Re: [rtcweb] Unsolicited DTLS Handshake

Iñaki Baz Castillo <ibc@aliax.net> Mon, 01 December 2014 23:20 UTC

Return-Path: <ibc@aliax.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FF9E1ACDE6 for <rtcweb@ietfa.amsl.com>; Mon, 1 Dec 2014 15:20:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.678
X-Spam-Level:
X-Spam-Status: No, score=-1.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R1khV2KpoVcV for <rtcweb@ietfa.amsl.com>; Mon, 1 Dec 2014 15:20:07 -0800 (PST)
Received: from mail-qc0-f176.google.com (mail-qc0-f176.google.com [209.85.216.176]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F1BF1ACDE0 for <rtcweb@ietf.org>; Mon, 1 Dec 2014 15:19:51 -0800 (PST)
Received: by mail-qc0-f176.google.com with SMTP id i17so8556472qcy.21 for <rtcweb@ietf.org>; Mon, 01 Dec 2014 15:19:49 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=GAX85c96A+yKLrnY+gsiISYgPBKpHQsxhtA3zI7foy4=; b=ZVpw/SSKhH7AnGzNLKyu1LBviE5QHPbzzhU1HPINA2y9QLG4HETy6sytom00r9/bww S1PaC/Ii6M5CQKJgg3SBQnV34SUP8pL+oztL+InqFYnhMKueXz0H+Lv7bOCIKNrv4jxP 1YH/Hsl56INSryUcRFxXbDKlyFidYdgJA6Me/8X7uQChPMr5oZn5B/EUpJqZCZNFCQMz aEBu5fqU2YHwYxO261vF3k/9/f8WQPCLYmL42zDJyvLjsmSTTnKNfR6YRpdDqjSuUyA4 hBqaeDMMYz9P4SlpRYS54k5dUr1v1t3xnpny8snJrlv1aGbcBULsYVY9XviTIuayWjKB yYsQ==
X-Gm-Message-State: ALoCoQloKBELeFGArcxffu//wDm3AhBMWOzTQB2O6jwWbNGEYvEN2/Ofa1NX46yXIqe/AC+9G0WC
X-Received: by 10.229.190.71 with SMTP id dh7mr10739426qcb.5.1417475989912; Mon, 01 Dec 2014 15:19:49 -0800 (PST)
MIME-Version: 1.0
Received: by 10.96.26.135 with HTTP; Mon, 1 Dec 2014 15:19:29 -0800 (PST)
In-Reply-To: <CAD5OKxtyy2Djh5ssE69qLJq7deQU9LP=J2vpn_Y3eO=4D2vpmg@mail.gmail.com>
References: <CAD5OKxtyy2Djh5ssE69qLJq7deQU9LP=J2vpn_Y3eO=4D2vpmg@mail.gmail.com>
From: =?UTF-8?Q?I=C3=B1aki_Baz_Castillo?= <ibc@aliax.net>
Date: Tue, 2 Dec 2014 00:19:29 +0100
Message-ID: <CALiegfnh3pHA=Z6O_PYuhoECzzex3quDh1fUk=yRvbFp+xKGNQ@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/tQGVJ7k4KhJeq3tvgrtW9NUE5Ao
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Unsolicited DTLS Handshake
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Dec 2014 23:20:09 -0000

2014-12-01 23:42 GMT+01:00 Roman Shpount <roman@telurix.com>om>:
> Should browsers support new DTLS handshake without it being triggered by
> offer/answer?

IMHO yes as that is part of DTLS itself and DTLS does not need a SDP
O/A in order to renegotiate (assuming same fingerprint is used, of
course).


> I think new DTLS handshake can be triggered at any time by ClientHello or
> HelloRequest DTLS message. At this point, unless I am missing something, it
> looks like neither Chrome no Firefox update SRTP keys unless transport
> parameters or fingerprint is changed due to offer/answer.

Are you sure of that? AFAIR last time I inspected Chrome DTLS stack
(the one based on BoringSSL/OpenSSL) it did include code for DTLS
renegotiation and SRTP re-key stuff. I may be wrong.






-- 
Iñaki Baz Castillo
<ibc@aliax.net>