Re: [rtcweb] Unique credentials for non-bundled m-lines

Cullen Jennings <fluffy@iii.ca> Sat, 17 May 2014 21:06 UTC

Return-Path: <fluffy@iii.ca>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 135CD1A0230 for <rtcweb@ietfa.amsl.com>; Sat, 17 May 2014 14:06:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yz_9Qiugaot7 for <rtcweb@ietfa.amsl.com>; Sat, 17 May 2014 14:06:25 -0700 (PDT)
Received: from fallback-in2.mxes.net (fallback-out2.mxes.net [216.86.168.191]) by ietfa.amsl.com (Postfix) with ESMTP id 469B21A021B for <rtcweb@ietf.org>; Sat, 17 May 2014 14:06:25 -0700 (PDT)
Received: from mxout-07.mxes.net (mxout-07.mxes.net [216.86.168.182]) by fallback-in1.mxes.net (Postfix) with ESMTP id D3F7C2FD7B7 for <rtcweb@ietf.org>; Sat, 17 May 2014 17:06:18 -0400 (EDT)
Received: from sjc-vpn7-167.cisco.com (unknown [128.107.239.233]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 93F9B22E257; Sat, 17 May 2014 17:06:17 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 7.2 \(1874\))
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <CABcZeBNznhqaLrFE146tYKR1ENs8BpBAUutG5BmhHH5XD3B7uw@mail.gmail.com>
Date: Sat, 17 May 2014 13:30:38 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <7F15A160-ED6E-4B77-833F-D83AD6DD7483@iii.ca>
References: <CABcZeBNznhqaLrFE146tYKR1ENs8BpBAUutG5BmhHH5XD3B7uw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.1874)
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/TRNbJdzck57kjjlGgznYEJElQZs
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Unique credentials for non-bundled m-lines
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 17 May 2014 21:06:41 -0000

On May 11, 2014, at 7:55 PM, Eric Rescorla <ekr@rtfm.com> wrote:

> https://github.com/rtcweb-wg/jsep/issues/17
> 
> JSEP S 5.2.1 reads:
> 
> Each m= section, provided it is not being bundled into another m=
> section, MUST generate a unique set of ICE credentials and gather its
> own unique set of ICE candidates. Otherwise, it MUST use the same ICE
> credentials and candidates that were used in the m= section that it is
> being bundled into.
> 
> But Section 15.4 of ICE explicitly permits m-lines to share
> credentials, and of course ICE knows nothing of BUNDLE:
> 
> The "ice-pwd" and "ice-ufrag" attributes can appear at either the
> session-level or media-level. When present in both, the value in the
> media-level takes precedence. Thus, the value at the session-level is
> effectively a default that applies to all media streams, unless
> overridden by a media-level value. Whether present at the session or
> media-level, there MUST be an ice-pwd and ice-ufrag attribute for each
> media stream. If two media streams have identical ice-ufrag's, they
> MUST have identical ice-pwd's.
> 
> Is there a reason for requiring unique credentials? If not I suggest
> we remove this requirement.

When not doing bundle, is there any problems in the consent security with shared credential? If not, seems like we should remove this.