IETF Logo Mail Archive

Re: [rtcweb] [MMUSIC] Tunnelling DTLS in SDP

Peter Thatcher <pthatcher@google.com> Thu, 07 April 2016 15:15 UTC

Return-Path: <pthatcher@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5254112D5DF for <rtcweb@ietfa.amsl.com>; Thu, 7 Apr 2016 08:15:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GiXHgTKitSve for <rtcweb@ietfa.amsl.com>; Thu, 7 Apr 2016 08:15:46 -0700 (PDT)
Received: from mail-vk0-x22a.google.com (mail-vk0-x22a.google.com [IPv6:2607:f8b0:400c:c05::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A48CE12D85D for <rtcweb@ietf.org>; Thu, 7 Apr 2016 08:03:43 -0700 (PDT)
Received: by mail-vk0-x22a.google.com with SMTP id k1so102601832vkb.0 for <rtcweb@ietf.org>; Thu, 07 Apr 2016 08:03:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=O1aFhActtd3zaAfeHEPGdT40Oq8M26ovU/gjINrTNt4=; b=DwPaf/5Ulrm0GRQJXIX+NnW0eAmv/8ADdE3Di+p95jK8P6rInBxGWCRNSilSQAgrKs Ufqa5t9d6sOompaveeVNfsZBv7JK7lL9+y/FllwWXQ6MRmB5g0Q0PX2MRRfV4ur2jPfo bixQ2Ur1Cpl45ssfwOEeQLHzqeeh2LdEJoU1g2GVgqO5cGzf242b3yGxsHcwW491fy/7 6fUzvtpdbc7FnzdIp+W4DdaEFjyUTA7qxjTf8NJnLjh8Z1gSZ3xMVIrYPsZ1Zrs2NUsM Q6lnjU2jopSZ/9C63Uws6uXoX12Q77B4Y9I3xxVjvw8F0ri9yveQoB/+bzjIcdKpCSn6 77Rw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=O1aFhActtd3zaAfeHEPGdT40Oq8M26ovU/gjINrTNt4=; b=M+UeXCq293t405lPvRcmezInOzT5g/w6XZp3ybYK/qgjOxHgKkPENLsvQg+NwI8Z6f bi9gO1ownNPJEhGrEvlmtCPkSOzGTYZnPvMtJLysk1g0DVpeLLgodzXNd3///FtKbw6I VwhYQOzJ88Coj0keVG7d7eIoioM7af0byMFPexj9MStKL97AQY1ife8g4q3Jnqcpa6RJ CuZYu5Z0KO9kwl3VX/X6XRl6jHdZLLav6VJ7YDtiN2VEH0tOasr0OmAEvguWkWMILc25 8jZxfLODD3lo6zTf62MlxPhRMbNQkErFJr5doJEgBBgXPSq38BRO579mK25sYjplhJ6u QNlQ==
X-Gm-Message-State: AD7BkJLHl72zSpmRHwjnrDkpOAjbhsBfWpKzANPXN5XR9zwd1PLf2lhF55EM+PfWsYiWIvBU6Edxt2hbE+4KQTQ0
X-Received: by 10.31.11.201 with SMTP id 192mr1603902vkl.135.1460041422620; Thu, 07 Apr 2016 08:03:42 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.67.164 with HTTP; Thu, 7 Apr 2016 08:03:02 -0700 (PDT)
In-Reply-To: <F11EA410-2086-442A-8519-BE77A421E938@phonefromhere.com>
References: <CABcZeBOM1KoXpXFhvjS753EVpsMENWVen3CCdFj8ry36vPH0dg@mail.gmail.com> <D5416C24-0032-48CB-8CC6-FD5D4E046C0D@phonefromhere.com> <CAOJ7v-3pov_NC0b8wkNyvfxHTG934RW-QnLRSQ0TzmpU3LvawA@mail.gmail.com> <F11EA410-2086-442A-8519-BE77A421E938@phonefromhere.com>
From: Peter Thatcher <pthatcher@google.com>
Date: Thu, 07 Apr 2016 08:03:02 -0700
Message-ID: <CAJrXDUHyxd=n5XUkBjQaDTKYnALkg9C-da0rx0z0Q988DA6=Sg@mail.gmail.com>
To: Tim Panton <tim@phonefromhere.com>
Content-Type: multipart/alternative; boundary="001a114551525aa568052fe662ec"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/6sEm4UawpFoaSc31vXpCmGb2E3E>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, mmusic WG <mmusic@ietf.org>
Subject: Re: [rtcweb] [MMUSIC] Tunnelling DTLS in SDP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2016 15:15:48 -0000

On Tue, Apr 5, 2016 at 2:52 AM, Tim Panton <tim@phonefromhere.com> wrote:

>
> On 5 Apr 2016, at 03:06, Justin Uberti <juberti@google.com> wrote:
>
>
>
> On Mon, Apr 4, 2016 at 8:39 AM, pfh <tim@phonefromhere.com> wrote:
>
>>
>> On 4 Apr 2016, at 14:10, Eric Rescorla <ekr@rtfm.com> wrote:
>>
>> Hi folks,
>>
>> I wanted to call your attention to a draft I just published with a
>> possibly stupid
>> idea.
>>
>> https://tools.ietf.org/html/draft-rescorla-dtls-in-sdp-00
>>
>> A nontrivial fraction of call setup time in WebRTC is the DTLS handshake.
>> This document describes how to piggyback the first few handshake messages
>> in the SDP offer/answer exchange, thus reducing latency.
>>
>>
>> It strikes me we could get the same reduced latency benefits by
>> piggybacking on ICE
>> rather than SDP, e.g. embedding the DTLS packet as data in a new STUN
>> attribute type.
>>
>> The downside of piggybacking on the SDP is that you are increasing the
>> trust you have to place in the
>> signalling server undermining the elegant decoupling we have at the
>> moment between signalling and
>> media. (The SDES issues of logging keys in the web servers apply to the
>> public certs as well).
>>
>
> I don't think the logging issue applies here. Only the public key would be
> logged, and it's already transmitted in cleartext during a normal DTLS
> handshake (it's a public key, after all).
>
>
> True, but over a different path.
>
>
>> It also significantly clutters the SDP (even more) !
>>
>
> Please see Jonathan Lennox's comment about garbage piles. I think the only
> truly unattractive part here is the fact that the messages will need to be
> base64ed, resulting in minor blowup. But that seems like a reasonable
> downside for 1+ RTT upside.
>
>
> Just when the WebRTC NG was freeing us from Offer/Answer and SDP….
>
> Sigh.
>
>
​The general idea here is "put the beginning of the crypto handshake in the
signaling"​.  That's not tied to SDP.  WebRTC NG could easily do the same
thing without SDP.



>
>
>
>> As you point out, it weakens the usefulness of longer term certs, which
>> would be a major nuisance IMHO.
>>
>> Tim.
>>
>>
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
>>
>>
>
>
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www.ietf.org/mailman/listinfo/mmusic
>
>

v2.23.0 | Report a Bug | By Email