Open Bug 1320903 Opened 9 years ago Updated 3 years ago

Add support for DTLS re-handshake

Categories

(Core :: WebRTC: Networking, defect, P3)

Product:
Core
Component:
WebRTC: Networking
Version:
53 Branch
Type:
defect

Tracking

()

Tracking Flags:
Tracking Status
firefox53 --- affected
Blocking Flags:
backlog webrtc/webaudio+

People

(Reporter: ggb, Unassigned)

References

Details

Changing the fingerprint during an ice restart should be allowed, see https://github.com/openpeer/ortc/issues/93#issuecomment-47406008 and the RFC 5245 section referenced there. Right now it works with Chrome and changing the DTLS fingerprint initiates a new DTLS handshake generating new SRTP keys but it doesn't work with Firefox.
I thin rather than the pretty vague wording from RFC 5245 we should look at https://datatracker.ietf.org/doc/draft-ietf-mmusic-dtls-sdp/ Which then sounds like it becomes implementing 'dtls-id', for which we have already bug 1319681.
backlog: --- → webrtc/webaudio+
Rank: 29
Priority: -- → P2
See Also: → 1319681
Thx Nils. 'dtls-id' support would be even better because we use the same certificate in our media servers and that would allows us to migrate the calls. But maybe it is easier if FF supports the rehandshake on fingerprint change first. As far as I know dtls-id is not implemented by Chrome so anyway developers would need to change the fingerprint to have a cross-browser solution.
I would like to understand the usage scenario first. You are doing an ICE restart, with a new DTLS cert fingerprint in the re-offer, to be able to migrate a running call from one media server to another (where both servers use different certs)? Or in other words you are asking to allow DTLS re-handshake only as part of an ICE restart, right? Because just doing DTLS re-handshake without an ICE restart violates the spec AFAIK.
Flags: needinfo?(ggb)
Correct. In all the use cases we have in mind so far (the most important is probably migrating calls from one media server to another) there is an ice restart at the same time we do the new dtls handshake. Ideally we would prefer to reuse the same certs in all the media servers, but even if we have to have different ones that would be good enough for us.
Flags: needinfo?(ggb)
Mass change P2->P3 to align with new Mozilla triage process.
Priority: P2 → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.