IETF Logo Mail Archive

Re: [rtcweb] Unsolicited DTLS Handshake

Roman Shpount <roman@telurix.com> Wed, 03 December 2014 15:30 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B09381A1B63 for <rtcweb@ietfa.amsl.com>; Wed, 3 Dec 2014 07:30:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.078
X-Spam-Level:
X-Spam-Status: No, score=-1.078 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_111=0.6, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2rKurLiboHjR for <rtcweb@ietfa.amsl.com>; Wed, 3 Dec 2014 07:30:30 -0800 (PST)
Received: from mail-wg0-f43.google.com (mail-wg0-f43.google.com [74.125.82.43]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 657501A1A4E for <rtcweb@ietf.org>; Wed, 3 Dec 2014 07:30:30 -0800 (PST)
Received: by mail-wg0-f43.google.com with SMTP id l18so20390820wgh.2 for <rtcweb@ietf.org>; Wed, 03 Dec 2014 07:30:29 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=bsoGS/sn3PsOzFVViS8VrvGz+QY8KLE/zZfJN61zG84=; b=f6SIXeirW25Wd2+evELay1qvivNQ24h5vrA+uA5j2J47HtFEcY0vmQoZ68s3eYlPGm /mSs4bEqDcmTzAeUZ7xRDHUxeQvSiDxOgFxMb4596SKymEvGLZm8oFL+ljo1oUn2C8N2 ncOo3mK6h8EpL1dQk8ioTBhdVk26MirhZIcCR0SWIRDuqyqdXRezmt+BUZa3LOHzHXoV 28iXimbaOWn+i01ANwrwRmXzVarFvJ9OvE7xrzY1b5vBmLG8GKcDVgs2obl/9HRQ/cXj hPFrAcruSkDdhps/rTGLF7fjAUBDGe8vfaRs8A71qH1BBcRS2HbPiFaEgQtovYIMDPBQ G3ZQ==
X-Gm-Message-State: ALoCoQkiIc0vo3ITFxh4X9EcYZsc19Gjr5IB3tRsUJNBMlpXjBEmsfhrMQf4GOFc3bVgyU/oH6Wy
X-Received: by 10.194.200.1 with SMTP id jo1mr8653548wjc.64.1417620629070; Wed, 03 Dec 2014 07:30:29 -0800 (PST)
Received: from mail-wi0-f182.google.com (mail-wi0-f182.google.com. [209.85.212.182]) by mx.google.com with ESMTPSA id w10sm36718468wje.10.2014.12.03.07.30.28 for <rtcweb@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 03 Dec 2014 07:30:28 -0800 (PST)
Received: by mail-wi0-f182.google.com with SMTP id h11so24802721wiw.15 for <rtcweb@ietf.org>; Wed, 03 Dec 2014 07:30:28 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.194.92.116 with SMTP id cl20mr8351303wjb.71.1417620628020; Wed, 03 Dec 2014 07:30:28 -0800 (PST)
Received: by 10.216.70.16 with HTTP; Wed, 3 Dec 2014 07:30:27 -0800 (PST)
In-Reply-To: <CALiegfmeJUHvXtguSqy=U4uBvtXz0pg+AjGN3ygJ_Mwc8qak=g@mail.gmail.com>
References: <CAD5OKxtyy2Djh5ssE69qLJq7deQU9LP=J2vpn_Y3eO=4D2vpmg@mail.gmail.com> <CALiegfnh3pHA=Z6O_PYuhoECzzex3quDh1fUk=yRvbFp+xKGNQ@mail.gmail.com> <CABkgnnUppq01v1vo8H6WY80nS5XUhf+mjuNMreYyCQagKFgOGQ@mail.gmail.com> <CAD5OKxsbt4O8xuphthvEJqEYgPfubhpvY1sNDi_GkzcyEQXkyw@mail.gmail.com> <CABkgnnX8ufq1YQm+6S1xE+zDMQ42qAcvYiViKmAdG49Tj3HXUA@mail.gmail.com> <CAD5OKxv9SZUCwZT81QgPHs_TLyLiMJLKt1WU+2F0oH+gKQAJoA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D56EA42@ESESSMB209.ericsson.se> <CAD5OKxvjbqNhszkDUjMaSJB2+Pnc4qQdmQQKfNT+Ypnz5yR2yw@mail.gmail.com> <1447FA0C20ED5147A1AA0EF02890A64B1D0EDF50@ESESSMB209.ericsson.se> <7594FB04B1934943A5C02806D1A2204B1D573154@ESESSMB209.ericsson.se> <CAD5OKxu5QNJVfu4qUXvKQuMiF8t-Zw==JaxjBkuC8USHscjBZA@mail.gmail.com> <CALiegfmeJUHvXtguSqy=U4uBvtXz0pg+AjGN3ygJ_Mwc8qak=g@mail.gmail.com>
Date: Wed, 03 Dec 2014 10:30:27 -0500
Message-ID: <CAD5OKxuAXnNGBroqeZ7f0kRvYudyGmq9uTK-woq-Fp8Tp90UjA@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Content-Type: multipart/alternative; boundary="047d7bd910c2f5a47f05095185dd"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/jT1J5fDNB_Tsv2M_h5wV-KdGnLs
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Unsolicited DTLS Handshake
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2014 15:30:31 -0000

On Wed, Dec 3, 2014 at 10:01 AM, Iñaki Baz Castillo <ibc@aliax.net> wrote:

> 2014-12-03 15:43 GMT+01:00 Roman Shpount <roman@telurix.com>:
> > If the transport parameter have NOT changed, can the fingerprint be
> changed?
>
>
> Correct me if I'm wrong, but during a DTLS/TLS session certificates
> are sent just once, at the beginning. Changing the a=fingerprint
> attribute in a new SDP O/A round-trip without forcing a new DTLS
> session should just be considered an error.
>
> Again: we are trying to signal too much in the SDP.
>
>
This is not exactly the SDP issue. This is an issue of being able to stop
DTLS session and start a new one on the same transport connection while
being able to de-mux packets for both sessions. It is a valid operation for
DTLS-SRTP, but it does complicate the implementation. I am sure there are
some media proxy scenarios where fingerprint and setup role changes would
be required, but this is definitely not required for normal webrtc use
cases. I do not think it would be a great loss if changing fingerprint and
setup role would not be allowed, but that would need to be defined
somewhere. For instance JSEP can specify the offers or answers which change
setup role or fingerprint should be treated as malformed or that these
updates must be ignored.

Re-key, on the other hand, must be supported, since support for it cannot
be negotiated and it does provide valuable functionality.
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email