[asterisk-dev] DTLS-SRTP support and WebRTC: a report

Joshua Colp jcolp at digium.com
Sat Jun 1 07:23:56 CDT 2013 

Lorenzo Miniero wrote:
> Hi Joshua,
>
> I'm glad you appreciated the effort!
> I've added just a couple of comments inline.

> Of course: I'll try and clean up the patch I have now, especially with
> respect to point 6, and submit it.
> Is it ok to use the same github repository I've created for the Opus/VP8
> patch, or would you rather have it submitted somewhere else?

Anything you would like to get into the tree must be submitted through 
the Asterisk issue tracker at https://issues.asterisk.org/jira with a 
license agreement. I can't look at anything elsewhere.

> About this, by talking with Chrome developers on the discuss-webrtc
> Google group, I found out another issue related to the separate RTP and
> RTCP DTSL setup, which also explains why SRTCP doesn't work when using
> DTLS to exchange keys. The fact that muxing is not used, also implies
> that different keys are negotiated by the browsers via DTLS for RTP and
> RTCP: this doesn't happen for SDES, instead, where the SRTP keys are the
> same for both RTP and RTCP.
>
>  From what I've understood, SRTP integration in Asterisk was conceived
> to have RTP and RTCP share the keys, so mostly for the SDES case, and
> this is why SRTCP packets Asterisk sends are discarded by the peer. I've
> briefly tried looking in the code to see how difficult also allowing
> them to be different would be, but so far I couldn't find anything. I
> guess the easiest approach will be to have two completely separate SRTP
> contexts for the two protocols, a bit like I did for the DTLS-related
> stuff in the first place, but I'm afraid this could mess up the code way
> beyond the benefit. Do you have any hint on where I could try and work
> to make this work in a way that is consistent with the current Asterisk
> code?

Yes, for SDES as they are the same media stream within the SDP they 
share the same keying information.

So really there's two options...

1. Do as you are saying and have two separate DTLS/SRTP contexts. 
There's no way around this and it would get messy.

2. Add RTP/RTCP muxing support.
My gut tells me this wouldn't be as messy and more isolated in the end.

Cheers,

-- 
Joshua Colp
Digium, Inc. | Senior Software Developer
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
Check us out at:  www.digium.com  & www.asterisk.org

More information about the asterisk-dev mailing list