- From: Bernard Aboba <Bernard.Aboba@microsoft.com>
- Date: Fri, 18 Jul 2014 18:38:33 +0000
- To: "public-ortc@w3.org" <public-ortc@w3.org>
Filed by Rajesh Gunnalan:
RFC 5764 Section 4.2 (see below) discusses how DTLS/SRTP sessions are used to derive distinct RTP and RTCP keys, in the case where RTP and RTCP are not multiplexed. My understanding is that distinct DTLS/SRTP sessions for RTP and RTCP can occur within a single DTLS session. In that case the use of separate DTLS transports for RTP and RTCP does not make sense -- you should just have a single DTLS transport with a "mux" property.
RFC 5764 Section 4.2:
When both RTCP and RTP use the same source and destination ports,
then both the SRTP and SRTCP keys are needed. Otherwise, there are
two DTLS-SRTP sessions, one of which protects the RTP packets and one
of which protects the RTCP packets; each DTLS-SRTP session protects
the part of an SRTP session that passes over a single source/
destination transport address pair, as shown in Figure 2, independent
of which SSRCs are used on that pair. When a DTLS-SRTP session is
protecting RTP, the SRTCP keys derived from the DTLS handshake are
not needed and are discarded. When a DTLS-SRTP session is protecting
RTCP, the SRTP keys derived from the DTLS handshake are not needed
and are discarded.
Client Server
(Sender) (Receiver)
(1) <----- DTLS ------> src/dst = a/b and b/a
------ SRTP ------> src/dst = a/b, uses client write keys
(2) <----- DTLS ------> src/dst = c/d and d/c
------ SRTCP -----> src/dst = c/d, uses client write keys
<----- SRTCP ------ src/dst = d/c, uses server write keys
Figure 2: A DTLS-SRTP session protecting RTP (1) and another one
protecting RTCP (2), showing the transport addresses and keys used.
Received on Friday, 18 July 2014 18:39:04 UTC