IETF Logo Mail Archive

Re: [rtcweb] SRTP not mandatory-to-use

Roman Shpount <roman@telurix.com> Wed, 11 January 2012 22:50 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABB2D21F8587 for <rtcweb@ietfa.amsl.com>; Wed, 11 Jan 2012 14:50:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qxPcjvoApexB for <rtcweb@ietfa.amsl.com>; Wed, 11 Jan 2012 14:50:17 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 0ED2A21F857F for <rtcweb@ietf.org>; Wed, 11 Jan 2012 14:50:16 -0800 (PST)
Received: by iaae16 with SMTP id e16so1560318iaa.31 for <rtcweb@ietf.org>; Wed, 11 Jan 2012 14:50:16 -0800 (PST)
Received: by 10.50.180.233 with SMTP id dr9mr8734001igc.11.1326322216638; Wed, 11 Jan 2012 14:50:16 -0800 (PST)
Received: from mail-pz0-f44.google.com (mail-pz0-f44.google.com [209.85.210.44]) by mx.google.com with ESMTPS id py9sm5126323igc.2.2012.01.11.14.50.14 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 11 Jan 2012 14:50:15 -0800 (PST)
Received: by dajz8 with SMTP id z8so941723daj.31 for <rtcweb@ietf.org>; Wed, 11 Jan 2012 14:50:14 -0800 (PST)
MIME-Version: 1.0
Received: by 10.68.115.195 with SMTP id jq3mr3100925pbb.34.1326322214059; Wed, 11 Jan 2012 14:50:14 -0800 (PST)
Received: by 10.68.44.197 with HTTP; Wed, 11 Jan 2012 14:50:13 -0800 (PST)
In-Reply-To: <4F0DFD0B.2000009@jesup.org>
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com> <CAKhHsXHnT2p7yncha5-BQ=-Lzk3-N+tuijM-UqwfP1mPUi173A@mail.gmail.com> <BLU152-W1140980759D89AC3C1D0CA93940@phx.gbl> <CA+9kkMBdX7YT1tPj5M3VrzAPKa6tXNGZVvvhjW9V4oOEC7g_kA@mail.gmail.com> <CAOJ7v-1_qMoHBb3K7rV=hG9EadqL=xn4KEdG0zdWnKZU9_TipQ@mail.gmail.com> <4AEFFC17-EF17-40F2-B83B-0B0CC44AD2C3@cisco.com> <CAKhHsXEes+Lf+uKdTrjXoy+3PMy2uNumNL-W-0s4_xRXW6FiZg@mail.gmail.com> <4F0CAC8C.8010203@wonderhamster.org> <1D062974A4845E4D8A343C6538049202074ABD3A@XMB-BGL-414.cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCF907@inba-mail02.sonusnet.com> <CALiegfkejnU2rTe-FibUVxTrRS9SivkhGXB5eK+FhD8Vu6iTMA@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCF9FC@inba-mail02.sonusnet.com> <CALiegfn07bS58B+4ZyzRTnO4LCpw1e96dnqpSM+TT1y3QG2Zwg@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCFBC1@inba-mail02.sonusnet.com> <CAOJ7v-20+yL7r+_ODx_czHTiujXZZWESaZRB7MQjhvScg3RFtw@mail.gmail.com> <4F0DFD0B.2000009@jesup.org>
Date: Wed, 11 Jan 2012 17:50:13 -0500
Message-ID: <CAD5OKxsOqzXDz3WYhLejDtB-zGUcZYMCApHxPyU3XV++_RZhBg@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Randell Jesup <randell-ietf@jesup.org>
Content-Type: multipart/alternative; boundary="047d7b15a3896d3f0904b6487434"
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP not mandatory-to-use
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2012 22:50:17 -0000

On Wed, Jan 11, 2012 at 4:20 PM, Randell Jesup <randell-ietf@jesup.org>wrote:

>
> I'd like to explore the possibility of making sure there's a workable
> DTLS-SRTP implementation openly available, and locking WebRTC down to that
> only.
>
> I should note that while libsrtp 1.4.2 (last official release) doesn't
> have DTLS-SRTP support, there are DTLS-SRTP support functions and test code
> in the project's CVS since ~2006, and resiprocate/recon supports DTLS-SRTP
> via a modified OpenSSL.  So, I'm not sure the barrier is huge given DTLS
> support already.
>
>
Can you name a single soft-phone, hard-phone, SBC, or gateway that
currently supports DTLS-SRTP?

The reason I am asking is libsrtp, despite being widely used, is extremely
buggy (last official release for instance crashes with GPF), and does not
even provide full DES-SRTP implementation (no F8_128_HMAC_SHA1_8 support).

As far as DTLS (non-SRTP) implementations are concerned, can anybody
provide an indication on how widely they are used? I know that OpenSSL
supported DTLS for a while, but what commonly used software is using this?

Also, what would be the impact of adding DTLS to SBC? It would be
interesting to hear from SBC implementers before decision is made.

How many additional round trips does DTLS require for connection setup? Are
we planning to support certificate validation?
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email