Re: [rtcweb] Unsolicited DTLS Handshake
Roman Shpount <roman@telurix.com> Wed, 03 December 2014 15:30 UTC
Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B09381A1B63 for <rtcweb@ietfa.amsl.com>; Wed, 3 Dec 2014 07:30:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.078
X-Spam-Level:
X-Spam-Status: No, score=-1.078 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_111=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2rKurLiboHjR for <rtcweb@ietfa.amsl.com>; Wed, 3 Dec 2014 07:30:30 -0800 (PST)
Received: from mail-wg0-f43.google.com (mail-wg0-f43.google.com [74.125.82.43]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 657501A1A4E for <rtcweb@ietf.org>; Wed, 3 Dec 2014 07:30:30 -0800 (PST)
Received: by mail-wg0-f43.google.com with SMTP id l18so20390820wgh.2 for <rtcweb@ietf.org>; Wed, 03 Dec 2014 07:30:29 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=bsoGS/sn3PsOzFVViS8VrvGz+QY8KLE/zZfJN61zG84=; b=f6SIXeirW25Wd2+evELay1qvivNQ24h5vrA+uA5j2J47HtFEcY0vmQoZ68s3eYlPGm /mSs4bEqDcmTzAeUZ7xRDHUxeQvSiDxOgFxMb4596SKymEvGLZm8oFL+ljo1oUn2C8N2 ncOo3mK6h8EpL1dQk8ioTBhdVk26MirhZIcCR0SWIRDuqyqdXRezmt+BUZa3LOHzHXoV 28iXimbaOWn+i01ANwrwRmXzVarFvJ9OvE7xrzY1b5vBmLG8GKcDVgs2obl/9HRQ/cXj hPFrAcruSkDdhps/rTGLF7fjAUBDGe8vfaRs8A71qH1BBcRS2HbPiFaEgQtovYIMDPBQ G3ZQ==
X-Gm-Message-State: ALoCoQkiIc0vo3ITFxh4X9EcYZsc19Gjr5IB3tRsUJNBMlpXjBEmsfhrMQf4GOFc3bVgyU/oH6Wy
X-Received: by 10.194.200.1 with SMTP id jo1mr8653548wjc.64.1417620629070; Wed, 03 Dec 2014 07:30:29 -0800 (PST)
Received: from mail-wi0-f182.google.com (mail-wi0-f182.google.com. [209.85.212.182]) by mx.google.com with ESMTPSA id w10sm36718468wje.10.2014.12.03.07.30.28 for <rtcweb@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 03 Dec 2014 07:30:28 -0800 (PST)
Received: by mail-wi0-f182.google.com with SMTP id h11so24802721wiw.15 for <rtcweb@ietf.org>; Wed, 03 Dec 2014 07:30:28 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.194.92.116 with SMTP id cl20mr8351303wjb.71.1417620628020; Wed, 03 Dec 2014 07:30:28 -0800 (PST)
Received: by 10.216.70.16 with HTTP; Wed, 3 Dec 2014 07:30:27 -0800 (PST)
In-Reply-To: <CALiegfmeJUHvXtguSqy=U4uBvtXz0pg+AjGN3ygJ_Mwc8qak=g@mail.gmail.com>
References: <CAD5OKxtyy2Djh5ssE69qLJq7deQU9LP=J2vpn_Y3eO=4D2vpmg@mail.gmail.com> <CALiegfnh3pHA=Z6O_PYuhoECzzex3quDh1fUk=yRvbFp+xKGNQ@mail.gmail.com> <CABkgnnUppq01v1vo8H6WY80nS5XUhf+mjuNMreYyCQagKFgOGQ@mail.gmail.com> <CAD5OKxsbt4O8xuphthvEJqEYgPfubhpvY1sNDi_GkzcyEQXkyw@mail.gmail.com> <CABkgnnX8ufq1YQm+6S1xE+zDMQ42qAcvYiViKmAdG49Tj3HXUA@mail.gmail.com> <CAD5OKxv9SZUCwZT81QgPHs_TLyLiMJLKt1WU+2F0oH+gKQAJoA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D56EA42@ESESSMB209.ericsson.se> <CAD5OKxvjbqNhszkDUjMaSJB2+Pnc4qQdmQQKfNT+Ypnz5yR2yw@mail.gmail.com> <1447FA0C20ED5147A1AA0EF02890A64B1D0EDF50@ESESSMB209.ericsson.se> <7594FB04B1934943A5C02806D1A2204B1D573154@ESESSMB209.ericsson.se> <CAD5OKxu5QNJVfu4qUXvKQuMiF8t-Zw==JaxjBkuC8USHscjBZA@mail.gmail.com> <CALiegfmeJUHvXtguSqy=U4uBvtXz0pg+AjGN3ygJ_Mwc8qak=g@mail.gmail.com>
Date: Wed, 03 Dec 2014 10:30:27 -0500
Message-ID: <CAD5OKxuAXnNGBroqeZ7f0kRvYudyGmq9uTK-woq-Fp8Tp90UjA@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Content-Type: multipart/alternative; boundary="047d7bd910c2f5a47f05095185dd"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/jT1J5fDNB_Tsv2M_h5wV-KdGnLs
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Unsolicited DTLS Handshake
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2014 15:30:31 -0000
On Wed, Dec 3, 2014 at 10:01 AM, Iñaki Baz Castillo <ibc@aliax.net> wrote: > 2014-12-03 15:43 GMT+01:00 Roman Shpount <roman@telurix.com>: > > If the transport parameter have NOT changed, can the fingerprint be > changed? > > > Correct me if I'm wrong, but during a DTLS/TLS session certificates > are sent just once, at the beginning. Changing the a=fingerprint > attribute in a new SDP O/A round-trip without forcing a new DTLS > session should just be considered an error. > > Again: we are trying to signal too much in the SDP. > > This is not exactly the SDP issue. This is an issue of being able to stop DTLS session and start a new one on the same transport connection while being able to de-mux packets for both sessions. It is a valid operation for DTLS-SRTP, but it does complicate the implementation. I am sure there are some media proxy scenarios where fingerprint and setup role changes would be required, but this is definitely not required for normal webrtc use cases. I do not think it would be a great loss if changing fingerprint and setup role would not be allowed, but that would need to be defined somewhere. For instance JSEP can specify the offers or answers which change setup role or fingerprint should be treated as malformed or that these updates must be ignored. Re-key, on the other hand, must be supported, since support for it cannot be negotiated and it does provide valuable functionality. _____________ Roman Shpount
- [rtcweb] Unsolicited DTLS Handshake Roman Shpount
- Re: [rtcweb] Unsolicited DTLS Handshake Iñaki Baz Castillo
- Re: [rtcweb] Unsolicited DTLS Handshake Martin Thomson
- Re: [rtcweb] Unsolicited DTLS Handshake Roman Shpount
- Re: [rtcweb] Unsolicited DTLS Handshake Martin Thomson
- Re: [rtcweb] Unsolicited DTLS Handshake Christer Holmberg
- Re: [rtcweb] Unsolicited DTLS Handshake Schwarz, Albrecht (Albrecht)
- Re: [rtcweb] Unsolicited DTLS Handshake Roman Shpount
- Re: [rtcweb] Unsolicited DTLS Handshake Christer Holmberg
- Re: [rtcweb] Unsolicited DTLS Handshake Roman Shpount
- Re: [rtcweb] Unsolicited DTLS Handshake Stefan Håkansson LK
- Re: [rtcweb] Unsolicited DTLS Handshake Christer Holmberg
- Re: [rtcweb] Unsolicited DTLS Handshake Roman Shpount
- Re: [rtcweb] Unsolicited DTLS Handshake Iñaki Baz Castillo
- Re: [rtcweb] Unsolicited DTLS Handshake Iñaki Baz Castillo
- Re: [rtcweb] Unsolicited DTLS Handshake Roman Shpount
- Re: [rtcweb] Unsolicited DTLS Handshake Christer Holmberg
- Re: [rtcweb] Unsolicited DTLS Handshake Justin Uberti
- Re: [rtcweb] Unsolicited DTLS Handshake Christer Holmberg