IETF Logo Mail Archive

Re: [rtcweb] SRTP not mandatory-to-use

Bernard Aboba <bernard_aboba@hotmail.com> Wed, 11 January 2012 20:00 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A09E71F0C7F for <rtcweb@ietfa.amsl.com>; Wed, 11 Jan 2012 12:00:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.271
X-Spam-Level:
X-Spam-Status: No, score=-102.271 tagged_above=-999 required=5 tests=[AWL=0.327, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hvn34Ocq66LY for <rtcweb@ietfa.amsl.com>; Wed, 11 Jan 2012 12:00:34 -0800 (PST)
Received: from blu0-omc1-s27.blu0.hotmail.com (blu0-omc1-s27.blu0.hotmail.com [65.55.116.38]) by ietfa.amsl.com (Postfix) with ESMTP id 696601F0C58 for <rtcweb@ietf.org>; Wed, 11 Jan 2012 12:00:31 -0800 (PST)
Received: from BLU152-W13 ([65.55.116.8]) by blu0-omc1-s27.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 11 Jan 2012 12:00:31 -0800
Message-ID: <BLU152-W13D78C468DB0A5A3999C4A939E0@phx.gbl>
Content-Type: multipart/alternative; boundary="_832a0b33-4ce5-4bf0-95e8-5218b27d9158_"
X-Originating-IP: [24.17.217.162]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: juberti@google.com
Date: Wed, 11 Jan 2012 12:00:30 -0800
Importance: Normal
In-Reply-To: <CAOJ7v-20+yL7r+_ODx_czHTiujXZZWESaZRB7MQjhvScg3RFtw@mail.gmail.com>
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com>, <CABcZeBOeg-O+6===5tk0haxC8nLxUQyEUFRES2FAoFEf00fKng@mail.gmail.com>, <CAErhfrxTKdo7Z+61x5ZcDt5ZM7C7ob5LNxMzwng_kk3Uqrp2_Q@mail.gmail.com>, <4F01A790.4060704@alvestrand.no> <4F02A061.60905@jesup.org>, <E44893DD4E290745BB608EB23FDDB762141EF8@008-AM1MPN1-042.mgdnok.nokia.com>, <4F035DD5.3050305@jesup.org>, <CAOJ7v-1dziaA_ePCuMxjn6uhBgOH=ZVybUmLBwQi5qiuyOzDMA@mail.gmail.com>, <BLU152-W469B2EB104C104547FC42393960@phx.gbl>, <CAD5OKxuE0VhSsjKggj1mLOseLeDXarujvAG44yHkuZttagJggw@mail.gmail.com>, <CAKhHsXHnT2p7yncha5-BQ=-Lzk3-N+tuijM-UqwfP1mPUi173A@mail.gmail.com>, <BLU152-W1140980759D89AC3C1D0CA93940@phx.gbl>, <CA+9kkMBdX7YT1tPj5M3VrzAPKa6tXNGZVvvhjW9V4oOEC7g_kA@mail.gmail.com>, <CAOJ7v-1_qMoHBb3K7rV=hG9EadqL=xn4KEdG0zdWnKZU9_TipQ@mail.gmail.com>, <4AEFFC17-EF17-40F2-B83B-0B0CC44AD2C3@cisco.com>, <CAKhHsXEes+Lf+uKdTrjXoy+3PMy2uNumNL-W-0s4_xRXW6FiZg@mail.gmail.com>, <4F0CAC8C.8010203@wonderhamster.org>, <1D062974A4845E4D8A343C6538049202074ABD3A@XMB-BGL-414.cisco.com>, <387F9047F55E8C42850AD6B3A7A03C6C01DCF907@inba-mail02.sonusnet.com>, <CALiegfkejnU2rTe-FibUVxTrRS9SivkhGXB5eK+FhD8Vu6iTMA@mail.gmail.com>, <387F9047F55E8C42850AD6B3A7A03C6C01DCF9FC@inba-mail02.sonusnet.co m>, <CALi egfn07bS58B+4ZyzRTnO4LCpw1e96dnqpSM+TT1y3QG2Zwg@mail.gmail.com>, <387F9047F55E8C42850AD6B3A7A03C6C01DCFBC1@inba-mail02.sonusnet.com>, <CAOJ7v-20+yL7r+_ODx_czHTiujXZZWESaZRB7MQjhvScg3RFtw@mail.gmail.com>
MIME-Version: 1.0
X-OriginalArrivalTime: 11 Jan 2012 20:00:31.0231 (UTC) FILETIME=[AC1298F0:01CCD09B]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP not mandatory-to-use
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2012 20:00:34 -0000

Some questions:

What keying mechanism(s) MUST be implemented?  SDES?  DTLS/SRTP?  both?

Is the implication that both SDES and DTLS/SRTP MUST be offered? 

Is the preference for DTLS/SRTP implied, or explicit (RFC 5939)? 

As for the NULL cipher, the discussion so far has been in the context of DTLS/SRTP.  If DTLS/SRTP is not chosen (e.g. SDES is negotiated in offer/answer), then what?

From: juberti@google.com
Date: Wed, 11 Jan 2012 14:52:15 -0500
To: pravindran@sonusnet.com
CC: rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP not mandatory-to-use

To reply to the OP: The consensus that I see having emerged from this discussion is that SRTP should be mandatory to use, with a provision for NULL ciphers for debugging. This provision is only exposed through developer settings, and can never be invoked from the web app; for all practical purposes, applications will have to use SRTP


As for the key management mechanism, SDES and DTLS will be supported; while DTLS is preferred, there are few DTLS-SRTP implementations in existence at this time.
As far as I know, this is what the major WebRTC implementations are planning to do.


an/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email