Re: [rtcweb] How to determine TLS roles?

Tim Panton <tim@phonefromhere.com> Mon, 10 February 2014 17:40 UTC

Return-Path: <tim@phonefromhere.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 62F031A040C for <rtcweb@ietfa.amsl.com>; Mon, 10 Feb 2014 09:40:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GAU39dnTxBNr for <rtcweb@ietfa.amsl.com>; Mon, 10 Feb 2014 09:40:05 -0800 (PST)
Received: from smtp002.apm-internet.net (smtp002.apm-internet.net [85.119.248.221]) by ietfa.amsl.com (Postfix) with ESMTP id 144201A03EF for <rtcweb@ietf.org>; Mon, 10 Feb 2014 09:40:04 -0800 (PST)
Received: (qmail 39898 invoked from network); 10 Feb 2014 17:40:04 -0000
X-AV-Scan: clean
X-APM-Authkey: 83769 17493
Received: from unknown (HELO zimbra003.verygoodemail.com) (85.119.248.218) by smtp002.apm-internet.net with SMTP; 10 Feb 2014 17:40:04 -0000
Received: from zimbra003.verygoodemail.com (localhost [127.0.0.1]) by zimbra003.verygoodemail.com (Postfix) with ESMTP id ADAEE18A0463; Mon, 10 Feb 2014 17:40:02 +0000 (GMT)
Received: from limit.westhawk.co.uk (limit.westhawk.co.uk [192.67.4.33]) by zimbra003.verygoodemail.com (Postfix) with ESMTPSA id E27F118A03D4; Mon, 10 Feb 2014 17:40:01 +0000 (GMT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Tim Panton <tim@phonefromhere.com>
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1D167825@ESESSMB209.ericsson.se>
Date: Mon, 10 Feb 2014 17:39:46 +0000
Content-Transfer-Encoding: quoted-printable
Message-Id: <8991EDBE-71F3-4456-A614-A9F4926F4955@phonefromhere.com>
References: <7594FB04B1934943A5C02806D1A2204B1D1672FC@ESESSMB209.ericsson.se> <9ADA7473-1F36-4D96-A875-D2DC0762E9C2@phonefromhere.com> <7594FB04B1934943A5C02806D1A2204B1D1673C4@ESESSMB209.ericsson.se> <54B6400D-3753-4285-96DB-08EDB23BD03F@phonefromhere.com> <7594FB04B1934943A5C02806D1A2204B1D1674E9@ESESSMB209.ericsson.se>, <CABcZeBOyQeLSwYjKt7hNqn0WViHYhvLmsGecmwCWyGNgUdgSnA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D167825@ESESSMB209.ericsson.se>
To: Christer Holmberg <christer.holmberg@ericsson.com>
X-Mailer: Apple Mail (2.1827)
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] How to determine TLS roles?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 17:40:08 -0000

On 10 Feb 2014, at 16:37, Christer Holmberg <christer.holmberg@ericsson.com> wrote:

> 
> Hi,
> 
>> This is defined in RFC 5763 S 5:
>> http://tools.ietf.org/html/rfc5763#section-5
>> 
>> Which points to:
>> http://tools.ietf.org/html/rfc4145
> 
> Ok. So, a few questions to for clarification:
> 
> Q1: This means that the JS App must set the setup attrbute value before passing an SDP to the browser?
No, peer-to-peer browser calls should 'do the right thing' - based on the initator/ice-controlling rule 
Both browsers set 
a=setup:act-pass
meaning that we fall back to the old rules.

> 
> Q2: If SDP O/A is not used on the wire, there needs to be another mechanism for the peers to negotiate/indicate who is "active" and who is "passive"?
> 
If you don't care, and are locally generating the SDP for a remote offer or answer, set 
a=setup:act-pass 
and the roles sort themselves out.

If however you have a gateway initating a call to a browser, and it wants to do early media (it's an 800 number gateway for example)
then it sets  
a=setup:active

in the SDP it sends (or you create on it's behalf).



> Q3: If you have mulitple m- lines, all using the same DTLS association, the setup attribute value must be identical in all m- lines?
> 

Yes, I think so.

> Q4: The data channel (DTLS/SCTP) will have the same rule (e.g. using the setup attribute value) as DTLS/SRTP for determining the TLS role?

That's the way chrome seems to implement it - and presumably the way the spec is intended.

T.