DTLS-SRTP RSA key generation

170 views
Skip to first unread message

Anthony Roach

unread,
Apr 16, 2013, 6:10:36 PM4/16/13
to discuss...@googlegroups.com
I was poking around in the WebRTC native implementation to see how the RSA key pairs for DTLS-SRTP were being generated and it appears that each time an RTCPeerConnection is created it will generate a new 1024 RSA key pair. This surprises me since generating RSA keys is expensive/slow. I had assumed it would reuse RSA keys for some number of sessions instead of making a new one for each session. Am I misunderstanding the code, or am I wrong about the expensive of generating RSA keys?     

Justin Uberti

unread,
Apr 16, 2013, 7:42:19 PM4/16/13
to discuss-webrtc
Yes, this is expensive (100s of ms), but not terrible. We plan to cache the keys in the future, at which point we will turn on DTLS by default (instead of the current opt-in).


On Tue, Apr 16, 2013 at 3:10 PM, Anthony Roach <anthon...@gmail.com> wrote:
I was poking around in the WebRTC native implementation to see how the RSA key pairs for DTLS-SRTP were being generated and it appears that each time an RTCPeerConnection is created it will generate a new 1024 RSA key pair. This surprises me since generating RSA keys is expensive/slow. I had assumed it would reuse RSA keys for some number of sessions instead of making a new one for each session. Am I misunderstanding the code, or am I wrong about the expensive of generating RSA keys?     

--
 
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Bryan

unread,
Apr 16, 2013, 8:16:32 PM4/16/13
to discuss...@googlegroups.com
will you continue to support SDES key exchange indefinitely?

Justin Uberti

unread,
Apr 16, 2013, 8:38:29 PM4/16/13
to discuss-webrtc
"indefinitely" is a strong word, but we have no plans at this time to remove SDES support. If we ever do this, since this is clearly an issue for many applications, we will pre-announce this well in advance.


On Tue, Apr 16, 2013 at 5:16 PM, Bryan <bryand...@gmail.com> wrote:
will you continue to support SDES key exchange indefinitely?

--

Anthony Roach

unread,
Apr 17, 2013, 8:54:01 AM4/17/13
to discuss...@googlegroups.com
Makes sense. Thanks for the response.
Reply all
Reply to author
Forward
0 new messages