcweb@ietf.org>; Tue, 20 Mar 2012 07:24:27 -0700 (PDT)
Received: from usma-ex-hub1.sonusnet.com ([69.147.176.212]) (using TLSv1) by na3sys010aob103.postini.com ([74.125.244.12]) with SMTP ID DSNKT2iTGusgzGMBhSU7KTcr0bEa/FhtMJXg@postini.com; Tue, 20 Mar 2012 07:24:27 PDT
Received: from INBA-HUB02.sonusnet.com (10.70.51.87) by usma-ex-hub1.sonusnet.com (66.203.90.16) with Microsoft SMTP Server (TLS) id 14.2.247.3; Tue, 20 Mar 2012 10:24:40 -0400
Received: from INBA-MAIL01.sonusnet.com ([fe80::8d0f:e4f9:a74f:3daf]) by inba-hub02.sonusnet.com ([fe80::80b9:dc60:caf7:7dfc%11]) with mapi id 14.01.0355.002; Tue, 20 Mar 2012 19:54:22 +0530
From: "Ravindran, Parthasarathi" <pravindran@sonusnet.com>
To: Iñaki Baz Castillo <ibc@aliax.net>, Roman Shpount <roman@telurix.com>
Thread-Topic: [rtcweb] Resolving RTP/SDES question in Paris
Thread-Index: AQHM8te6ZBG/XYsMg0C4SE+GOqsWNpZtZpyg///nIgCAAAs3AIAASYaAgADU1wCAAESDgIAB8AUAgAAelICAAH0pgIAAChuAgAAC/YCAADCxgIAADEuAgAAOHICAAAWBgIAAAeoAgAAPeYCAAEVigIAAE6gAgAAMZICAAAtPgIAArYcAgAAqDICAAAcigIAAXZUg
Date: Tue, 20 Mar 2012 14:24:21 +0000
Message-ID: <387F9047F55E8C42850AD6B3A7A03C6C0E2012AD@inba-mail01.sonusnet.com>
References: <4F4759DC.7060303@ericsson.com> <387F9047F55E8C42850AD6B3A7A03C6C0E1FEB69@inba-mail01.sonusnet.com> <CALiegfnkYVEpmPV-zSL_4wOY-HiFZN-qJCQCiioaS=5NaqhLZw@mail.gmail.com> <CAD5OKxvtOAxMBx6xDnyfTnEq76oDEm6uj1xL6wGjjrtKUAHy3g@mail.gmail.com> <CABcZeBNZiotPmCfT53uEo+O0xw4xv6tXW1M_G-3A5BHuncsduA@mail.gmail.com> <CAD5OKxvYOY5JZ2mYNGiH1poUBQkyOOycePFijH5H+SxtcdqujQ@mail.gmail.com> <CABkgnnVe-b6Sv=R67bMJk_NQqQwdrRUn6rBm7Gu_CMcfPQwtEg@mail.gmail.com> <CAD5OKxvZbEJ7sV4WPAYoQapzMR_QwAftj-oKg=ioMKHNT792wQ@mail.gmail.com> <6F428EFD2B8C2F49A2FB1317291A76C113563C5A92@USNAVSXCHMBSA1.ndc.alcatel-lucent.com> <CALiegf=jtkDCS_D0ZFe9UpbiadQ0vsJ+4MppQSbLr-wbaXNrfQ@mail.gmail.com> <BLU169-W29E5B86F9E2C6F3126961C93420@phx.gbl> <CALiegfk2aT+6Psr4nT-hG1G7eYRBfFCcT+25On2O4HfUXJ6-ng@mail.gmail.com> <CAD6AjGSmi9j+sdGWPts20-iwGvGij05ek0OKYEPULC6B=aFpQg@mail.gmail.com> <6F428EFD2B8C2F49A2FB1317291A76C113564482A7@USNAVSXCHMBSA1.ndc.alcatel-lucent.com> <ADBB75F3-E20C-4EC4-B9C3-EF2E4BFF409C@phonefromhere.com> <CAD5OKxvuEV8Vbq3h7=ZgcKmREjmguvz5n-SpXr2n-EY7a_ddxg@mail.gmail.com> <CALiegfk1ozOKPcDjbd3H_z2Edzh4RcZpYyJSWdw_1DJ04muQXA@mail.gmail.com> <CAD5OKxu8-+0O0=eE7mD1hi=nPUpEXczGj=bRNQCQL1BW8c-c-Q@mail.gmail.com> <D75A384B-0F38-4E30-8C03-12E903A69B64@acmepacket.com> <CAD5OKxustPmGJRMKoUU4kXosALpG8RzHC50-sjb5KKUPq3L3XA@mail.gmail.com> <CABcZeBNHY8k5YNiZt2=wqKo1Bkecxvyw4kyGi9W235fmdhwjGw@mail.gmail.com> <CAD5OKxujAoGaqpAG62X6EQVu5bS5m2a+9DYBP=LYjo1qGtQS6w@mail.gmail.com> <CALiegfkd5q2OzDTddQX2emhycVkwpnAD1SrF-iofVe6wVJD1pw@mail.gmail.com> <CAD5OKxv9_k6CU-_UC_pm+tx9aGJ3SEiB_amzKbgp9UKuJb4MwQ@mail.gmail.com> <CALiegfkfLchSosSwZ+J-zc355fjBuRi5X-Z+fMznzCZjs8f=bw@mail.gmail.com>
In-Reply-To: <CALiegfkfLchSosSwZ+J-zc355fjBuRi5X-Z+fMznzCZjs8f=bw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.70.54.61]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: Leon Portman <Leon.Portman@nice.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Mar 2012 14:24:28 -0000

Adding one another issue faced in SRTP-DTLS implementation (http://www.ietf.org/mail-archive/web/siprec/current/msg03199.html).

Including Leon in this mail thread for more info. 

Thanks
Partha 

>-----Original Message-----
>From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf
>Of Iñaki Baz Castillo
>Sent: Tuesday, March 20, 2012 7:46 PM
>To: Roman Shpount
>Cc: rtcweb@ietf.org
>Subject: Re: [rtcweb] Resolving RTP/SDES question in Paris
>
>2012/3/20 Roman Shpount <roman@telurix.com>:
>> The other proposal was not to use DTLS at all, since it is an overkill
>> both complexity and feature wise. DTLS is designed the way it is
>> primarily to extend TLS to UDP. DTLS-SRTP is a bolt on of SRTP into
>> DTLS. So we actually got a protocol twice reused with design goals
>> changing dramatically in the process. The desired attribute of
>> DTLS-SRTP is that encryption keys are not transmitted in clear text.
>> The rest (security handshake separated from signaling and ICE
>> handshake, support for data encryption schemes other then SRTP,
>support for certificate validation, etc) is actually just a liability.
>> All of those things imply slower setup and interop problems. So, my
>> second proposal was not to use DTLS at all, just include the public
>> keys for supported key exchange protocols in the SDP and send the
>> encrypted SRTP private key in the ICE message. Or something similar to
>> that. This will definitely not interop with DTLS, but will make
>> implementation of encryption very simple.
>
>So that proposal would modify even ICE protocol, am I right? Too much
>dramatic IMHO :)
>
>Ok, given the fact that DTLS is still an utopia (all the people know
>about it but it seems that nobody has seen it in action), why not to
>leave it for a future version of WebRTC and go now with SDES + encrypted
>signaling path? In this way:
>
>- We get interoperability with other technologies *already* implementing
>SDES+SRTP (so ***tested***).
>
>- DTLS can be added once it's mature/tested/widely-implemented and we
>can learn from other implementations (what do they implement, interop
>problems, bugs...?).
>
>- Adding DTLS later to WebRTC does not break nothing since its usage
>would be still negotiable during the session initiation.
>
>
>Yes, I do know that SDES+SRTP is not the best solution, but I've never
>seen a scenario in which all the cool and fantastic features of DTLS are
>required. Given the comments about DTLS in this long thread it seems
>that choosing DTLS would be a risk (WebRTC would become a DTLS beta-
>tester...).
>
>
>Regards.
>
>--
>Iñaki Baz Castillo
><ibc@aliax.net>
>_______________________________________________
>rtcweb mailing list
>rtcweb@ietf.org
>https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email