IETF Logo Mail Archive

Re: [rtcweb] DTLS, DTLS-SRTP, and 5-tuples

Roman Shpount <roman@telurix.com> Thu, 05 March 2015 10:10 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 863261A0383 for <rtcweb@ietfa.amsl.com>; Thu, 5 Mar 2015 02:10:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.678
X-Spam-Level:
X-Spam-Status: No, score=-1.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B3LeD_ggLsmZ for <rtcweb@ietfa.amsl.com>; Thu, 5 Mar 2015 02:10:20 -0800 (PST)
Received: from mail-ie0-f180.google.com (mail-ie0-f180.google.com [209.85.223.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B2141A017F for <rtcweb@ietf.org>; Thu, 5 Mar 2015 02:10:20 -0800 (PST)
Received: by iecar1 with SMTP id ar1so75060931iec.11 for <rtcweb@ietf.org>; Thu, 05 Mar 2015 02:10:19 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=JuwSloeldw/7Y239FjGBy5xRrPpVT6iUm2f9DEO995c=; b=Iiuo3RU5WDeEMvSrZBbS49M7OFPGTOrAJn8yu7Aj5TE4EUgSDlKaaL4hW/gBuNyKyQ 9WVFNHhsWdIpZHVStHeHHL8AUDISHHCoDaV7AsmY5eFMEfyq+0MELSZKRZRvI8l3+By3 fD6KX4945NapwLubM50Y0172nLGE2cTWc3h8AJReD/yyQTzmXhWD9nZ90pYcrehqv73i sU0VEOdGQndwzEri8ouqEKTRBLGnAzvsnbmP2EZWRkdBBg5QjbvmarDD2VF8juvpNvKS ff6S0cJTya7BpeeybmY0jZAuLFSZmWVY6jQfF6ZxQKJDD7cHxR4BsQdqtBp/3d4DGhDf 8wBA==
X-Gm-Message-State: ALoCoQkR7cL2T6tUkYzYTweu0vLxvJHTn3QvABPj/Vt6IMFgUwwiT18CAACaE1V9VwaxwlEsIubI
X-Received: by 10.50.79.161 with SMTP id k1mr18898922igx.14.1425550219657; Thu, 05 Mar 2015 02:10:19 -0800 (PST)
Received: from mail-ig0-f171.google.com (mail-ig0-f171.google.com. [209.85.213.171]) by mx.google.com with ESMTPSA id h15sm4688803ioh.27.2015.03.05.02.10.18 for <rtcweb@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 05 Mar 2015 02:10:18 -0800 (PST)
Received: by igbhn18 with SMTP id hn18so44564953igb.2 for <rtcweb@ietf.org>; Thu, 05 Mar 2015 02:10:17 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.42.247.68 with SMTP id mb4mr2613401icb.2.1425550217313; Thu, 05 Mar 2015 02:10:17 -0800 (PST)
Received: by 10.36.20.10 with HTTP; Thu, 5 Mar 2015 02:10:17 -0800 (PST)
In-Reply-To: <CALiegfkipJhsy7-40+=d9xMUf4RJGdn3_fABL3NN2KuFNvS2BA@mail.gmail.com>
References: <54F74B02.1070902@jive.com> <CAD5OKxs8JYG3-Vvndi59ZrdPE7UTj22ozD4tcWTHgzWrHv=q7Q@mail.gmail.com> <54F756B2.60408@jive.com> <7594FB04B1934943A5C02806D1A2204B1D726AD8@ESESSMB209.ericsson.se> <CAD5OKxu7py3HbrFjxTDZS5ECFzx7vd=wpjve-gT6gWwksjEu+g@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D726B71@ESESSMB209.ericsson.se> <CABcZeBO1O6sA8MqvWkCDu3RPLz5-P2G65Us28i0baOavDnRT7Q@mail.gmail.com> <CAD5OKxuWCdgMR5Kxjv9BSwZ3Jm9kGXx9Pi-9FrfsnuQZ_91jAA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D726DC1@ESESSMB209.ericsson.se> <CALiegfkipJhsy7-40+=d9xMUf4RJGdn3_fABL3NN2KuFNvS2BA@mail.gmail.com>
Date: Thu, 05 Mar 2015 05:10:17 -0500
Message-ID: <CAD5OKxuH8n=X=Sxoar90dNJ3wbsHYK3Bm7reuJP=Mu9fEsSoQQ@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Content-Type: multipart/alternative; boundary="90e6ba1ef2ea50071a051087c63d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/yVgzY35TzIo8BUHzqYbf2BoSQzU>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] DTLS, DTLS-SRTP, and 5-tuples
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Mar 2015 10:10:21 -0000

On Wed, Mar 4, 2015 at 7:44 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote:

> Take into account that when aggressive ICE nomination is being done, a
> peer sends multiple STUN requests with USE-CANDIDATE at the same time
> and DTLS ClientHello after each of them. At the end this means that
> the receiver must be ready to receive DTLS packets via different
> 5-tuples at the same time, all of them belonging to the same DTLS
> association/connection.
>

I am not sure this is entirely correct.  My assumption was that during
aggressive ICE nomination, an end point will send DTLS ClientHello over the
first candidate pair where ICE connectivity check succeeds. The end point
should be ready to receive DTLS messages over any ICE candidate pair. If
end point does not receive response to DTLS ClientHello it should
re-transmit ClientHello over the highest priority ICE candidate pair at the
time of the re-transmission. I do not think there is any need to send
multiple DTLS ClientHello messages at the same time over multiple candidate
pairs. In other words, an end point should treat ICE as a single virtual
channel, where data is transmitted over the highest priority ICE candidate
pair for which the connectivity check succeeded and process data received
from any non-pruned ICE candidate pair. There is no need to trombone the
data over all the candidate pairs when it is being sent out. This should
fit nicely with existing DTLS implementations.
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email