Re: [rtcweb] How to determine TLS roles?

Christer Holmberg <christer.holmberg@ericsson.com> Mon, 10 February 2014 20:30 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A113C1A0407 for <rtcweb@ietfa.amsl.com>; Mon, 10 Feb 2014 12:30:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.24
X-Spam-Level:
X-Spam-Status: No, score=-1.24 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NDkQOJkfHVZM for <rtcweb@ietfa.amsl.com>; Mon, 10 Feb 2014 12:30:53 -0800 (PST)
Received: from sessmg20.mgmt.ericsson.se (sessmg20.ericsson.net [193.180.251.50]) by ietfa.amsl.com (Postfix) with ESMTP id EEB2F1A01FD for <rtcweb@ietf.org>; Mon, 10 Feb 2014 12:30:52 -0800 (PST)
X-AuditID: c1b4fb32-b7f4c8e0000012f5-88-52f936fbd192
Received: from ESESSHC022.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg20.mgmt.ericsson.se (Symantec Mail Security) with SMTP id 61.2A.04853.BF639F25; Mon, 10 Feb 2014 21:30:52 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.99]) by ESESSHC022.ericsson.se ([153.88.183.84]) with mapi id 14.02.0387.000; Mon, 10 Feb 2014 21:30:51 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Tim Panton <tim@phonefromhere.com>
Thread-Topic: [rtcweb] How to determine TLS roles?
Thread-Index: Ac8mZBiXQux1+cpSRGeFwm+/NhCfyP//88iA///u0BCAABk5gP//7dswgAAbnoCAAC3h+IAAAg0A///I9eAADI1GgP//7kBQ
Date: Mon, 10 Feb 2014 20:30:50 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D167EAC@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1D1672FC@ESESSMB209.ericsson.se> <9ADA7473-1F36-4D96-A875-D2DC0762E9C2@phonefromhere.com> <7594FB04B1934943A5C02806D1A2204B1D1673C4@ESESSMB209.ericsson.se> <54B6400D-3753-4285-96DB-08EDB23BD03F@phonefromhere.com> <7594FB04B1934943A5C02806D1A2204B1D1674E9@ESESSMB209.ericsson.se>, <CABcZeBOyQeLSwYjKt7hNqn0WViHYhvLmsGecmwCWyGNgUdgSnA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D167825@ESESSMB209.ericsson.se> <8991EDBE-71F3-4456-A614-A9F4926F4955@phonefromhere.com> <7594FB04B1934943A5C02806D1A2204B1D167CF8@ESESSMB209.ericsson.se> <1FC0C1C7-E5AB-4D4C-ABCC-8371457DCBF0@phonefromhere.com>
In-Reply-To: <1FC0C1C7-E5AB-4D4C-ABCC-8371457DCBF0@phonefromhere.com>
Accept-Language: en-US
Content-Language: fi-FI
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.149]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrBLMWRmVeSWpSXmKPExsUyM+Jvje4fs59BBr92sVmseH2O3WLtv3Z2 i4vbbzE6MHssWfKTyWPJpEY2j8mP25gDmKO4bFJSczLLUov07RK4Mnra9rMV9PJW3G+8z9rA uIuri5GTQ0LAROLi553sELaYxIV769m6GLk4hAROMErM3PSIEcJZzChxp/kPUIaDg03AQqL7 nzZIg4iAmsS5H4eZQWxmAVeJczOnMIHYwgKGEudmrWOHqDGSmL20kw3CzpM4c+gTM8gYFgFV ift74kDCvAK+EhdPdTBDrOpjlbh3eTILSIITaObHTcvAZjICHff91BomiF3iEh8OXmeGOFpA Ysme81C2qMTLx/9YIWwlibWHt7NA1OtILNj9iQ3C1pZYtvA1M8RiQYmTM5+wTGAUm4Vk7Cwk LbOQtMxC0rKAkWUVo2RxanFxbrqRgV5uem6JXmpRZnJxcX6eXnHqJkZgbB3c8ttoB+PJPfaH GKU5WJTEea+z1gQJCaQnlqRmp6YWpBbFF5XmpBYfYmTi4JRqYFxw1+6ArNa/h1UqHxQ28P76 t7xs1fdKv5sclYXnt11VdV481eG8oG2o8XergrDvIpd/LvEzedPgPs/jvL7XLrb9+7m5W5f8 fZ21dP2Dgwnczw1NEyc7OZbpr9oatpy17Ey3lb2Kc6T4lh/ThWPEGPa6nD350Ejj9c05q5bP 2szo4tEqUFfRsk2JpTgj0VCLuag4EQAEoOBSewIAAA==
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] How to determine TLS roles?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 20:30:54 -0000

Hi,

>>>>> This is defined in RFC 5763 S 5:
>>>>> http://tools.ietf.org/html/rfc5763#section-5
>>>>> 
>>>>> Which points to:
>>>>> http://tools.ietf.org/html/rfc4145
>>>> 
>>>> Ok. So, a few questions to for clarification:
>>>> 
>>>> Q1: This means that the JS App must set the setup attrbute value before passing an SDP to the browser?
>>> No, peer-to-peer browser calls should 'do the right thing' - based on the initator/ice-controlling rule Both browsers set a=setup:act-pass meaning that we fall back to the old rules.
>> 
>> What "old rules"? :)
>> 
>
> Sorry that was unclear - As I read it, putting a=setup:actpass in the SDP indicates that the ice-controlling entity should act as DTLS client, and typically the ice-controlling entity is the initiator of the session. So it isn't a matter of O/A negotiation.

Do you have a reference to where you read that?

>>> If however you have a gateway initating a call to a browser, and it 
>>> wants to do early media (it's an 800 number gateway for example) then it sets a=setup:active in the SDP it sends (or you create on it's behalf).
>> 
>> There doesn't necessarily have to be a gateway. It may be a browser-to-browser call, using SIP and SDP O/A on the wire - meaning that the SDP setup attribute is used to determine the roles.
>
> But there is no concept of early media on a peer-to-peer webRTC call, so there isn't any need to manage which side is the DTLS client or server.

Not sure what this has to do with early media. You can have two browser based applications, using SDP O/A to negotiate the DTLS roles.

Regards,

Christer