Re: PeerConnection Data Channel

On 9/3/2011 8:10 AM, Eric Rescorla wrote:
> On Fri, Sep 2, 2011 at 11:17 AM, Matthew Kaufman
> <matthew.kaufman@skype.net>  wrote:
>
>> DTLS is even
>> more obvious of course.
> Indeed. Experience has shown that designing even this kind of simple security
> protocol is hard. In this case it seems extraordinarily inadvisable
> given that we
> have a well-defined IETF Standards Track protocol designed specifically for
> the purpose of securing datagram transmissions.
>

This just gives more weight to:
  prefer DTLS-SRTP for media (and DTLS for data)
  allow plain RTP for media (but not allow data when plain RTP is in use)
  disallow SRTP (and data) with any other type of keying (i.e. SDES)

or, perhaps even better, disallow plain RTP for media as well.

Matthew Kaufman

Received on Monday, 5 September 2011 03:56:21 UTC