Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb
Tim Panton <tim@phonefromhere.com> Fri, 26 April 2013 13:43 UTC
Return-Path: <tim@phonefromhere.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D795721F986F for <rtcweb@ietfa.amsl.com>; Fri, 26 Apr 2013 06:43:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.549
X-Spam-Level:
X-Spam-Status: No, score=-2.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aM4DXdtwqZbl for <rtcweb@ietfa.amsl.com>; Fri, 26 Apr 2013 06:43:24 -0700 (PDT)
Received: from smtp004.apm-internet.net (smtp004.apm-internet.net [85.119.248.54]) by ietfa.amsl.com (Postfix) with ESMTP id 98A4221F93D8 for <rtcweb@ietf.org>; Fri, 26 Apr 2013 06:43:22 -0700 (PDT)
Received: (qmail 7801 invoked from network); 26 Apr 2013 13:43:21 -0000
X-AV-Scan: clean
Received: from unknown (HELO zimbra003.verygoodemail.com) (85.119.248.218) by smtp004.apm-internet.net with SMTP; 26 Apr 2013 13:43:21 -0000
Received: from zimbra003.verygoodemail.com (localhost [127.0.0.1]) by zimbra003.verygoodemail.com (Postfix) with ESMTP id C65AD18A04CE; Fri, 26 Apr 2013 14:43:21 +0100 (BST)
Received: from [192.67.4.33] (unknown [192.67.4.33]) by zimbra003.verygoodemail.com (Postfix) with ESMTPSA id B080A18A034F; Fri, 26 Apr 2013 14:43:21 +0100 (BST)
Mime-Version: 1.0 (Apple Message framework v1283)
Content-Type: text/plain; charset="iso-8859-1"
From: Tim Panton <tim@phonefromhere.com>
In-Reply-To: <517A820F.9050807@alvestrand.no>
Date: Fri, 26 Apr 2013 14:43:22 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <1172907E-B2E1-4764-94CA-BDB00435B86A@phonefromhere.com>
References: <3FA2E46D-C98E-4FC0-9F1D-AD595A861CE1@iii.ca> <74300615-2293-4DCE-82A7-475F1A5A8256@gmail.com> <91B4F744-2201-4361-A8D8-7D36F47B865C@cisco.com> <CALiegfnqW26gEMYNpjJyzu=Nd6z9wCjvZbuY1N2tYvbfQiHyPA@mail.gmail.com> <95219856-8365-4A7E-BD0B-4EECE8868498@phonefromhere.com> <517A820F.9050807@alvestrand.no>
To: Harald Alvestrand <harald@alvestrand.no>
X-Mailer: Apple Mail (2.1283)
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 13:43:25 -0000
On 26 Apr 2013, at 14:33, Harald Alvestrand wrote: > On 04/26/2013 03:16 PM, Tim Panton wrote: >> >> On 26 Apr 2013, at 12:37, Iñaki Baz Castillo wrote: >> >>> Such a solution requires a very expensive gateway. Good for vendors but bad for all the rest. >>> >> >> I don't understand why the DTLS gateway would be so expensive. It is _exactly_ the same >> (conceptually) as the ICE processing - you filter off a few UDP packets from the stream, do some >> stuff, send replies then once you are happy you punt some dynamic settings back up to the (s)rtp >> layer. > > So you're saying that the gateway doesn't have to decrypt and re-encrypt the packets? It depends where it is a gateway to. I'm claiming that the huge majority of the legacy side endpoints are going to be wanting plain RTP anyhow, so no need to re-encrypt. Another chunk of functionality is local processing (conference mixing, call recording, ivr etc) where the device (or it's cluster) is the endpoint, so again no need to re- encrypt. The decryption can be handled by existing SRTP components, which just need to be fed the keys generated by the DTLS exchange. (And I'd add that we got into this mess by sticking with O/A semantics. ) T.
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman (SKYPE)
- [rtcweb] SDP Security Descriptions (RFC 4568) and… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Alan Johnston
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Bernard Aboba
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Bogineni, Kalyani
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ejzak, Richard P (Richard)
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Igor Faynberg
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Mandeep Singh
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Adam Roach
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ejzak, Richard P (Richard)
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Randell Jesup
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Randell Jesup
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Harald Alvestrand
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Harald Alvestrand
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Randell Jesup
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ted Hardie
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Hutton, Andrew
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Xavier Marjou
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Harald Alvestrand
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Matthew Kaufman
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Oscar Ohlsson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Suhas Nandakumar
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Alan Johnston
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Roman Shpount
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… DRUTA, DAN
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Roman Shpount
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Cullen Jennings (fluffy)
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Roman Shpount
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Salvatore Loreto
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Christer Holmberg
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Bernard Aboba
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Markus.Isomaki
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Binod
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Harald Alvestrand
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Emil Ivov
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Christer Holmberg
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ejzak, Richard P (Richard)
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ted Hardie
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Salvatore Loreto
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ejzak, Richard P (Richard)
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Iñaki Baz Castillo
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Eric Rescorla
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Ejzak, Richard P (Richard)
- [rtcweb] Network times … was SDP Security Descrip… Cullen Jennings (fluffy)
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Tim Panton
- Re: [rtcweb] Network times . was SDP Security Des… Roy, Radhika R CIV USARMY (US)
- Re: [rtcweb] Network times . was SDP Security Des… Cullen Jennings (fluffy)
- Re: [rtcweb] Network times . was SDP Security Des… Justin Uberti
- Re: [rtcweb] Network times . was SDP Security Des… Michael Tuexen
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] Network times . was SDP Security Des… Randell Jesup
- Re: [rtcweb] Network times . was SDP Security Des… Randell Jesup
- Re: [rtcweb] Network times . was SDP Security Des… Roy, Radhika R CIV USARMY (US)
- Re: [rtcweb] Network times . was SDP Security Des… Justin Uberti
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Bo Burman
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Olle E. Johansson
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Daniel-Constantin Mierla
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Harald Alvestrand
- Re: [rtcweb] Network times . was SDP Security Des… Eric Rescorla
- Re: [rtcweb] Network times . was SDP Security Des… Daniel-Constantin Mierla
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] Network times . was SDP Security Des… Dan Wing
- Re: [rtcweb] Network times . was SDP Security Des… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Harald Alvestrand
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Bernard Aboba
- Re: [rtcweb] Network times . was SDP Security Des… Justin Uberti
- Re: [rtcweb] Network times . was SDP Security Des… Karl Stahl
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Henry Lum
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Henry Lum
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Henry Lum
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Martin Thomson
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Tim Panton
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Cullen Jennings
- Re: [rtcweb] SDP Security Descriptions (RFC 4568)… Dan Wing