Re: [rtcweb] Unique credentials for non-bundled m-lines
Christer Holmberg <christer.holmberg@ericsson.com> Sun, 18 May 2014 09:56 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C39141A02C0 for <rtcweb@ietfa.amsl.com>; Sun, 18 May 2014 02:56:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jJiDnJk0bSI1 for <rtcweb@ietfa.amsl.com>; Sun, 18 May 2014 02:56:32 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 251891A01B6 for <rtcweb@ietf.org>; Sun, 18 May 2014 02:56:31 -0700 (PDT)
X-AuditID: c1b4fb25-f798c6d000001521-5a-537883cdad49
Received: from ESESSHC002.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id FB.EE.05409.DC388735; Sun, 18 May 2014 11:56:29 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.28]) by ESESSHC002.ericsson.se ([153.88.183.24]) with mapi id 14.03.0174.001; Sun, 18 May 2014 11:56:29 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Cullen Jennings <fluffy@iii.ca>, Eric Rescorla <ekr@rtfm.com>
Thread-Topic: [rtcweb] Unique credentials for non-bundled m-lines
Thread-Index: AQHPbX0CsLgPdS75CE+BKV3tudy2tZtE/7EAgAEj/MA=
Date: Sun, 18 May 2014 09:56:28 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D31BEC1@ESESSMB209.ericsson.se>
References: <CABcZeBNznhqaLrFE146tYKR1ENs8BpBAUutG5BmhHH5XD3B7uw@mail.gmail.com> <7F15A160-ED6E-4B77-833F-D83AD6DD7483@iii.ca>
In-Reply-To: <7F15A160-ED6E-4B77-833F-D83AD6DD7483@iii.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.149]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOLMWRmVeSWpSXmKPExsUyM+Jvje7Z5opggx9f9CxWvD7HbvFh/Q9G i7X/2tkdmD2WLPnJ5HH5/EdGj8mP25gDmKO4bFJSczLLUov07RK4MpretjEVfOCuWH27l7mB 8SpnFyMHh4SAicTKmTpdjJxAppjEhXvr2boYuTiEBI4ySizZcIIFwlnMKPG8fQ0TSAObgIVE 9z9tkAYRAUeJBY82M4PYzALqEncWn2MHsYUFHCRan+9jhanpubKHGcK2kpj2bTVYDYuAqsTR nysZQWxeAV+JuZsfMUPsamCUOLf9JlgRJ1DDui9HwAYxAl33/RTIDSDLxCVuPZnPBHG1gMSS PeeZIWxRiZeP/7FC2EoSaw9vZ4Go15FYsPsTG4StLbFs4WtmiMWCEidnPmGZwCg2C8nYWUha ZiFpmYWkZQEjyypG0eLU4qTcdCNjvdSizOTi4vw8vbzUkk2MwJg6uOW36g7Gy28cDzEKcDAq 8fA+uF0eLMSaWFZcmXuIUZqDRUmc9/au0mAhgfTEktTs1NSC1KL4otKc1OJDjEwcnFINjH5W YVxqqrKzY26ynNid0qX5c2XE3XTdHSkhAQwLU+8EnG6cuXzJ4VVHWqofTTyet+lmZt0UA99N h34nLJNUFG3WeM/iPmd289+8xZsO1/351PHD0eL68uxf7NPS7xzJq924ZnW0yzLHQtZD3lca 1zpM4eIVlZrixiNtpLv9BP+V+o662NAJU5VYijMSDbWYi4oTARp9JbmKAgAA
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/b8XG7RA9z2EjI-LC-oYhZ7ZBzAM
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Unique credentials for non-bundled m-lines
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 May 2014 09:56:35 -0000
Hi, >> https://github.com/rtcweb-wg/jsep/issues/17 >> >> JSEP S 5.2.1 reads: >> >> Each m= section, provided it is not being bundled into another m= >> section, MUST generate a unique set of ICE credentials and gather its >> own unique set of ICE candidates. Otherwise, it MUST use the same ICE >> credentials and candidates that were used in the m= section that it is >> being bundled into. >> >> But Section 15.4 of ICE explicitly permits m-lines to share >> credentials, and of course ICE knows nothing of BUNDLE: >> >> The "ice-pwd" and "ice-ufrag" attributes can appear at either the >> session-level or media-level. When present in both, the value in the >> media-level takes precedence. Thus, the value at the session-level is >> effectively a default that applies to all media streams, unless >> overridden by a media-level value. Whether present at the session or >> media-level, there MUST be an ice-pwd and ice-ufrag attribute for each >> media stream. If two media streams have identical ice-ufrag's, they >> MUST have identical ice-pwd's. >> >> Is there a reason for requiring unique credentials? If not I suggest >> we remove this requirement. > > When not doing bundle, is there any problems in the consent security with shared credential? If > not, seems like we should remove this. I guess that would mean that different BUNDLE groups could share the same credentials also? Regards, Christer
- [rtcweb] Unique credentials for non-bundled m-lin… Eric Rescorla
- Re: [rtcweb] Unique credentials for non-bundled m… Cullen Jennings
- Re: [rtcweb] Unique credentials for non-bundled m… Christer Holmberg
- Re: [rtcweb] Unique credentials for non-bundled m… Justin Uberti