Re: [rtcweb] JSEP: Why always offer actpass?

Stefan Håkansson LK <> Tue, 25 November 2014 17:38 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 234501A6FFF for <>; Tue, 25 Nov 2014 09:38:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_56=0.6, J_CHICKENPOX_57=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id D8y6SmtfCVFk for <>; Tue, 25 Nov 2014 09:38:36 -0800 (PST)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DABD81A0368 for <>; Tue, 25 Nov 2014 09:38:35 -0800 (PST)
X-AuditID: c1b4fb30-f79e66d000000ff1-a8-5474be990274
Received: from (Unknown_Domain []) by (Symantec Mail Security) with SMTP id 78.65.04081.99EB4745; Tue, 25 Nov 2014 18:38:33 +0100 (CET)
Received: from ([]) by ([]) with mapi id 14.03.0195.001; Tue, 25 Nov 2014 18:38:33 +0100
From: Stefan Håkansson LK <>
To: "Makaraju, Maridi Raju (Raju)" <>, Justin Uberti <>
Thread-Topic: [rtcweb] JSEP: Why always offer actpass?
Thread-Index: AdAH/G6saC/Ce4vxTgqv23nLTon8JA==
Date: Tue, 25 Nov 2014 17:38:32 +0000
Message-ID: <>
References: <> <> <> <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrFLMWRmVeSWpSXmKPExsUyM+Jvje7MfSUhBg9PGVhsnSpk0bDxCqvF 2n/t7A7MHq3P9rJ6LNhU6rFkyU+mAOYoLpuU1JzMstQifbsEroxfR2sK9gpVfL/wi7mBcQ5/ FyMnh4SAicSyxyfYIGwxiQv31gPZXBxCAkcYJf5f+soI4SxhlHh8ZgJYFZtAoMTWfQvAbBGB XIl5fSvBbGYBdYk7i8+xg9jCAqYSky4uY4KoMZNYeHICI4StJ3HzywUWEJtFQFXi24OrzCA2 r4CvRNuvbVDLVjNJHJr/EayZEeik76fWMEEsEJe49WQ+E8SpAhJL9pxnhrBFJV4+/scKYStJ rNh+iRGiXk/ixtQpUMdpSyxb+BpqmaDEyZlPWCYwis5CMnYWkpZZSFpmIWlZwMiyilG0OLU4 KTfdyEgvtSgzubg4P08vL7VkEyMwcg5u+W2wg/Hlc8dDjAIcjEo8vBs+FIcIsSaWFVfmHmKU 5mBREuddeG5esJBAemJJanZqakFqUXxRaU5q8SFGJg5OqQbGtZqyc5V2HHv/WqtYwXan5alX nK7WQrdFX4o/fsk6p/jQiYMnZ+ovsZVlnDj9x3ob35tLy2JKq+cmHm9qZvRb/t2uUWrb+baS nRMvrZhQHDPfJiSuLHnunZnSaaI5e5YK7L7xYat4zZ0lUybaelWvk1jYt+XvM6aEEKk/qjaK L8+cMXqn9fA2txJLcUaioRZzUXEiAOONGVR9AgAA
Cc: "" <>
Subject: Re: [rtcweb] JSEP: Why always offer actpass?
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 25 Nov 2014 17:38:38 -0000

On 25/11/14 17:28, Makaraju, Maridi Raju (Raju) wrote:
>>> o  The endpoint MUST use the setup attribute defined in [RFC4145
>> <>].
>>> The endpoint that is the offerer MUST use the setup attribute
>>> value of setup:actpass and be prepared to receive a client_hello
>>> before it receives the answer.  The answerer MUST use either a
>>> setup attribute value of setup:active or setup:passive.  Note
>>> that if the answerer uses setup:passive, then the DTLS handshake
>>> will not begin until the answerer is received, which adds
>>> additional latency. setup:active allows the answer and the DTLS
>>> handshake to occur in parallel.  Thus, setup:active is
>>> RECOMMENDED.  Whichever party is active MUST initiate a DTLS
>>> handshake by sending a
>>> ClientHello over each flow (host/port quartet).
>> The section quoted seem to refer to the initial offer/answer, later
>> in that document (section 6.6, with heading "Session Modification")
>> there is wording that (to me at least) hints at keeping the
>> established roles in subsequent offers.
>> A different question is the value of initially offering actpass
>> when ICE is mandatory to use. ICE connectivity checks will happen
>> before the DTLS handshake, so perhaps initially offering passive
>> would make sense. (actpass is a MUST according to 5763, OTOH 5763
>> is only an informal ref to JSEP.)
> <Raju> Limiting it to "passive" would force the peer and/or
> intermediaries to support DTLS client functionality as well. IMHO,
> this may limit the success rate. If a peer or middlebox does not
> support DTLS client functionality then it can always return
> "passive", which may involve bit more delay in DTLS setup. But it is
> not that bad as the SDP offerer must wait for SDP answer
> (a=fingerprint is needed) before the DTLS can be setup successfully
> anyway. </Raju>

Thanks Raju, seems this was a bad proposal - forget you heard it!

Do you have an opinion on my main "topic": that subsequent offers should 
offer the already negotiated role, rather than always "actpass"?


> BR Raju