Re: [rtcweb] Making progress on the signaling discussion (NB: Action items enclosed!)

Randell Jesup <> Thu, 13 October 2011 05:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id F335721F8AFF for <>; Wed, 12 Oct 2011 22:08:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.256
X-Spam-Status: No, score=-2.256 tagged_above=-999 required=5 tests=[AWL=-0.257, BAYES_00=-2.599, J_CHICKENPOX_24=0.6]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cYhPJoSvWceX for <>; Wed, 12 Oct 2011 22:08:01 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 7821C21F8AD1 for <>; Wed, 12 Oct 2011 22:08:01 -0700 (PDT)
Received: from ([] helo=[]) by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <>) id 1REDWS-0000do-K5 for; Thu, 13 Oct 2011 00:08:00 -0500
Message-ID: <>
Date: Thu, 13 Oct 2011 01:03:40 -0400
From: Randell Jesup <>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.1) Gecko/20110830 Thunderbird/6.0.1
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
Subject: Re: [rtcweb] Making progress on the signaling discussion (NB: Action items enclosed!)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 13 Oct 2011 05:08:02 -0000

On 10/13/2011 12:48 AM, Roman Shpount wrote:
> On Thu, Oct 13, 2011 at 12:29 AM, Randell Jesup <
> <>> wrote:
>     It did cover that case - it was up to the app what to do when the
>     first ACCEPT was processed.  I didn't go into the JS-level
>     mechanisms used.
> I guess I might be missing something, but how, using ACCEPT, RTC can
> generate a single offer, get two answers back, and create two media
> streams? Creating a second media stream does not mean that this is a
> last answer for this stream (corresponds to new SIP dialog created by
> provisional response) and accepting a stream does not mean it cannot be
> cloned (corresponds to new SIP dialog created by new final response). So
> essentially we need four operations: create offer, create media stream
> based on an answer, update existing stream based on a new answer for the
> same dialog, and finalize the media stream. Or alternatively we can
> achieve the same with create offer and stream together, process answer,
> accept (finalize the stream) and clone the stream. Either way we need
> four methods and we achieve the same functionality.

I'm not sure we're actually disagreeing here - I'll dig out my original 

>     Do not assume that remote IP == source - this is easily provably
>     false, though if you used remote IP+port AND local IP+port I think
>     it would be ok.  However, for each remote connection we should have
>     a DTLS connection instance, so that's probably simplest.
> Yes, I do agree we should disambiguate on local/remote IP+port pair. I
> did not realize we are requiring DTLS/SRTP in RTC. I don't think I've
> seen a single implementation of this in the wild, and I do not see any
> harm in supporting SRTP and (with user confirmation) of plain RTP.

Yes, allowing any non-encrypted connection is controversial currently. 
DTLS for the PeerConnection and any data channels, and DTLS-SRTP for the 
media channels.  See ekr's security spec.  As for implementations, that 
should not be a problem.  Plain SRTP with SDES I consider more 
problematic, since it inherently exposes the keys to the un-trusted app 
and server.

Randell Jesup