Re: [rtcweb] Unique credentials for non-bundled m-lines

Justin Uberti <juberti@google.com> Mon, 19 May 2014 03:57 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE8BA1A02B8 for <rtcweb@ietfa.amsl.com>; Sun, 18 May 2014 20:57:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.029
X-Spam-Level:
X-Spam-Status: No, score=-2.029 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qj7ih2YBw2ew for <rtcweb@ietfa.amsl.com>; Sun, 18 May 2014 20:57:15 -0700 (PDT)
Received: from mail-ve0-x22d.google.com (mail-ve0-x22d.google.com [IPv6:2607:f8b0:400c:c01::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB40D1A0295 for <rtcweb@ietf.org>; Sun, 18 May 2014 20:57:15 -0700 (PDT)
Received: by mail-ve0-f173.google.com with SMTP id pa12so5877043veb.32 for <rtcweb@ietf.org>; Sun, 18 May 2014 20:57:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=rIKA6oSn9LD+XNEoU0xPGur9Hi7gxBkqR04BBjy8STc=; b=JyPHy5DyWAJHweaHlAYACMnbrUCnHJg7B4krKdz0DtfTRcW5XP8L8ID0z0tD+Bj+bu 308MQsY/Eln/rNOrFRYeWLY4KAbBOG30eySL38B0+Q8efB36hWZDXRz5ISqhCptL/PYN ovwJOxsQAyFel3YljMU+mMwoA0dN+FAX718hkJfGtpd/LSa/v6uKUOO8+1AtNU+/ppx4 KfIBS+YzlKrdiOXFDCLwmzRcC0OaIUt4gxReYCqnM5VrQ62MaKeWsuOsq6UY2xPCKsia rvrg409Nr3dZqNO2lDLhlCieqrUYlaQctBxpEURJw8zi6VdzJojJ2Z+xim7mQIUeZYZT CXTA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=rIKA6oSn9LD+XNEoU0xPGur9Hi7gxBkqR04BBjy8STc=; b=jyitd+c8GOx/y7APYJfC/kvtxtIsYeNf6TbFJlx88WbQv2Xz4w/YK/4Zqjtj8ixlBh GDKuOgKqBYA4XQJGZVCCiIg3wxfLGzN97kfpEOmYQxm0yOrZoIo0Jn087nrkeAhbXiRs FuWxRPPB/5z4kbdIl4TjLtPLAN2tJLnKCqVmDsKa/GNdrXjwsp3NjUoCcN/pdHtOETk2 HshMNcl0zIetKYkbv40KzfR+Vcbnojo1MwgVLMTDnLjDSa2USpy0/PFUhBDCaY1JGPAz vCJ5WaQtX4JcUaP/EZ3+AJHEsDI6Kpf7agBbKzmn5jkjoMh+fOM/fvkZLedN89Ufqzub 4MRg==
X-Gm-Message-State: ALoCoQkDnP/NCGHtOp7R4YWnkcPhO5bcjHH43sb1A1aJBVfaI6MwxfcVz/QVsYVVCL1+bf+74MI5
X-Received: by 10.58.161.101 with SMTP id xr5mr4169907veb.36.1400471835159; Sun, 18 May 2014 20:57:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.145.105 with HTTP; Sun, 18 May 2014 20:56:55 -0700 (PDT)
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1D31BEC1@ESESSMB209.ericsson.se>
References: <CABcZeBNznhqaLrFE146tYKR1ENs8BpBAUutG5BmhHH5XD3B7uw@mail.gmail.com> <7F15A160-ED6E-4B77-833F-D83AD6DD7483@iii.ca> <7594FB04B1934943A5C02806D1A2204B1D31BEC1@ESESSMB209.ericsson.se>
From: Justin Uberti <juberti@google.com>
Date: Sun, 18 May 2014 20:56:55 -0700
Message-ID: <CAOJ7v-3K7fk31gst5UfOoqAgQ_mM40PomaHhY+HxqZOqLkW5cQ@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: multipart/alternative; boundary=047d7b5d5b0a40ca0e04f9b8c295
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/6oJ7NOKrXxgW8NZkLaxbmwHjnBw
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Unique credentials for non-bundled m-lines
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 May 2014 03:57:17 -0000

I think this dated back to when BUNDLE used the same ports from the
beginning, and this was needed for demultiplexing or somesuch.

As it stands now, the main value here is that a unique ufrag+pwd provides a
nice lookup handle to identify an ICE session, which might be useful for
stats.





On Sun, May 18, 2014 at 2:56 AM, Christer Holmberg <
christer.holmberg@ericsson.com> wrote:

> Hi,
>
> >> https://github.com/rtcweb-wg/jsep/issues/17
> >>
> >> JSEP S 5.2.1 reads:
> >>
> >> Each m= section, provided it is not being bundled into another m=
> >> section, MUST generate a unique set of ICE credentials and gather its
> >> own unique set of ICE candidates. Otherwise, it MUST use the same ICE
> >> credentials and candidates that were used in the m= section that it is
> >> being bundled into.
> >>
> >> But Section 15.4 of ICE explicitly permits m-lines to share
> >> credentials, and of course ICE knows nothing of BUNDLE:
> >>
> >> The "ice-pwd" and "ice-ufrag" attributes can appear at either the
> >> session-level or media-level. When present in both, the value in the
> >> media-level takes precedence. Thus, the value at the session-level is
> >> effectively a default that applies to all media streams, unless
> >> overridden by a media-level value. Whether present at the session or
> >> media-level, there MUST be an ice-pwd and ice-ufrag attribute for each
> >> media stream. If two media streams have identical ice-ufrag's, they
> >> MUST have identical ice-pwd's.
> >>
> >> Is there a reason for requiring unique credentials? If not I suggest
> >> we remove this requirement.
> >
> > When not doing bundle, is there any problems in the consent security
> with shared credential? If
> > not, seems like we should remove this.
>
> I guess that would mean that different BUNDLE groups could share the same
> credentials also?
>
> Regards,
>
> Christer
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>