[rtcweb] Unique credentials for non-bundled m-lines

Eric Rescorla <ekr@rtfm.com> Mon, 12 May 2014 00:56 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4625E1A03AA for <rtcweb@ietfa.amsl.com>; Sun, 11 May 2014 17:56:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Zfo0rVZMkJm for <rtcweb@ietfa.amsl.com>; Sun, 11 May 2014 17:56:27 -0700 (PDT)
Received: from mail-wi0-f173.google.com (mail-wi0-f173.google.com [209.85.212.173]) by ietfa.amsl.com (Postfix) with ESMTP id 968841A02AE for <rtcweb@ietf.org>; Sun, 11 May 2014 17:56:27 -0700 (PDT)
Received: by mail-wi0-f173.google.com with SMTP id bs8so3663544wib.12 for <rtcweb@ietf.org>; Sun, 11 May 2014 17:56:21 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=jxEAQMU3GRQJ1Kh+EeEndCpLXfbxOVdH8oCrt25JdaE=; b=UgFTKJ3eH31H7uYiTsTI/VX9fbSeq+o2OqclntNbSzYg8kpKJtXALpnIqbD++cOR6n 7C1p0XjcvMaZOk0kSrTbPbGrDFsXEQsDIuW+nmVq6JXf+JuIhz/eMvx5+VlEN33I7iX3 io3auVs19V99i3ni8V+chyGn4tmL7B1dA6+I6Cj208CfU7Uu+jZekXakb4bjo9cBaIky AfYtvZSMg0zYCOLhGJfaNpIkURQRiM3499bHZORPcnKfAZuVZFesIeJo2XO/74JmtI8X Yh69hP/M8M7caKYhwEfxLnZUVU0oGrW4W40uoPx252XvcBDdNzopArw/Uk2+nvdUToYo EKxw==
X-Gm-Message-State: ALoCoQnZXTM4LMeoBZl/w0NZC/eg31JUBGYDnyx82lmtedpGdYn/Egpkg5kRhT4R6SY7h5Ey2qlm
X-Received: by 10.194.9.36 with SMTP id w4mr328155wja.79.1399856181395; Sun, 11 May 2014 17:56:21 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.218.198 with HTTP; Sun, 11 May 2014 17:55:41 -0700 (PDT)
X-Originating-IP: [74.95.2.168]
From: Eric Rescorla <ekr@rtfm.com>
Date: Sun, 11 May 2014 17:55:41 -0700
Message-ID: <CABcZeBNznhqaLrFE146tYKR1ENs8BpBAUutG5BmhHH5XD3B7uw@mail.gmail.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b5d863d6ddac604f9296a13"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/FCkw6xTeH3XrMlvXV0HOtR2m6tM
Subject: [rtcweb] Unique credentials for non-bundled m-lines
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 May 2014 00:56:29 -0000

https://github.com/rtcweb-wg/jsep/issues/17

JSEP S 5.2.1 reads:

Each m= section, provided it is not being bundled into another m=
section, MUST generate a unique set of ICE credentials and gather its
own unique set of ICE candidates. Otherwise, it MUST use the same ICE
credentials and candidates that were used in the m= section that it is
being bundled into.

But Section 15.4 of ICE explicitly permits m-lines to share
credentials, and of course ICE knows nothing of BUNDLE:

The "ice-pwd" and "ice-ufrag" attributes can appear at either the
session-level or media-level. When present in both, the value in the
media-level takes precedence. Thus, the value at the session-level is
effectively a default that applies to all media streams, unless
overridden by a media-level value. Whether present at the session or
media-level, there MUST be an ice-pwd and ice-ufrag attribute for each
media stream. If two media streams have identical ice-ufrag's, they
MUST have identical ice-pwd's.

Is there a reason for requiring unique credentials? If not I suggest
we remove this requirement.

-Ekr