[erlang-questions] DTLS/SRTP for WebRTC

Ingela Andin ingela.andin@REDACTED
Mon Nov 17 11:30:49 CET 2014


Hi!


2014-11-15 8:14 GMT+01:00 Benoit Chesneau <bchesneau@REDACTED>:

>
>
> On Sunday, November 2, 2014, Ingela Andin <ingela.andin@REDACTED> wrote:
>
>> Hi!
>>
>> 2014-10-30 22:33 GMT+01:00 pablo platt <pablo.platt@REDACTED>:
>>
>>> Hi,
>>>
>>> What is the state of DTLS in OTP?
>>>
>>
>> Alas Ericsson has prioritised quite a few other things higher than DTLS
>> just lately so the implementation has been delayed.
>> I hope it will get back on track soon but I am afraid you can no count on
>> it in a short term perspective.
>>
>> Regards Ingela Erlang/OTP team - Ericsson AB
>>
>>
>
>  what is missing currently? is there a list of tasks and
> known bus available?
>
>
No there is no such public list.  The big show stopper is that the
implementation of the DTLS-connection process is not finished. To try to
summarize

We do not want bugs in DTLS connections to affect TLS-connections so the
connection processes must be separately implemented.  DTLS is
defined as a diff against TLS and that is how we want to structure the
implementation.

The TLS  connection process is implemented by tls_connection.erl  and the
DTLS connection shall be in dtls_connection.erl which is only in a sketch
state.
Both implementations use ssl_connection.erl to handle common parts, however
some calls in the DTLS code might not be quite up to date.
The same is true for tls_handshake/record/alert, dtls_hanshake/record/alert
, ssl_handhake/record/alert. There might be a need of further refactoring
to make this approach work the whole way.

Something the we will also will need is the  heart beat extension (RFC
6520)  which is fairly separate so it could be easy for some one to
contribute the basic support
for this.

Our next goal is to make a test suite against openSSL DTLS so that we can
have a test driven development of the DTLS connection process.

Regards Ingela Erlang/OTP team - Ericsson A




> - benoit
>
>>
>>
>>>
>>> I'm interested in using DTLS/SRTP in Erlang for WebRTC.
>>>
>>> I've found two implementations:
>>>
>>> Clean code but I couldn't make it work because it's missing SRTP support.
>>> https://github.com/RoadRunnr/otp/tree/new_crypto_dtls
>>>
>>> This works quite well. I'm able to connect clients to the server:
>>> https://groups.google.com/d/msg/discuss-webrtc/MP-1sCrOljA/qAs4VK-18y4J
>>>
>>> The problem is that some clients can't connect and I'm getting HANDSHAKE
>>> packets while in the CIPHER state in the following order:
>>> HANDSHAKE, SERVER_HELLO
>>> HANDSHAKE, CERTIFICATE
>>> HANDSHAKE, SERVER_KEY_EXCHANGE
>>> HANDSHAKE, CERTIFICATE_REQUEST
>>> HANDSHAKE, SERVER_HELLO_DONE
>>>
>>> I'm assuming that is related to wrong state change or retransmission.
>>> The code only implement retransmission for two packet types and have the
>>> following comment:
>>> %% problem remainning: different strategy should be adopted while
>>> state==hello or cipher.
>>>
>>> Does anyone use DTLS/SRTP in Erlang and help solve this issue or
>>> recommend another solution?
>>>
>>> Thanks
>>>
>>>
>>> _______________________________________________
>>> erlang-questions mailing list
>>> erlang-questions@REDACTED
>>> http://erlang.org/mailman/listinfo/erlang-questions
>>>
>>>
>>
>
> --
> Sent from my Mobile
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20141117/da47fe02/attachment.htm>


More information about the erlang-questions mailing list