Skip to first unread message
Tommok
Apr 27, 2015, 4:49:38 AM4/27/15
to turn-server-project...@googlegroups.com
As checked the feature of RFC5766 Classic use case, Turn Server can receive DTLS packet and change it to UDP packet.
if the packet is SRTP, can it be changed to RTP?
or the logic should be DTLS-SRTP changed to UDP-SRTP? will the packet remain the same encryption?
Oleg Moskalenko
Apr 28, 2015, 4:33:22 AM4/28/15
to Tommok, turn-server-project...@googlegroups.com
DTLS-SRTP traffic is an end-to-end encrypted payload. The TURN server
does not have the key to decrypt it. It simply passes it through.
You are mixing two different DTLS'es: one that is used to encrypt the
client-to-server traffic, and another that is an encapsulated
end-to-end traffic.
Oleg
> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> turn-server-project-rfc57...@googlegroups.com.
> To post to this group, send email to
> turn-server-project...@googlegroups.com.
> Visit this group at
> http://groups.google.com/group/turn-server-project-rfc5766-turn-server.
> For more options, visit https://groups.google.com/d/optout.
does not have the key to decrypt it. It simply passes it through.
You are mixing two different DTLS'es: one that is used to encrypt the
client-to-server traffic, and another that is an encapsulated
end-to-end traffic.
Oleg
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> turn-server-project-rfc57...@googlegroups.com.
> To post to this group, send email to
> turn-server-project...@googlegroups.com.
> Visit this group at
> http://groups.google.com/group/turn-server-project-rfc5766-turn-server.
> For more options, visit https://groups.google.com/d/optout.
Tommok
Apr 29, 2015, 5:54:00 AM4/29/15
to turn-server-project...@googlegroups.com, chm...@gmail.com
Can Turn Server decrypt the part of DTLS in DTLS-SRTP?
then the peer party is SBC, which can decrypt SRTP to RTP [UDP] packet.
As I know that the usage of DTLS in DTLS-SRTP is for encryption the key of SRTP.
As long as Turn Server can help to decrypt the part of DTLS and transfer the key of SRTP to SBC, it should be able to decrypt the SRTP to RTP.
is it any misunderstanding of concept?
Please advise.
Oleg Moskalenko於 2015年4月28日星期二 UTC+8下午4時33分22秒寫道:
DTLS-SRTP traffic is an end-to-end encrypted payload. The TURN server
does not have the key to decrypt it. It simply passes it through.
You are mixing two different DTLS'es: one that is used to encrypt the
client-to-server traffic, and another that is an encapsulated
end-to-end traffic.
Oleg
On Mon, Apr 27, 2015 at 1:49 AM, Tommok <chm...@gmail.com> wrote:
> As checked the feature of RFC5766 Classic use case, Turn Server can receive
> DTLS packet and change it to UDP packet.
> if the packet is SRTP, can it be changed to RTP?
>
> or the logic should be DTLS-SRTP changed to UDP-SRTP? will the packet remain
> the same encryption?
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "TURN Server (Open-Source project)" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to
> To post to this group, send email to
Oleg Moskalenko
Apr 29, 2015, 11:49:29 AM4/29/15
to Tommok, turn-server-project...@googlegroups.com
Again, you are talking about different DTLSes. The short answer is "no".
Sent from my iPhone
Sent from my iPhone
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To post to this group, send email to turn-server-project...@googlegroups.com.
Tommok
Apr 29, 2015, 10:36:01 PM4/29/15
to turn-server-project...@googlegroups.com, chm...@gmail.com
even there is different DTLS, turn server can also mechanically decrypt from DTLS to UDP packet, am I correct?
if yes, is it mean that turn server can offload the packet from DTLS to SDES keys and pass through SRTP?
Please advise.
Oleg Moskalenko於 2015年4月29日星期三 UTC+8下午11時49分29秒寫道:
Oleg Moskalenko
Apr 30, 2015, 2:02:04 AM4/30/15
to Tommok, turn-server-project...@googlegroups.com
No. TURN traffic has headers and payloads, it is encapsulated traffic. DTLS-SRTP is encapsulated inside TURN traffic. Event if your have the keys, you cannot mechanically decrypt the traffic; you first have to de-capsulate it. It would require a very custom server implementation; and it would be not a TURN server, but a proprietary special-purpose server.
> To post to this group, send email to
> Visit this group at
> http://groups.google.com/group/turn-server-project-rfc5766-turn-server.
> For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "TURN Server (Open-Source project)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To post to this group, send email to turn-server-project...@googlegroups.com.
Visit this group at http://groups.google.com/group/turn-server-project-rfc5766-turn-server.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "TURN Server (Open-Source project)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To post to this group, send email to turn-server-project...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages