Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-channel-12.txt> (WebRTC Data Channels) to Proposed Standard

On 11 Oct 2014, at 09:21, Wyss, Felix <Felix.Wyss@inin.com> wrote:

> I'm not looking at this in terms of MitM attacks but for topologies where we want to have back-to-back WebRTC sessions going through a legitimate middlebox.  That middlebox passes the media and data between these sessions while recording and/or performing analytics on it.  Requiring the 
So doesn't it terminate the DTLS connections of both peers?

Best regards
Michael
> middlebox to worry about how the two endpoints might pick SCTP stream identifiers and possibly having to map or rewrite them unnecessarily complicates their implementation.  
> 
> IMHO from the perspective of the data channels, the DTLS layer should be an opaque tunnel ("bump in the stack") that passes packets between endpoints.  The DTLS role of an endpoint that emerges during connection establishment should not be relevant to the operation of the data channels.  Hence my concerns about the abstraction leak.  
> 
> Thanks,
> --Felix
> 
>> -----Original Message-----
>> From: Martin Thomson [mailto:martin.thomson@gmail.com]
>> Sent: Friday, October 10, 2014 16:34
>> To: Wyss, Felix
>> Cc: rtcweb@ietf.org
>> Subject: Re: [rtcweb] Last Call: <draft-ietf-rtcweb-data-channel-12.txt>
>> (WebRTC Data Channels) to Proposed Standard
>> 
>> On 10 October 2014 12:11, Wyss, Felix <Felix.Wyss@inin.com> wrote:
>>> I feel it would be better to explicitly require that applications are
>> responsible for identifier collision avoidance instead of allowing them to rely
>> on the DTLS roles.
>> 
>> Are you suggesting that we might want to consider the effect of a MitM
>> attack on the robustness of this?
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
> 