Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00
Eric Rescorla <ekr@rtfm.com> Wed, 02 November 2011 14:25 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A37EF21F8BDB for <rtcweb@ietfa.amsl.com>; Wed, 2 Nov 2011 07:25:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yMg66C3Y8ngr for <rtcweb@ietfa.amsl.com>; Wed, 2 Nov 2011 07:25:17 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id E9C9F21F8BB0 for <rtcweb@ietf.org>; Wed, 2 Nov 2011 07:25:16 -0700 (PDT)
Received: by vcbfl11 with SMTP id fl11so220538vcb.31 for <rtcweb@ietf.org>; Wed, 02 Nov 2011 07:25:16 -0700 (PDT)
Received: by 10.220.2.19 with SMTP id 19mr353535vch.161.1320243916393; Wed, 02 Nov 2011 07:25:16 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.118.132 with HTTP; Wed, 2 Nov 2011 07:24:35 -0700 (PDT)
X-Originating-IP: [74.95.2.173]
In-Reply-To: <4EB13B1E.5070506@ericsson.com>
References: <32CC659B-8EBF-4C16-8605-5D823DA22A8D@acmepacket.com> <8624F864-AB28-4CE7-AB8D-8A55B08AD745@lurchi.franken.de> <4EAFFDD1.4000909@ericsson.com> <F7E315C0-0204-4F5A-A25C-65DEB37F1A4B@lurchi.franken.de> <CAOJ7v-2gPcPaa0d4q8702Q1cefbqfTU6VtENHbPjfnQd27FWag@mail.gmail.com> <4EB13B1E.5070506@ericsson.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 02 Nov 2011 07:24:35 -0700
Message-ID: <CABcZeBOE4DauPr6k3oj5D8uP276n7LE=h5y-ETqhG1T5MwwJgw@mail.gmail.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, Randall Stewart <rrs@lakerest.net>
Subject: Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Nov 2011 14:25:17 -0000
On Wed, Nov 2, 2011 at 5:44 AM, Magnus Westerlund <magnus.westerlund@ericsson.com> wrote: > On 2011-11-01 20:37, Justin Uberti wrote: >> I think we want one DTLS session for each transport. If we have >> independent RTP sessions, we have N transports, and N DTLS sessions. If >> we multiplex RTP/SCTP sessions, we have a single transport, and the same >> DTLS session is used to protect SCTP traffic, as well as to get keys for >> SRTP traffic. > > Can you please expand on this argument? I think in the case where you > have IP/UDP/DTLS-SRTP (where DTLS-SRTP represents both the DTLS > handshakes used to establish the keys for SRTP and SRTP) and want to > combine it with IP/UDP/DTLS/SCTP I think you are forced to have a single > DTLS session for that UDP flow. I want to make sure I understand your question, you're talking about a call with both SCTP and SRTP carried over the same UDP host-port quartet? Yes, in that case, you would want to have a single DTLS association (session turns out to be a technical term in TLS that means something different than this) for that host-port quartet. > However, what I do understand of DTLS it > is possible to have both DTLS protected datagrams and DTLS-SRTP packets > in the same DTLS session. However, as STUN in this case still is outside > of the DTLS we anyway have a de-multiplexing. +------+ +------+ |WEBAPP| |WEBAPP| +------+------+------+ +------+------+------+ | DTLS | Audio| Video| | SCTP | Audio| Video| +---------------------------+ +---------------------------+ | STUN | SCTP |S/RTP |S/RTP | | STUN | DTLS |S/RTP |S/RTP | +---------------------------+ +---------------------------+ | Mux/Demux | | Mux/Demux | +---------------------------+ +---------------------------+ | UDP | | UDP | +---------------------------+ +---------------------------+ Assuming we're talking about the layering on the right, then there are two demux phases: 1. STUN vs. DTLS vs. SRTP, which is defined in RFC 5764; S 5.1.2 2. DTLS handshake versus SCTP data (carried as TLS application_data). This is just part of the DTLS stack. > Based on that you from a feasibility point of view combined DTLS-SRTP > with IP/UDP/SCTP/DTLS and have different DTLS sessions, one on the > IP/UDP layer and another on the IP/UDP/SCTP layer. I'm not sure how would be best to handle the case on the left (which is one reason I prefer the layering on the right). My instinct was to say that if you were going to do DTLS-SRTP you would still need to set up a IP/UDP/SCTP/DTLS channel, so you would have only one DTLS association. Of course, this still leaves you with the SCTP vs. S/RTP vs. STUN demux. > I also think we shouldn't forget what would occur if one has SRTP keyed > in another way than DTLS as that can also proposed. Then the DTLS for > SCTP doesn't interact with another DTLS at either IP/UDP or IP/UDP/SCTP. I'm not sure I get this point. > I would also like to raise the issue of DTLS resumption which to my > knowledge is possible to use for any DTLS session between the same > end-points after the first? Yes. There's some discussion of the most efficient way to handle this in Appendix B of RFC 5764. However, this should be invisible to the endpoints, as it's just a performance optimization. -Ekr
- [rtcweb] Layers in draft-jesup-rtcweb-data-00 Hadriel Kaplan
- Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00 Christer Holmberg
- Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00 Michael Tüxen
- Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00 Magnus Westerlund
- Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00 Michael Tüxen
- Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00 Justin Uberti
- Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00 Michael Tüxen
- Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00 Magnus Westerlund
- Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00 Eric Rescorla
- Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00 Wolfgang Beck
- Re: [rtcweb] Layers in draft-jesup-rtcweb-data-00 Magnus Westerlund