IETF Logo Mail Archive

Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb

Harald Alvestrand <harald@alvestrand.no> Fri, 03 May 2013 04:49 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C57D21F8B38 for <rtcweb@ietfa.amsl.com>; Thu, 2 May 2013 21:49:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.598
X-Spam-Level:
X-Spam-Status: No, score=-110.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0o465eGzp-Gg for <rtcweb@ietfa.amsl.com>; Thu, 2 May 2013 21:49:17 -0700 (PDT)
Received: from eikenes.alvestrand.no (eikenes.alvestrand.no [158.38.152.233]) by ietfa.amsl.com (Postfix) with ESMTP id D497121F8D2C for <rtcweb@ietf.org>; Thu, 2 May 2013 21:49:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by eikenes.alvestrand.no (Postfix) with ESMTP id 645E739E125 for <rtcweb@ietf.org>; Fri, 3 May 2013 06:49:14 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at eikenes.alvestrand.no
Received: from eikenes.alvestrand.no ([127.0.0.1]) by localhost (eikenes.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OHn-bdEJXdUl for <rtcweb@ietf.org>; Fri, 3 May 2013 06:49:12 +0200 (CEST)
Received: from [172.30.42.116] (c-e2fee555.03-217-73746f1.cust.bredbandsbolaget.se [85.229.254.226]) by eikenes.alvestrand.no (Postfix) with ESMTPSA id B66B539E03B for <rtcweb@ietf.org>; Fri, 3 May 2013 06:49:12 +0200 (CEST)
Message-ID: <518341C8.80100@alvestrand.no>
Date: Fri, 03 May 2013 06:49:12 +0200
From: Harald Alvestrand <harald@alvestrand.no>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130329 Thunderbird/17.0.5
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <BLU402-EAS17255F45B0904B070F0D43093B00@phx.gbl> <03FBA798AC24E3498B74F47FD082A92F3BB9C0F6@US70UWXCHMBA05.zam.alcatel-lucent.com>
In-Reply-To: <03FBA798AC24E3498B74F47FD082A92F3BB9C0F6@US70UWXCHMBA05.zam.alcatel-lucent.com>
Content-Type: multipart/alternative; boundary="------------090207050803050505020206"
Subject: Re: [rtcweb] SDP Security Descriptions (RFC 4568) and RTCWeb
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 03 May 2013 04:49:23 -0000

On 04/29/2013 03:40 PM, Ejzak, Richard P (Richard) wrote:
>
> I responded to this question earlier so didn't want to repeat myself, 
> but see now that it was either missed or otherwise not accepted.
>
> Quoting my earlier email from 4/25:
>
> "Legacy devices support more than just audio and video media.  We will 
> need to occasionally transport protocols like T.140, MSRP, BFCP, 
> and/or RTSP in some cases, and the primary options are to transport 
> them over DataChannels or WebSockets.  A network server will be needed 
> to do transport level interworking, of course.  It would be useful in 
> these cases to have an SDES option for DataChannels.  Not essential, 
> but useful.  End-to-end security is not even an issue in this case due 
> to the need for transport level interworking."
>
> After further consideration, I don't currently see a use case for 
> RTSP, but I still do for the others.  If we have a legacy endpoint 
> doing T.140 and audio, for example, it would be useful to be able to 
> multiplex the audio together with T.140/DC at the browser, and to put 
> a box in the network to adapt them as necessary for the legacy 
> endpoint (decode, demux, DC-to-RTP i/w for T.140, possibly 
> transcoding).  SDES for DC just makes this easier to do.
>

I don't get that - I must be dense.

DataChannel doesn't have a defined SDES encryption. So you're either 
talking about inventing a form of encryption that nobody's ever seen 
before, or you're tunneling SRTP packets over the data channel.

If transcoding, the format on DataChannel are not likely to be exactly 
the RTP headers on the T.140 side, so you have to decrypt and re-encrypt 
anyway in order to change the bits.

The other possibility is to take the encrypted SRTP T.140 packets and 
send them, raw, over DataChannel to the Web application and decrypt them 
there. "Only" requires SRTP key derivation, decryption and manipulation 
+ T.140 interpretation to be done in Javascript.

Seems possible to me - but do we really need to standardize anything for 
this option to be workable, or should we as a standards body just say 
"On your head be it"?

v2.23.0 | Report a Bug | By Email