Re: [rtcweb] Tunnelling DTLS in SDP
Roman Shpount <roman@telurix.com> Mon, 04 April 2016 15:53 UTC
Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9ADAE12D70C for <rtcweb@ietfa.amsl.com>; Mon, 4 Apr 2016 08:53:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id duCWk7bDCoAR for <rtcweb@ietfa.amsl.com>; Mon, 4 Apr 2016 08:53:27 -0700 (PDT)
Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com [IPv6:2607:f8b0:4001:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 40AED12D724 for <rtcweb@ietf.org>; Mon, 4 Apr 2016 08:53:27 -0700 (PDT)
Received: by mail-ig0-x229.google.com with SMTP id f1so77538617igr.1 for <rtcweb@ietf.org>; Mon, 04 Apr 2016 08:53:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=nwfe2jg/zA+WfPnuTDI9eM5g4s0IxSFBLbPK0VkIMXc=; b=LuWLSecE0A0bPEgMO4FkPp4KA8nENrerMTiPKxfSZb7MGihfA6mlgo4VRcbt2R7Y96 XoySA4U25zAxMMGEmFSIvgtGYjttgNg118opR92B7ZNDesUBLDKJ540barxeAQIGS+bW ghy9IZU9L5O5JKzZ+9b4kcOApKZBYunytDinnUuISWQeO+QIXx6MAf+8vL3sE0a03p7Q OG++kccIgCb4B4aPJxtNuNUhj55YLIaX4oIYKt/BRFVpJlQ1wp08QUFJGbCrQL6jVexk +ZTcbtVpWT2uuXU+hzf7aarNVOuwkumaJpATn3VHkRVyk04lePFEK21txC2kCUXj7Bg7 rzcg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=nwfe2jg/zA+WfPnuTDI9eM5g4s0IxSFBLbPK0VkIMXc=; b=HzAlynYl8QncUTwBJx/dR7BACj+7GDfv2LFbd7Mzvg3pwbreY6nrBiyhKgYAEhEgRK klIYo3g0EpmMWGvOHhQi60zXkB3CwibCZboWn3rQ42VYYMZ9AIRAAQCM18uDKFOg1oqP 5gIR5BSawqyAbPjve/WgAqbVjPoIML7EUP3C5uaeYBcerHQnCt2wVSRCj1YTqAKh2GmD SO9xAgXeYwUi1Yv8f/Iv8U4u6JVDYBdoCUKKep/+hCVNvwGm/G569hrGtO23Jh2pt3L8 Eh546oWKGoi0JGsH6Zuoe5lwiNCqxj/JvOqA+lyjNATtGUZwEm1b7C96sMi4U9u6bwh8 wWPw==
X-Gm-Message-State: AD7BkJLlzD0FzYeJlSGFbrgiyCHZbpb2jbsDUvDlkJY7OYQ3zf3ZLQSJ9sJzziXYR7sRnQ==
X-Received: by 10.107.137.72 with SMTP id l69mr8111840iod.177.1459785185417; Mon, 04 Apr 2016 08:53:05 -0700 (PDT)
Received: from mail-ig0-f180.google.com (mail-ig0-f180.google.com. [209.85.213.180]) by smtp.gmail.com with ESMTPSA id p1sm11850566iop.12.2016.04.04.08.53.05 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 04 Apr 2016 08:53:05 -0700 (PDT)
Received: by mail-ig0-f180.google.com with SMTP id gy3so35129605igb.1; Mon, 04 Apr 2016 08:53:05 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.107.30.71 with SMTP id e68mr8044333ioe.145.1459785168790; Mon, 04 Apr 2016 08:52:48 -0700 (PDT)
Received: by 10.36.106.194 with HTTP; Mon, 4 Apr 2016 08:52:48 -0700 (PDT)
In-Reply-To: <CABcZeBOM1KoXpXFhvjS753EVpsMENWVen3CCdFj8ry36vPH0dg@mail.gmail.com>
References: <CABcZeBOM1KoXpXFhvjS753EVpsMENWVen3CCdFj8ry36vPH0dg@mail.gmail.com>
Date: Mon, 04 Apr 2016 11:52:48 -0400
X-Gmail-Original-Message-ID: <CAD5OKxtaw3P-csYvxSsqK6_BD6AywTkK7hCc-04APa7ib2Ea1Q@mail.gmail.com>
Message-ID: <CAD5OKxtaw3P-csYvxSsqK6_BD6AywTkK7hCc-04APa7ib2Ea1Q@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="001a1140d71e6f72a6052faab865"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/lKpVCMEQah0TOPmfNl_MSlp801o>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, mmusic WG <mmusic@ietf.org>
Subject: Re: [rtcweb] Tunnelling DTLS in SDP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Apr 2016 15:53:28 -0000
The proposal makes sense to me. 1. Why do you need to send both fingerprints and certificates in answer? If certificate is sent, fingerprint can be calculated from it and will be completely redundant. 2. Can you show where and how the DTLS-SRTP keys are going to be sent? I assume they will be transmitted together with ChangeCipherSpec. I think sending certificate in the answer instead of data path does not compromise security since if signaling path is compromised, data traffic can be redirected to MITM agent which can collect exactly the same data. This has the benefit over sending DTLS handshake using ICE/STUN messages that it does not need to deal with packet fragmentation and reassembly. Regards, _____________ Roman Shpount On Mon, Apr 4, 2016 at 9:10 AM, Eric Rescorla <ekr@rtfm.com> wrote: > Hi folks, > > I wanted to call your attention to a draft I just published with a > possibly stupid > idea. > > https://tools.ietf.org/html/draft-rescorla-dtls-in-sdp-00 > > A nontrivial fraction of call setup time in WebRTC is the DTLS handshake. > This document describes how to piggyback the first few handshake messages > in the SDP offer/answer exchange, thus reducing latency. > > Comments welcome. > > -Ekr > > > > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb > >
- Re: [rtcweb] [MMUSIC] Tunnelling DTLS in SDP Christer Holmberg
- Re: [rtcweb] [MMUSIC] Tunnelling DTLS in SDP T H Panton
- Re: [rtcweb] [MMUSIC] Tunnelling DTLS in SDP Roman Shpount
- Re: [rtcweb] Tunnelling DTLS in SDP Cullen Jennings
- [rtcweb] Tunnelling DTLS in SDP Eric Rescorla
- Re: [rtcweb] Tunnelling DTLS in SDP pfh
- Re: [rtcweb] Tunnelling DTLS in SDP Roman Shpount
- Re: [rtcweb] Tunnelling DTLS in SDP pfh
- Re: [rtcweb] Tunnelling DTLS in SDP Roman Shpount
- Re: [rtcweb] Tunnelling DTLS in SDP Martin Thomson
- Re: [rtcweb] Tunnelling DTLS in SDP Martin Thomson
- Re: [rtcweb] Tunnelling DTLS in SDP Christer Holmberg
- Re: [rtcweb] Tunnelling DTLS in SDP Harald Alvestrand
- Re: [rtcweb] Tunnelling DTLS in SDP Justin Uberti
- Re: [rtcweb] [MMUSIC] Tunnelling DTLS in SDP Matthew Kaufman
- Re: [rtcweb] Tunnelling DTLS in SDP Tim Panton
- Re: [rtcweb] Tunnelling DTLS in SDP Harald Alvestrand
- Re: [rtcweb] Tunnelling DTLS in SDP Tim Panton
- Re: [rtcweb] Tunnelling DTLS in SDP Tim Panton
- Re: [rtcweb] Tunnelling DTLS in SDP Harald Alvestrand
- Re: [rtcweb] Tunnelling DTLS in SDP Roman Shpount
- Re: [rtcweb] Tunnelling DTLS in SDP Eric Rescorla
- Re: [rtcweb] Tunnelling DTLS in SDP Drage, Keith (Nokia - GB)
- Re: [rtcweb] [MMUSIC] Tunnelling DTLS in SDP Peter Thatcher
- Re: [rtcweb] Tunnelling DTLS in SDP Peter Thatcher
- Re: [rtcweb] Tunnelling DTLS in SDP Roman Shpount
- Re: [rtcweb] [MMUSIC] Tunnelling DTLS in SDP Eric Rescorla
- Re: [rtcweb] [MMUSIC] Tunnelling DTLS in SDP IƱaki Baz Castillo