Date post: | 03-Jul-2015 |
Category: |
Technology |
Upload: | tim-panton |
View: | 130 times |
Download: | 1 times |
Tim Panton - Protocol Droid
Westhawk Ltd
What to do now you have a
hole in the ice
Make a secure P2P media
+ data connection?
Use existing protocols:
SRTP x2 - encrypted RTP for voice + video
DTLS - secure set up
SCTP - datagram protocol
RTCP - channel stats and management
Multiplex all the things
+----------------+
| 127 < B < 192 -+--> forward to RTP
| |
packet --> | 19 < B < 64 -+--> forward to DTLS
| |
| B < 2 -+--> forward to ICE
+----------------+
Huh ? Why is ICE there ?
Continuing consent to send:
We are sending ~1mbit/s of video
Imagine the user closes the receiving tab
Signalling is gone
ICE re-tests connection every 30s
Can re-establish a session over different path
We know all about RTP
Maybe not:
SRTP - but uses DTLS to exchange the keys.
Possibly multiple multiplexed streams
RTCP too.
Optional Headers (voice level etc)
DTLS - what is that?
TLS (aka SSL) ’s UDP cousin:
Uses Public key crypto to exchange session key
Session key extracted and used for SRTP key
Also carries datachannel messages
Does not carry media
DTLS - not quite like SSL
DTLS in webRTC has different requirements:
Does not use PKI - no certs to buy
Has heartbeat
DTLS is client server
Peers have to agree who is the client (rant)
Was all that worth it?
Probably:
Secure - selectable crypto suites
No passwords
No central authority
Distributed system - but existing SRTP code used
You forgot STCP
Oops:
Originally designed to run alongside TCP
webRTC uses it to provide Datachannel transport
Run over DTLS (over UDP)
Useful semantics - more flexible that TCP
More widely used than you think (telcos)
A new layer?
Perhaps:
We have a modern set of secure peer to peer network
protocols supported by > 1bn endpoints and counting.
It runs well over the existing internet infrastructure
Lets use it to build fun stuff.