Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-channel-12.txt> (WebRTC Data Channels) to Proposed Standard
Harald Alvestrand <harald@alvestrand.no> Sun, 12 October 2014 10:18 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D6A91A8A50 for <rtcweb@ietfa.amsl.com>; Sun, 12 Oct 2014 03:18:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_57=0.6, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c7b_OIMgZIyn for <rtcweb@ietfa.amsl.com>; Sun, 12 Oct 2014 03:18:27 -0700 (PDT)
Received: from mork.alvestrand.no (mork.alvestrand.no [158.38.152.117]) by ietfa.amsl.com (Postfix) with ESMTP id 475C11A8A4D for <rtcweb@ietf.org>; Sun, 12 Oct 2014 03:18:27 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mork.alvestrand.no (Postfix) with ESMTP id 667B77C4026 for <rtcweb@ietf.org>; Sun, 12 Oct 2014 12:18:26 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at alvestrand.no
Received: from mork.alvestrand.no ([127.0.0.1]) by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Iwfyz4lPMRQ for <rtcweb@ietf.org>; Sun, 12 Oct 2014 12:18:25 +0200 (CEST)
Received: from [172.30.42.116] (c-58f0e555.03-217-73746f1.cust.bredbandsbolaget.se [85.229.240.88]) by mork.alvestrand.no (Postfix) with ESMTPSA id 75AE17C39A0 for <rtcweb@ietf.org>; Sun, 12 Oct 2014 12:18:25 +0200 (CEST)
Message-ID: <543A5570.7060208@alvestrand.no>
Date: Sun, 12 Oct 2014 12:18:24 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <20141010004836.12666.88765.idtracker@ietfa.amsl.com> <91953101b2634ec69d14e120ea62d929@CY1PR0501MB1579.namprd05.prod.outlook.com> <CABkgnnWE7czWqi4vQRb5d50N2k95joc_Zcvw6w6g7SOjU9b+9g@mail.gmail.com> <03a3bbbc282b4e6d88d587931b46b5f8@CY1PR0501MB1579.namprd05.prod.outlook.com> <57B40110-2F21-4893-B77C-54F46D18567F@lurchi.franken.de> <1DE35922-E890-40C2-87E9-C8C12235920E@phonefromhere.com> <E53B9B7E-37F0-495C-B1BA-DE0A48AC6D73@lurchi.franken.de> <abdfd3ef58dd40028e8d5e2248b5a995@CY1PR0501MB1579.namprd05.prod.outlook.com>
In-Reply-To: <abdfd3ef58dd40028e8d5e2248b5a995@CY1PR0501MB1579.namprd05.prod.outlook.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/f63AZLMsKQegGvs9Wuayfr9tCxw
Subject: Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-channel-12.txt> (WebRTC Data Channels) to Proposed Standard
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Oct 2014 10:18:30 -0000
Given that the middle box has to: - decrypt and encrypt all packets (because the keys are different) - assert its own identity towards both endpoints (because otherwise DTLS doesn't work) - be trusted by both endpoints (otherwise it's a MITM attack by definition) - manage SCTP congestion control independently on the two legs (because that's how SCTP works) I don't see the reshuffling of packets between channel numbers to be an excessive *additional* burden. The kind of "middle box" that "just shuffles bits" while doing something to them or with them in addition doesn't exist in the WebRTC context. On 10/11/2014 06:58 PM, Wyss, Felix wrote: >>> Yes, it does. I think the worry is that the middle box may end up as DTLS server to both legs. >> And why can't the middle box avoid this? > How can it if it is the offerer on both legs? From RFC#5763, section 5 (page 10): "The endpoint that is the offerer MUST use the setup attribute value of setup:actpass and be prepared to receive a client_hello before it receives the answer." > > The answerer thus gets to pick whether it is the client or server. As mentioned in my original message, the answerer picking client is desirable as it can speed up the DTLS negotiation. So almost invariably the middlebox will be DTLS server on both legs. > > >>> That leaves both endpoints as DTLS clients. This then breaks the >>> odd-even split and risks the endpoints allocating the same stream numbers. >> I think "risks" is the wrong term here. I guess they will run into this almost always. > Not necessarily if the endpoints draw their IDs at random. That makes this particularly problematic as everything may appear to work fine but then fail intermittently in the field due to collisions. > > --Felix > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb -- Surveillance is pervasive. Go Dark.
- [rtcweb] Last Call: <draft-ietf-rtcweb-data-chann… The IESG
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Wyss, Felix
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Martin Thomson
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Wyss, Felix
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Michael Tuexen
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… tim panton
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Michael Tuexen
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Wyss, Felix
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Michael Tuexen
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Michael Tuexen
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Harald Alvestrand
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Makaraju, Maridi Raju (Raju)
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Michael Tuexen
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Wyss, Felix
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Harald Alvestrand
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Michael Tuexen
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Harald Alvestrand
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Michael Tuexen
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Makaraju, Maridi Raju (Raju)
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Wyss, Felix
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Makaraju, Maridi Raju (Raju)
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Peter Thatcher
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Harald Alvestrand
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Wyss, Felix
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Randell Jesup
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Wyss, Felix
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Randell Jesup
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Wyss, Felix
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… tim panton
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Wyss, Felix
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Randell Jesup
- Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-c… Wyss, Felix