Re: [rtcweb] DTLS, DTLS-SRTP, and 5-tuples

Roman Shpount <roman@telurix.com> Thu, 12 March 2015 14:53 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8E451A8737 for <rtcweb@ietfa.amsl.com>; Thu, 12 Mar 2015 07:53:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zbmvvpWWr5dX for <rtcweb@ietfa.amsl.com>; Thu, 12 Mar 2015 07:53:12 -0700 (PDT)
Received: from mail-ie0-f172.google.com (mail-ie0-f172.google.com [209.85.223.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D95341A8730 for <rtcweb@ietf.org>; Thu, 12 Mar 2015 07:53:11 -0700 (PDT)
Received: by iecvj10 with SMTP id vj10so41819348iec.0 for <rtcweb@ietf.org>; Thu, 12 Mar 2015 07:53:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=XJXi+LxUFbb0hYCf91Duk5Ev8xqr3QwP4xO2Exat2Hs=; b=RUHBANVMEZotFNN9vKCtnMEkFZBqe5/oWyafJWbi4xDKiXJYVHsTFoBAKTVqzVts8n GaDvfbFA2vfFWbBsxlr4L926oGbRICiUApEMJ8KptNXLCqsjUW/p3zq7kkAu202tEay4 t/ts+3WSz7lHyChnXoBKR8CCQ92TKO2q46nM7bTK4/JGn3ixpbvE4tgSQC73JlICkqiZ 5kh70Yqks59UcsVl9kYo0gHN4hbVICBb12kYVZ8dV0mY5hdpYEY/WPcjWLvPloXhnJWz BrQJGMtPuYrobHXoFWzEzE8dZdHQG1nnZoPYdXmHXvl0ub4H8Ch3ZufmWCGDlY0kL4HP o9mA==
X-Gm-Message-State: ALoCoQl6GkOLVv4fSfNMy5YK5WWkO/nmvR5fJtxgNDYgZIzVwHWBqRCM5BfF7WZLIV9PNaRA269s
X-Received: by 10.50.25.166 with SMTP id d6mr53721447igg.41.1426171989818; Thu, 12 Mar 2015 07:53:09 -0700 (PDT)
Received: from mail-ig0-f175.google.com (mail-ig0-f175.google.com. [209.85.213.175]) by mx.google.com with ESMTPSA id sd7sm5643240igb.20.2015.03.12.07.53.07 for <rtcweb@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Mar 2015 07:53:08 -0700 (PDT)
Received: by igkb16 with SMTP id b16so17197976igk.1 for <rtcweb@ietf.org>; Thu, 12 Mar 2015 07:53:07 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.107.167.3 with SMTP id q3mr74161021ioe.18.1426171987150; Thu, 12 Mar 2015 07:53:07 -0700 (PDT)
Received: by 10.36.20.10 with HTTP; Thu, 12 Mar 2015 07:53:06 -0700 (PDT)
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1D737A76@ESESSMB209.ericsson.se>
References: <54F74B02.1070902@jive.com> <CAD5OKxs8JYG3-Vvndi59ZrdPE7UTj22ozD4tcWTHgzWrHv=q7Q@mail.gmail.com> <54F756B2.60408@jive.com> <7594FB04B1934943A5C02806D1A2204B1D726AD8@ESESSMB209.ericsson.se> <CAD5OKxu7py3HbrFjxTDZS5ECFzx7vd=wpjve-gT6gWwksjEu+g@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D726B71@ESESSMB209.ericsson.se> <CABcZeBO1O6sA8MqvWkCDu3RPLz5-P2G65Us28i0baOavDnRT7Q@mail.gmail.com> <CAD5OKxuWCdgMR5Kxjv9BSwZ3Jm9kGXx9Pi-9FrfsnuQZ_91jAA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D726DC1@ESESSMB209.ericsson.se> <CALiegfkipJhsy7-40+=d9xMUf4RJGdn3_fABL3NN2KuFNvS2BA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D727570@ESESSMB209.ericsson.se> <CALiegfmfvz3NWSjcovGBytiOTbR6kFfyh0vx5cXoMJtytfGzRA@mail.gmail.com> <CAD5OKxsu3D0xHY-zYbDu1hyH_+4=3mWDvW2i98WCVZ+29BpKCw@mail.gmail.com> <CA5E97EE-99F8-44D8-B05B-C9EFDED1A9BB@vidyo.com> <2F467A7E-7A6C-4B1B-985A-0D9C089BE973@cisco.com> <CAOJ7v-1TjZOZ5G31vy_Gt73ADGLRay1RHVeMi=H6Q4=N1b6HLA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D7367A0@ESESSMB209.ericsson.se> <CALiegfmyp=v6thk4eLz7nL1BHh2Qj7jmC84tdG7ufg8HPXsVKA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D7369C9@ESESSMB209.ericsson.se> <CAD5OKxtCswToNzoZnnqJ5M66mjNjKJoA++WYNqN5155n+CWXsA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D736AC0@ESESSMB209.ericsson.se> <CAD5OKxs1grSqAG32mf__wtsjpo68jZmKonbd+EsJmYNsDHUbFQ@mail.gmail.com> <CAOJ7v-3YypG1s9KXOCA+Fo58SuVuUk5-thcSc0k3N2j=4ZmJoA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D737A76@ESESSMB209.ericsson.se>
Date: Thu, 12 Mar 2015 10:53:06 -0400
Message-ID: <CAD5OKxs+OEDp9pYrZHw237PfsNunao=PSC89dRhWiFcMwEQUXg@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: multipart/alternative; boundary="001a1141ca9eaef1310511188a0e"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/5Y5956KXDttlfhsSiLHC7f2COuQ>
Cc: Cullen Jennings <fluffy@cisco.com>, Jonathan Lennox <jonathan@vidyo.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] DTLS, DTLS-SRTP, and 5-tuples
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Mar 2015 14:53:14 -0000

On Thu, Mar 12, 2015 at 6:12 AM, Christer Holmberg <
christer.holmberg@ericsson.com> wrote:

> I don't think a TCP connection can span over multiple 5-tuples - each TCP
> connection will be bound to one 5-tuple.
>

The TCP use case over ICE should be defined in order to be usable. Doing so
is fairly straight forward but was not needed this far.

Perhaps the protocol running on top of TCP can switch between different TCP
> connections, though. For example, would it be possible to span a TLS
> connection over multiple TCP connections?
>
>
TLS (vs DTLS) cannot run on top of ICE since it is not a protocol which can
run on top of unreliable packet based transport with no order guarantees.
It would require a stream based transport to run below it in order to
operate. If someone defines TCP over ICE, that would make a good underlying
stream protocol to run below TLS. Once again, no one needed this so far.
_____________
Roman Shpount