[rtcweb] SRTP and draft-alvestrand-rtcweb-gateways

🔓Dan Wing <dwing@cisco.com> Fri, 05 December 2014 17:04 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 349471AD428 for <rtcweb@ietfa.amsl.com>; Fri, 5 Dec 2014 09:04:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.211
X-Spam-Status: No, score=-14.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 1n_EJUxzFVRh for <rtcweb@ietfa.amsl.com>; Fri, 5 Dec 2014 09:04:33 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2779F1AD42A for <rtcweb@ietf.org>; Fri, 5 Dec 2014 09:04:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1441; q=dns/txt; s=iport; t=1417799072; x=1419008672; h=from:content-transfer-encoding:subject:message-id:date: to:mime-version; bh=UwwDqErbaWh50ucWEhgZBaKoGqzIKahPj24ym8eSrgk=; b=E5wQrQ8sW0/Wk8k8tWtQpQPlhv8chJLFt5uAvikoDeSzHalE7MXKMYKt uu9FSMpvUKXLgZS5LAmC3y4X4UzWg8lQPAs06/Q/Q2hThPD26vYJgFVM0 lKLw6I6KkQHEbN4xIVotUuB/S6/X0JsZRrxAJxED3D2wFDPycvbkgTouL Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.07,522,1413244800"; d="scan'208";a="103057981"
Received: from rcdn-core-7.cisco.com ([]) by alln-iport-2.cisco.com with ESMTP; 05 Dec 2014 17:04:18 +0000
Received: from [] ([]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id sB5H4GHb008681 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 5 Dec 2014 17:04:17 GMT
From: 🔓Dan Wing <dwing@cisco.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <EEC722FF-0E0E-4792-8552-71E4004CE8A3@cisco.com>
Date: Fri, 05 Dec 2014 09:03:50 -0800
To: draft-alvestrand-rtcweb-gateways@tools.ietf.org, RTCWEB <rtcweb@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/h1C3L957NUjuoDFN0zrRarhQ6C4
Subject: [rtcweb] SRTP and draft-alvestrand-rtcweb-gateways
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Dec 2014 17:04:35 -0000

Today's adoption call for draft-alvestrand-rtcweb-gateways made me go read it again.  In its section titled "WebRTC device requirements that can be relaxed", it says this:

>    If a gateway serves as a media relay into another RTP domain, it MAY
>    choose to support only features available in that network.  This
>    means that it MAY not (need to) support Bundle and any of the RTP/
>    RTCP extensions related to it, RTCP-Mux, or Trickle Ice. However, the
>    gateway MUST support DTLS-SRTP, since this is required for
>    interworking with WebRTC endpoints.

That last sentence (starting with "However") is a requirement that cannot be relaxed which makes it out of place in a section titled "requirements that can be relaxed".  I agree with what it is saying, but either provide a full list of WebRTC device requirements that cannot be relaxed (in its own section), or go into more detail about how DTLS-SRTP needs to be implemented in a gateway.  As one example, a gateway between WebRTC and an RTP-only network (e.g., call center or whatever) or to a TDM PBX, will need to support DTLS-SRTP towards WebRTC, but will not support DTLS-SRTP (or any other sort of keying) towards the RTP-only network or TDM PBX.  Easiest is to simply remove the sentence starting with "However".  Also, a gateway should be able to function into a TDM domain (not just "an RTP domain").