IETF Logo Mail Archive

Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb

Harald Alvestrand <harald@alvestrand.no> Fri, 26 April 2013 13:33 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39A9921F9964 for <rtcweb@ietfa.amsl.com>; Fri, 26 Apr 2013 06:33:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XYAj66YDZJFN for <rtcweb@ietfa.amsl.com>; Fri, 26 Apr 2013 06:33:12 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id CACED21F995E for <rtcweb@ietf.org>; Fri, 26 Apr 2013 06:33:11 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 75AE539E197 for <rtcweb@ietf.org>; Fri, 26 Apr 2013 15:33:09 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lSVgeaJ9g7kI for <rtcweb@ietf.org>; Fri, 26 Apr 2013 15:33:09 +0200 (CEST)
Received: from [192.168.13.123] (unknown [110.15.35.10]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id 2DD0639E182 for <rtcweb@ietf.org>; Fri, 26 Apr 2013 15:33:07 +0200 (CEST)
Message-ID: <517A820F.9050807@alvestrand.no>
Date: Fri, 26 Apr 2013 15:33:03 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <3FA2E46D-C98E-4FC0-9F1D-AD595A861CE1@iii.ca> <74300615-2293-4DCE-82A7-475F1A5A8256@gmail.com> <91B4F744-2201-4361-A8D8-7D36F47B865C@cisco.com> <CALiegfnqW26gEMYNpjJyzu=Nd6z9wCjvZbuY1N2tYvbfQiHyPA@mail.gmail.com> <95219856-8365-4A7E-BD0B-4EECE8868498@phonefromhere.com>
In-Reply-To: <95219856-8365-4A7E-BD0B-4EECE8868498@phonefromhere.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Subject: Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Apr 2013 13:33:13 -0000

On 04/26/2013 03:16 PM, Tim Panton wrote:
>
> On 26 Apr 2013, at 12:37, Iñaki Baz Castillo wrote:
>
>> Such a solution requires a very expensive gateway. Good for vendors 
>> but bad for all the rest.
>>
>
> I don't understand why the DTLS gateway would be so expensive. It is 
> _exactly_ the same
> (conceptually) as the ICE processing - you filter off a few UDP 
> packets from the stream, do some
> stuff, send replies then once you are happy you punt some dynamic 
> settings back up to the (s)rtp
> layer.

So you're saying that the gateway doesn't have to decrypt and re-encrypt 
the packets?

I think EKT may be a problem, as Inaki pointed out, but I have less 
qualms about supporting DTLS and making it optional to use EKT on some 
calls than I have about mandating support for SDES.

v2.23.0 | Report a Bug | By Email