[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Additional use cases? (Re: Plan for moving forward)

To: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: Additional use cases? (Re: Plan for moving forward)
From: Lakshminath Dondeti <ldondeti@xxxxxxxxxxxx>
Date: Thu, 07 Jun 2007 10:23:13 -0700
Cc: Dan Wing <dwing@xxxxxxxxx>, ietf-rtpsec@xxxxxxx, "'Sam Hartman'" <hartmans-ietf@xxxxxxx>, "'Tim Polk'" <tim.polk@xxxxxxxx>, jon.peterson@xxxxxxxxxxx
In-reply-to: <20070607132804.3EDDC33C58@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
References: <07b201c7a737$f0526500$c2f0200a@xxxxxxxxxxxxxx> <46679A8E.1080005@xxxxxxxxxxxx> <20070607132804.3EDDC33C58@xxxxxxxxxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.0 (Windows/20070326)

Actually the use cases probably won't be a big problem. If theClientHello can be sent by the caller via the signaling path, bothcases, the caller being the client or the server can be addressed.Nothing else needs to change, AFAICT.


thanks,
Lakshminath

On 6/7/2007 6:28 AM, Eric Rescorla wrote:

At Wed, 06 Jun 2007 22:41:34 -0700,
Lakshminath Dondeti wrote:
I guess I talked about the generic case a few times, so let's start withan example. Consider the use case of using calling cards
Alice is a SIP Phone, and Uma wants to use it to make a call to Bob(Calling card Server).
Case 1: Uma registers Alice as an authorized phone with Bob. Thecurrent model of DTLS-SRTP works (although it reverses the client-serverrelationship).
Why does this reverse the client-server relationship?

1. DTLS-SRTP requires that both sides have certificates, but EITHER
side can have a self-signed cert or a third-party cert. This is true
no matter which side is client or server.
2. The client-server relationship in DTLS-SRTP is actually independent
of who is the caller. It's controlled by passive/active attributes
in the SDP. In general, it's attractive for the answerer to be the
client, purely for the performance reason that if you're not using
ICE you want the ClientHello to be sent immediately to minimize RTTs.
[With ICE, the performance issues are more complicated and depend
on which side is controlling and whether you are doing aggressive
or regular nomination].
Case 2: Alice is any SIP Phone and Uma makes a call using it. Uma mayaccept Bob's identity asserted through the SIP infrastructure, but wantsto authenticate via a secure channel established with Bob authenticatedand Uma will authenticate by sending calling card information (username,password, or just password) as DTMF tones in the media path. (Note: Umamay not necessarily trust Bob's identity asserted through the SIPinfrastructure.)
Case 3: Bob's identity is asserted in the media path and Uma enters thecalling card information as DTMF tones in the media path.
In other contexts, the terms user-identity and device-identity have alsobeen used.
Note that priority call placement use case is similar.
I don't understand why you think that any of these cases presents
a problem.
You just do the ordinary SIP-Identity + DTLS-SRTP handshake,
which are all about protecting the signalling channel and binding
it to the media and then you pass the DTMF or whatever in the
media. This works fine.

-Ekr

Follow-Ups:
- Re: Additional use cases? (Re: Plan for moving forward)
  - From: Richard Barnes
- Re: Additional use cases? (Re: Plan for moving forward)
  - From: Richard Barnes

References:
- RE: Plan for moving forward
  - From: Dan Wing
- Additional use cases? (Re: Plan for moving forward)
  - From: Lakshminath Dondeti
- Re: Additional use cases? (Re: Plan for moving forward)
  - From: Eric Rescorla

Prev by Date: Re: Plan for moving forward
Next by Date: Re: Additional use cases? (Re: Plan for moving forward)
Previous by thread: Re: Additional use cases? (Re: Plan for moving forward)
Next by thread: Re: Additional use cases? (Re: Plan for moving forward)
Index(es):
- Date
- Thread