Re: [rtcweb] DTLS, DTLS-SRTP, and 5-tuples

Christer Holmberg <christer.holmberg@ericsson.com> Mon, 09 March 2015 13:00 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC6D31A8865 for <rtcweb@ietfa.amsl.com>; Mon, 9 Mar 2015 06:00:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.901
X-Spam-Level:
X-Spam-Status: No, score=-3.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qSv2ND8vGj9a for <rtcweb@ietfa.amsl.com>; Mon, 9 Mar 2015 06:00:33 -0700 (PDT)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 430CA1A8872 for <rtcweb@ietf.org>; Mon, 9 Mar 2015 06:00:29 -0700 (PDT)
X-AuditID: c1b4fb2d-f79aa6d00000359d-ee-54fd996b3b81
Received: from ESESSHC013.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id B3.78.13725.B699DF45; Mon, 9 Mar 2015 14:00:27 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.214]) by ESESSHC013.ericsson.se ([153.88.183.57]) with mapi id 14.03.0210.002; Mon, 9 Mar 2015 14:00:27 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Thread-Topic: [rtcweb] DTLS, DTLS-SRTP, and 5-tuples
Thread-Index: AQHQVqbHfYSbCv5RRE+VguSZdJaU4Z0MmygAgAACNQCAAB9EuP//8M8AgAASNNj//+/xAIAADFaAgAAlg8SAABtygIAAeWFLgAAf7wCAAAYfgIAAE/Yg///2wwAABH/VgAAAKW2AAAM3CXAAqEhoAAABFloAAA5ThDEADZSNgAACKgJQ///xXwD//+68oA==
Date: Mon, 09 Mar 2015 13:00:26 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D730203@ESESSMB209.ericsson.se>
References: <54F74B02.1070902@jive.com> <CAD5OKxuWCdgMR5Kxjv9BSwZ3Jm9kGXx9Pi-9FrfsnuQZ_91jAA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D726DC1@ESESSMB209.ericsson.se> <CALiegfkipJhsy7-40+=d9xMUf4RJGdn3_fABL3NN2KuFNvS2BA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D727570@ESESSMB209.ericsson.se> <CALiegfmfvz3NWSjcovGBytiOTbR6kFfyh0vx5cXoMJtytfGzRA@mail.gmail.com> <CAD5OKxsu3D0xHY-zYbDu1hyH_+4=3mWDvW2i98WCVZ+29BpKCw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D728297@ESESSMB209.ericsson.se> <CALiegf=uPN+g546Ucv9s89z14cUTEme55y7B1siXZe97yj7Lig@mail.gmail.com> <E1FE4C082A89A246A11D7F32A95A17828E726EEC@US70UWXCHMBA02.zam.alcatel-lucent.com> <CALiegf=oVWk-8UcbQE2Edh=QSXSRUnSC=X-WMyGpvHYQ9SD1yg@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D728BE2@ESESSMB209.ericsson.se> <54FCD3BC.4070900@alum.mit.edu> <F37736EA-2AEE-4022-A813-E21469420038@gmail.com> <7594FB04B1934943A5C02806D1A2204B1D72EE30@ESESSMB209.ericsson.se> <54FD964F.2070105@jive.com> <7594FB04B1934943A5C02806D1A2204B1D73015C@ESESSMB209.ericsson.se> <CALiegfn5HQn_H=hUD0iGKUfKRmf0e_Pv=4-GoRFUA=QTfkvYiQ@mail.gmail.com>
In-Reply-To: <CALiegfn5HQn_H=hUD0iGKUfKRmf0e_Pv=4-GoRFUA=QTfkvYiQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.146]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupgkeLIzCtJLcpLzFFi42KZGfG3Rjd75t8Qgz1LlSw27PvPbDF9n43F ig0HWC3W/mtnt7h+JdSB1eNcw3t2j7/vPzB57Jx1l91jyZKfTB7/5jxlDmCN4rJJSc3JLEst 0rdL4Mr4euUXU0EDe0XzqpPsDYwv2LoYOTgkBEwkXm2V7GLkBDLFJC7cWw8U5uIQEjjCKPH8 4zd2CGcxo8Sje3OZQRrYBCwkuv9pgzSICNhI/LtwAayGWWAho8TEfe8YQRLCAsYS32Y+YYQo MpHY+Pw5E4R9jlHi8jJOEJtFQEWi/9cMsDivgK/EjrZ5TBDLvnFIzDv/kA0kwSkQKHF0wjFm EJsR6Lzvp9aANTALiEvcejKfCeJsAYkle84zQ9iiEi8f/2OFsJUkfmy4xAJyNLOApsT6XfoQ rYoSU7ofskPsFZQ4OfMJywRGsVlIps5C6JiFpGMWko4FjCyrGEWLU4uLc9ONjPVSizKTi4vz 8/TyUks2MQKj7uCW37o7GFe/djzEKMDBqMTDW3DlT4gQa2JZcWXuIUZpDhYlcV4740MhQgLp iSWp2ampBalF8UWlOanFhxiZODilGhgN7wdt/elid+pYn7ZT8FFX3+Kl/3XWnPMXeZ41MWNT YZDpe3e7zL696m9kX52YrrFj2pyYMzJ7kzn3epYed5vfuz3A60SniGWOVnRDeunixqw/e7Y8 TC/rLV8vkb7TbVZko2v5Uf9pbUv23w3f/veH79mr87giVE75VH50fKLoHHpj3ZF/9XOVWIoz Eg21mIuKEwE1d97emwIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/venltTcUMeh-fD7TdTxfNlhnrHI>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] DTLS, DTLS-SRTP, and 5-tuples
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2015 13:00:35 -0000

>> DTLS itself knows nothing about ICE.
>>
>> So, IF DTLS assumes (implicitly or explicitly) that a single 5-tuple is used, the appropriate WG at least need to be consulted about whether usage of multiple 5-tuples will cause any issues - technical or security.
>
> DTLS wrongly assumes a single 5-tuple. It should assume a single transport, and such a transport may be a classic 5-tuple or a ICE transport. It is a task of ICE to define what such a transport is.

Yes, I agree that ICE can define such virtual transport.

But, before we do that, the DTLS folks need to agree that assuming a single 5-tuple IS wrong  :)

Regards,

Christer