- From: Bernard Aboba via GitHub <sysbot+gh@w3.org>
- Date: Sun, 18 Jun 2017 01:32:24 +0000
- To: public-webrtc-logs@w3.org
@martinthomson @stefhak Yes, it does match reasonably. [draft-ietf-rtcweb-security-arch](https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-12#page-16) Section 5.5 says: All implementations MUST implement DTLS 1.0, with the cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA with the the P-256 curve [FIPS186]. The DTLS-SRTP protection profile SRTP_AES128_CM_HMAC_SHA1_80 MUST be supported for SRTP. Implementations SHOULD implement DTLS 1.2 with the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite. Implementations MUST favor cipher suites which support PFS over non- PFS cipher suites and SHOULD favor AEAD over non-AEAD cipher suites. [RFC 5246](https://tools.ietf.org/html/rfc5246#page-65 ) Section 5.5 says: In the absence of an application profile standard specifying otherwise, a TLS-compliant application MUST implement the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA (see Appendix A.5 for the definition). -- GitHub Notification of comment by aboba Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1315#issuecomment-309250773 using your GitHub account
Received on Sunday, 18 June 2017 01:32:31 UTC