IETF Logo Mail Archive

Re: [rtcweb] How to determine TLS roles?

Christer Holmberg <christer.holmberg@ericsson.com> Mon, 10 February 2014 14:23 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E527E1A0865 for <rtcweb@ietfa.amsl.com>; Mon, 10 Feb 2014 06:23:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.24
X-Spam-Level:
X-Spam-Status: No, score=-1.24 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, HOST_MISMATCH_NET=0.311, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bTnxDzbytPoe for <rtcweb@ietfa.amsl.com>; Mon, 10 Feb 2014 06:23:56 -0800 (PST)
Received: from sessmg20.mgmt.ericsson.se (sessmg20.ericsson.net [193.180.251.50]) by ietfa.amsl.com (Postfix) with ESMTP id 4B2A71A02FA for <rtcweb@ietf.org>; Mon, 10 Feb 2014 06:23:55 -0800 (PST)
X-AuditID: c1b4fb32-b7f4c8e0000012f5-9c-52f8e0fab08e
Received: from ESESSHC020.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg20.mgmt.ericsson.se (Symantec Mail Security) with SMTP id BC.23.04853.AF0E8F25; Mon, 10 Feb 2014 15:23:55 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.99]) by ESESSHC020.ericsson.se ([153.88.183.78]) with mapi id 14.02.0387.000; Mon, 10 Feb 2014 15:23:54 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Tim Panton <tim@phonefromhere.com>
Thread-Topic: [rtcweb] How to determine TLS roles?
Thread-Index: Ac8mZBiXQux1+cpSRGeFwm+/NhCfyP//88iA///u0BCAABk5gP//7dsw
Date: Mon, 10 Feb 2014 14:23:54 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D1674E9@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1D1672FC@ESESSMB209.ericsson.se> <9ADA7473-1F36-4D96-A875-D2DC0762E9C2@phonefromhere.com> <7594FB04B1934943A5C02806D1A2204B1D1673C4@ESESSMB209.ericsson.se> <54B6400D-3753-4285-96DB-08EDB23BD03F@phonefromhere.com>
In-Reply-To: <54B6400D-3753-4285-96DB-08EDB23BD03F@phonefromhere.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.16]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrLLMWRmVeSWpSXmKPExsUyM+Jvje7vBz+CDPbMZbRY+6+d3eLi9luM DkweS5b8BBKTGtkCmKK4bFJSczLLUov07RK4MuYfnMxW8I234t/vvywNjB+5uhg5OSQETCSW ndvLDGGLSVy4t56ti5GLQ0jgBKPEl02XWCCcxYwSe+89AnI4ONgELCS6/2mDNIgIqEmc+3EY rJlZQF3izuJz7CC2sIChxNLHc5kgaowkZi/tZANpFRFwk9h1Qx3EZBFQlfhyMA6kglfAV+Jd 93RGiE3tTBJTJkwEG8kp4Crxb9sRNhCbEei276fWMEGsEpe49WQ+E8TNAhJL9pyHul9U4uXj f6wQtqLEzrPtUKfpSCzY/YkNwtaWWLbwNTPEYkGJkzOfsExgFJuFZOwsJC2zkLTMQtKygJFl FaNkcWpxcW66kYFebnpuiV5qUWZycXF+nl5x6iZGYBQd3PLbaAfjyT32hxilOViUxHmvs9YE CQmkJ5akZqemFqQWxReV5qQWH2Jk4uCUamDcKZuyvGe9eYH050/VeVccjsffOHTXnu3zyvPN UqJRt9/lRAXr7pO1+dfPzqqt+/fdnyq/V9yMT2903stt37Nxlecvv3dpLu92nbghnBFleOxK qfWqt1nJC5gOJm2V7rLdz2qTZLTcVFJO7aPqtN++fp9vumucnZ92ltd024et6f7lK8XU7nQo sRRnJBpqMRcVJwIAfk+J9XACAAA=
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] How to determine TLS roles?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 14:23:58 -0000

Hi,

>>>> If I understand correctly, in RTCWEB we are going to use a single DTLS association for two things:
>>>> 
>>>> 1)      Key exchange for SRTP
>>>> 2)      The data channel
>>>> 
>>>> Now, this means that there needs to be a generic way to determine the TLS roles.
>>>> 
>>>> In WEBRTC, how are the TLS roles determined?
>>> 
>>> That was the subject of a rant of mine.
>>> 
>>> I think the correct answer is that the party that ends up being IceControlling then becomes the DTLS client. Typically the initiator of a session is IceControlling. 
>>> 
>>> However the recent addition of
>>>> a=setup:passive
>>> to chrome's SDP clouds the story somewhat, allowing an IceController to say that it is DTLS passive and allow the non-initiator to be the DTLS client.
>>> 
>>> Ostensibly this is to support early media - where the receiver of a call wishes to send media before the initiator does.
>>> 
>>> As I said (rather intemperately) this added complexity is not worth the benefit.
>> 
>> I think that it should be possible for a JS App to explicitly set the roles.
>> 
>> Because, when SDP O/A is used on the wire, there are specified rules on how the roles are determined. But, some other on-the-wire protocol may have different rules.
>> 
> There are many things that the JS app will need to do if we aren't bound by SDP O/A - but I agreed not to talk about that - until after 1.0 gets out :-)

Fair enough, but for 1.0 we still need to know how the roles are determined :)

The security-arch document does say that a DTLS handshake is performed on each channel that has been established by ICE, but I don't find anything regarding the roles.

Regards,

Christer

v2.23.0 | Report a Bug | By Email