IETF Logo Mail Archive

[rtcweb] Re: I-D Action: draft-lennox-sdp-raw-key-fingerprints-00.txt

Jonathan Lennox <jonathan.lennox@8x8.com> Wed, 30 October 2024 17:50 UTC

Return-Path: <jonathan.lennox@8x8.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF171C14F603 for <rtcweb@ietfa.amsl.com>; Wed, 30 Oct 2024 10:50:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=8x8.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q-jFIKIlnqQJ for <rtcweb@ietfa.amsl.com>; Wed, 30 Oct 2024 10:50:24 -0700 (PDT)
Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7832C15154E for <rtcweb@ietf.org>; Wed, 30 Oct 2024 10:50:24 -0700 (PDT)
Received: by mail-qk1-x736.google.com with SMTP id af79cd13be357-7b1505ef7e3so7378385a.0 for <rtcweb@ietf.org>; Wed, 30 Oct 2024 10:50:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=8x8.com; s=googlemail; t=1730310624; x=1730915424; darn=ietf.org; h=message-id:in-reply-to:to:references:date:subject:mime-version :content-transfer-encoding:from:from:to:cc:subject:date:message-id :reply-to; bh=g3gTYEYggSoBkliVshXgV2qThg2eZwEg5Y/6HrxRG44=; b=FAB6yPxA3nZyaBNGqNcLkdp92Oq3mY5gBFTRYfJe1QfluYFCuBMq+mvyP/dwyRzEHl WtLnT5AFPCS8nWsKtNXaDFl9Wpxn/OhW04uxxHs6ZiHqSuZmKES++driiD7iYJPrU+SP OQliaLKX3y6fYiC6Ddcy4aJ0rPEwp1rKQ5g6M=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730310624; x=1730915424; h=message-id:in-reply-to:to:references:date:subject:mime-version :content-transfer-encoding:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=g3gTYEYggSoBkliVshXgV2qThg2eZwEg5Y/6HrxRG44=; b=XF7vzOxBoVgZz2c8aLWM4xT/T1yjU+t/Y+XThJTDHdmIPj11I+kyb9CfTXOo4BLD05 xUQKLXQqYs2uQ8TMwNvo4m7kuYmPu41sxaCHKSJiC6Rm0HoIBvkyaXO65gkFudTigeBs qBA0uR+Qufgym0d9rZS3l/oN0E7CtfppJLOio7NAdgzRiM3yu9hGxh6T0LCP97qCkZvd cOOklyTZC2M6zqwTjZAi45OR8Kp9V2lqdBPdrWybOGDn0kGzVEkP4nMC0QKT4GhH+6ue FEzdbVPUh6PeDm1BkGY1ghjk6UYYoCdT2KSphPN3IaGywcfm3KC6rD156TnCvK5MMyNc ewkQ==
X-Forwarded-Encrypted: i=1; AJvYcCX+cSVm0DPyXM/j45cXdsLBFuwG8nWlPLorXlOmI2MFTa4ga0PJJpNmwoCKv1hiIc8UEK6rpwo=@ietf.org
X-Gm-Message-State: AOJu0YxZKKEA+ZRGbz0AqJyVLwzjaUIXbxddXEJ3WBjOGQ5mT3VGBeKn Mgx/XZrMCg4MYQNSBf7RIt7SWy90hqGcM2eYKHgLRiGa+JPY7HwIy3IWEf/8dA==
X-Google-Smtp-Source: AGHT+IG89RUQ4ZV2+7wrZ//TQYIWRZSvc9BWHJnGwxNWsFKcvcvyI2WkA2gMKulqHjOV4cXL6S8t/Q==
X-Received: by 2002:a05:6214:4586:b0:6d1:7383:9ca4 with SMTP id 6a1803df08f44-6d185838d31mr298225726d6.33.1730310623627; Wed, 30 Oct 2024 10:50:23 -0700 (PDT)
Received: from smtpclient.apple (crucible.cs.columbia.edu. [128.59.13.24]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6d179a5bc20sm53704276d6.143.2024.10.30.10.50.22 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 30 Oct 2024 10:50:23 -0700 (PDT)
From: Jonathan Lennox <jonathan.lennox@8x8.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51\))
Date: Wed, 30 Oct 2024 13:50:12 -0400
References: <172928612918.1576603.10331362486173581644@dt-datatracker-78dc5ccf94-w8wgc> <B87EBD43-908A-464B-A888-412030A3E60E@8x8.com>
To: mmusic@ietf.org, avt@ietf.org, rtcweb@ietf.org
In-Reply-To: <B87EBD43-908A-464B-A888-412030A3E60E@8x8.com>
Message-Id: <759FA211-F329-482E-8DC7-F79AF4C950FE@8x8.com>
X-Mailer: Apple Mail (2.3776.700.51)
Message-ID-Hash: 3L3FZFUCBTHHPU4NFGR2HNEFR667PT52
X-Message-ID-Hash: 3L3FZFUCBTHHPU4NFGR2HNEFR667PT52
X-MailFrom: jonathan.lennox@8x8.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-rtcweb.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [rtcweb] Re: I-D Action: draft-lennox-sdp-raw-key-fingerprints-00.txt
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/BUqacm8BUfMZ7POlUvVtLlCtLtE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Owner: <mailto:rtcweb-owner@ietf.org>
List-Post: <mailto:rtcweb@ietf.org>
List-Subscribe: <mailto:rtcweb-join@ietf.org>
List-Unsubscribe: <mailto:rtcweb-leave@ietf.org>

Hi, all —

I’ll be presenting this draft in the AVTCore session in Dublin (even though it’s not really in charter for that group, it’s probably the closest thing that’s meeting).

Additionally, I’ll be at the Hackathon working on adding this to the Jitsi servers’ WebRTC stack.  If anyone’s interested in adding it to any other WebRTC implementations, please feel free to join me and let me know!  (Though adding it to an implementation whose TLS stack doesn’t yet support RFC 7250 will likely be hard to do in a weekend, and I believe neither BoringSSL nor NSS does at this point.  The Jitsi backend servers use BouncyCastle, which does.)

> On Oct 18, 2024, at 5:31 PM, Jonathan Lennox <jonathan.lennox@8x8.com> wrote:
> 
> Hi, all —
> 
> I have submitted this draft defining how to use raw public keys (rather than self-signed certificates) in TLS or DTLS negotiated with SDP, with of course the specific use case in mind of SDP-negotiated DTLS/SRTP such as is used in WebRTC.
> 
> Comments are welcome, as well as any suggestions as to the best forum in which to develop this work; the base TLS in SDP (i.e. “a=fingerprint”) work was done in MMUSIC, but that group is closing down.
> 
> Thank you!
> 
>> On Oct 18, 2024, at 5:15 PM, internet-drafts@ietf.org wrote:
>> 
>> Internet-Draft draft-lennox-sdp-raw-key-fingerprints-00.txt is now available.
>> 
>>  Title:   Session Description Protocol Fingerprints for Raw Public Keys in (Datagram) Transport Layer Security
>>  Author:  Jonathan Lennox
>>  Name:    draft-lennox-sdp-raw-key-fingerprints-00.txt
>>  Pages:   9
>>  Dates:   2024-10-18
>> 
>> Abstract:
>> 
>>  This document defines how to negotiate the use of raw keys for TLS
>>  and DTLS with the Session Description Protocol (SDP).  Raw keys are
>>  more efficient than certificates for typical uses of TLS and DTLS
>>  negotiated with SDP, without loss of security.
>> 
>> The IETF datatracker status page for this Internet-Draft is:
>> https://datatracker.ietf.org/doc/draft-lennox-sdp-raw-key-fingerprints/
>> 
>> There is also an HTML version available at:
>> https://www.ietf.org/archive/id/draft-lennox-sdp-raw-key-fingerprints-00.html
>> 
>> Internet-Drafts are also available by rsync at:
>> rsync.ietf.org::internet-drafts
>> 
>> 
>

v2.34.0 | Report a Bug | By Email | System Status