Migration to DTLS-SRTP
2,425 views
Skip to first unread message
Justin Uberti
Sep 19, 2013, 1:36:50 PM9/19/13
to discuss-webrtc
At IETF 87 in Berlin, it was decided that DTLS-SRTP will be the only supported keying mechanism, and SDES MUST NOT be supported. DTLS-SRTP is considerably more robust than SDES in terms of resisting attacks, and so we intend to follow the IETF decision in Chrome, phasing out SDES in a multi-step process.
1) In Chrome 31, DTLS is now on by default, although SDES is still offered as well. You no longer need to pass the DtlsSrtpKeyAgreement:true constraint to enable DTLS. Since we are using per-origin certificate caching, the performance hit of generating a DTLS cert is no longer an issue, allowing us to make this the default. No application changes are needed at this time, although DTLS can be disabled by setting DtlsSrtpKeyAgreement:false, which reverts to SDES-only operation.
2) In an upcoming version of Chrome, probably Chrome 33, SDES will no longer be offered by default, and will only be used if a new TBD constraint is specified. For applications that require SDES, this will require an application change to specify this new constraint.
3) In a future version of Chrome, TBD at this point, this SDES constraint will be removed and only DTLS-SRTP will be supported. We expect this to occur sometime in 2014, so please begin migration of your applications to DTLS-SRTP as soon as possible.
Dmitry Suvorov
Sep 20, 2013, 3:07:42 AM9/20/13
to discuss...@googlegroups.com
Hello, Justin!
Is DTLS-SRTP supported in libjingle? (I mean API for XMPP.) Onle SDES was supported in libjingle a half year ago.
Justin Uberti
Sep 20, 2013, 11:37:05 AM9/20/13
to discuss-webrtc
DTLS-SRTP is supported in webrtc standalone, and has been for about a year.
Tthe name libjingle is now deprecated, the old libjingle is now part of webrtc.
--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrt...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Justin Uberti
Sep 20, 2013, 11:37:28 AM9/20/13
to discuss-webrtc
Look at the WebRTC bug tracker - you can see what tasks are associated with which milestones.
Dale O'Connor
Jan 7, 2014, 5:12:14 AM1/7/14
to discuss...@googlegroups.com
Hi Justin,
Are you able to provide any update to points 2 and 3 in the original post? i.e.
2) Will it be Chrome 33 where the application must provide an additional constraint to use SDES? Do you have any further information on what this constraint will look like?
3) Have you decided on the Chrome release where this support for SDES will be finally removed?
Are you able to provide any update to points 2 and 3 in the original post? i.e.
2) Will it be Chrome 33 where the application must provide an additional constraint to use SDES? Do you have any further information on what this constraint will look like?
3) Have you decided on the Chrome release where this support for SDES will be finally removed?
--------------------
Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. CafeX Communications.
Justin Uberti
Jan 8, 2014, 8:24:08 PM1/8/14
to discuss...@googlegroups.com
Thanks for reminding me. We had a couple minor bugs in Chrome 31 with DTLS, so this will push back the deprecation until Chrome 34.
You can track this at https://code.google.com/p/webrtc/issues/detail?id=2774.
Reply all
Reply to author
Forward
0 new messages