- From: Peter Thatcher via GitHub <sysbot+gh@w3.org>
- Date: Thu, 30 Mar 2017 19:10:50 +0000
- To: public-webrtc-logs@w3.org
Taylor and I did some call flow analysis and came to the following conclusion: this is not possible with standard ICE and DTLS. Here's why: 1. You can *receive* DTLS from the remote side before receiving the remote description (and thus fingerprint). This happens if the remote side sends an ICE connectivity check and the local side sends a response and then the remote side sends a DTLS packet. 2. You cannot *send* DTLS from the local side before receiving the remote description (and thus fingerprint). This is because you can't send an ICE connectivity check until you have the remote ICE ufrag and pwd, and thus can't get an ICE connectivity check response, and thus can't send DTLS. This is because you can't send anything other than ICE until you get an ICE connectivity check response. 3. Since you can't send DTLS, you can't complete the handshake, and thus can't extract the SRTP key. It could work with ICE+SDES, but I don't see how it can work with ICE+DTLS. Maybe that's why 1-800-fedex was discussed as a use case for WebRTC in the early days before we chose to mandate DTLS. But now that DTLS is required, I think that this use case is impossible. -- GitHub Notification of comment by pthatcherg Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/849#issuecomment-290514459 using your GitHub account
Received on Thursday, 30 March 2017 19:10:56 UTC