Re: [rtcweb] How to determine TLS roles?
Christer Holmberg <christer.holmberg@ericsson.com> Mon, 10 February 2014 16:37 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4433A1A0882 for <rtcweb@ietfa.amsl.com>; Mon, 10 Feb 2014 08:37:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.851
X-Spam-Level:
X-Spam-Status: No, score=-3.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NKnQShGZb7ma for <rtcweb@ietfa.amsl.com>; Mon, 10 Feb 2014 08:37:42 -0800 (PST)
Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id 85CF41A0887 for <rtcweb@ietf.org>; Mon, 10 Feb 2014 08:37:41 -0800 (PST)
X-AuditID: c1b4fb2d-b7f5d8e000002a7b-5b-52f900548e1b
Received: from ESESSHC002.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 99.48.10875.45009F25; Mon, 10 Feb 2014 17:37:40 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.99]) by ESESSHC002.ericsson.se ([153.88.183.24]) with mapi id 14.02.0387.000; Mon, 10 Feb 2014 17:37:40 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Eric Rescorla <ekr@rtfm.com>
Thread-Topic: [rtcweb] How to determine TLS roles?
Thread-Index: Ac8mZBiXQux1+cpSRGeFwm+/NhCfyP//88iA///u0BCAABk5gP//7dswgAAbnoCAAC3h+A==
Date: Mon, 10 Feb 2014 16:37:39 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D167825@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1D1672FC@ESESSMB209.ericsson.se> <9ADA7473-1F36-4D96-A875-D2DC0762E9C2@phonefromhere.com> <7594FB04B1934943A5C02806D1A2204B1D1673C4@ESESSMB209.ericsson.se> <54B6400D-3753-4285-96DB-08EDB23BD03F@phonefromhere.com> <7594FB04B1934943A5C02806D1A2204B1D1674E9@ESESSMB209.ericsson.se>, <CABcZeBOyQeLSwYjKt7hNqn0WViHYhvLmsGecmwCWyGNgUdgSnA@mail.gmail.com>
In-Reply-To: <CABcZeBOyQeLSwYjKt7hNqn0WViHYhvLmsGecmwCWyGNgUdgSnA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.147]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrKLMWRmVeSWpSXmKPExsUyM+JvjW4Iw88gg1v3DS1WvD7HbrH2Xzu7 xcXttxgdmD2WLPnJ5LFkUiObx+THbcwBzFFcNimpOZllqUX6dglcGZNOpRW0i1UcmTSfpYFx j2AXIyeHhICJxIdl69ggbDGJC/fWA9lcHEIChxglln/eyQThLGaUWH/qBXMXIwcHm4CFRPc/ bZAGEQEFiV9/TrCA2MwC3hL/ptwAGyQsYCix9PFcJogaI4nZSzvZIOwwiccdx1hBbBYBVYkT K56C9fIK+Ep8vvmJGWLXBGaJCZ0v2UESnAKBEpM/tYMVMQJd9/3UGiaIZeISt57MZ4K4WkBi yZ7zzBC2qMTLx/9YQe6UEFCSmLY1DaJcR2LB7k9sELa2xLKFr5kh9gpKnJz5hGUCo9gsJFNn IWmZhaRlFpKWBYwsqxjZcxMzc9LLDTcxAqPm4JbfujsYT50TOcQozcGiJM774a1zkJBAemJJ anZqakFqUXxRaU5q8SFGJg5OqQZGr7Yz/OVzW2Zbbbl9f+WFy+b2bTFiC1QTXO2UiquWJScX iT+7oNDlKrnd0qhq70TndyW65UcCLCQmTN3//djmwrZnr1r0JxpHvHy55lz8edvMM5ItkjPf V246sbhg8jXdBxfl256qqppdjcn8LHXWbkLcNlPRvx5tNeqeRUE+HxhiNn55zqavxFKckWio xVxUnAgA88lsj2gCAAA=
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] How to determine TLS roles?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 16:37:44 -0000
Hi, >This is defined in RFC 5763 S 5: >http://tools.ietf.org/html/rfc5763#section-5 > >Which points to: >http://tools.ietf.org/html/rfc4145 Ok. So, a few questions to for clarification: Q1: This means that the JS App must set the setup attrbute value before passing an SDP to the browser? Q2: If SDP O/A is not used on the wire, there needs to be another mechanism for the peers to negotiate/indicate who is "active" and who is "passive"? Q3: If you have mulitple m- lines, all using the same DTLS association, the setup attribute value must be identical in all m- lines? Q4: The data channel (DTLS/SCTP) will have the same rule (e.g. using the setup attribute value) as DTLS/SRTP for determining the TLS role? Regards, Christer On Mon, Feb 10, 2014 at 6:23 AM, Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote: Hi, >>>> If I understand correctly, in RTCWEB we are going to use a single DTLS association for two things: >>>> >>>> 1) Key exchange for SRTP >>>> 2) The data channel >>>> >>>> Now, this means that there needs to be a generic way to determine the TLS roles. >>>> >>>> In WEBRTC, how are the TLS roles determined? >>> >>> That was the subject of a rant of mine. >>> >>> I think the correct answer is that the party that ends up being IceControlling then becomes the DTLS client. Typically the initiator of a session is IceControlling. >>> >>> However the recent addition of >>>> a=setup:passive >>> to chrome's SDP clouds the story somewhat, allowing an IceController to say that it is DTLS passive and allow the non-initiator to be the DTLS client. >>> >>> Ostensibly this is to support early media - where the receiver of a call wishes to send media before the initiator does. >>> >>> As I said (rather intemperately) this added complexity is not worth the benefit. >> >> I think that it should be possible for a JS App to explicitly set the roles. >> >> Because, when SDP O/A is used on the wire, there are specified rules on how the roles are determined. But, some other on-the-wire protocol may have different rules. >> > There are many things that the JS app will need to do if we aren't bound by SDP O/A - but I agreed not to talk about that - until after 1.0 gets out :-) Fair enough, but for 1.0 we still need to know how the roles are determined :) The security-arch document does say that a DTLS handshake is performed on each channel that has been established by ICE, but I don't find anything regarding the roles. Regards, Christer _______________________________________________ rtcweb mailing list rtcweb@ietf.org<mailto:rtcweb@ietf.org> https://www.ietf.org/mailman/listinfo/rtcweb
- [rtcweb] How to determine TLS roles? Christer Holmberg
- Re: [rtcweb] How to determine TLS roles? Tim Panton
- Re: [rtcweb] How to determine TLS roles? Christer Holmberg
- Re: [rtcweb] How to determine TLS roles? Christer Holmberg
- Re: [rtcweb] How to determine TLS roles? Tim Panton
- Re: [rtcweb] How to determine TLS roles? Eric Rescorla
- Re: [rtcweb] How to determine TLS roles? Christer Holmberg
- Re: [rtcweb] How to determine TLS roles? Tim Panton
- Re: [rtcweb] How to determine TLS roles? Christer Holmberg
- Re: [rtcweb] How to determine TLS roles? Tim Panton
- Re: [rtcweb] How to determine TLS roles? Christer Holmberg
- Re: [rtcweb] How to determine TLS roles? Eric Rescorla
- Re: [rtcweb] How to determine TLS roles? Christer Holmberg
- Re: [rtcweb] How to determine TLS roles? Eric Rescorla
- Re: [rtcweb] How to determine TLS roles? Christer Holmberg
- Re: [rtcweb] How to determine TLS roles? Eric Rescorla
- Re: [rtcweb] How to determine TLS roles? Tim Panton
- Re: [rtcweb] How to determine TLS roles? Tim Panton
- Re: [rtcweb] How to determine TLS roles? Christer Holmberg
- Re: [rtcweb] How to determine TLS roles? Tim Panton
- Re: [rtcweb] How to determine TLS roles? Christer Holmberg
- Re: [rtcweb] How to determine TLS roles? Tim Panton
- Re: [rtcweb] How to determine TLS roles? Christer Holmberg
- Re: [rtcweb] How to determine TLS roles? Parthasarathi R