Kashif Husain
2014-04-16 10:43:52 UTC
Hello all,
We have a scenario where my endpoint receives multiple crypto in the offer
it selects two of them responds with them in the answer:
Offer:
a=crypto:1 AES_CM_256_HMAC_SHA1_32
inline:raAXCEI2rA+J7VjZo2Z906Lwa+KHSUAW407zRJYwNOSVW5o2HtrdTyI9kq7mnA==|2^31
a=crypto:2 AES_CM_256_HMAC_SHA1_80
inline:A+F16iuXY0PISxw/nGLw+XPUWuC8xbwe7iW7mfvd9N74+aY8Bf+IyV5rVjfgmA==|2^31
a=crypto:3 AES_CM_128_HMAC_SHA1_32
inline:bshMlMoqfvrq3wq+AzhIRpe+ItcQOdlTpWk5hIkl|2^31
a=crypto:40 AES_CM_128_HMAC_SHA1_80
inline:1d97gWFDflDFwhwQ3v5lxyfXb71HiYZj7KWcOmxY|2^31
Answer:
a=crypto:40 AES_CM_128_HMAC_SHA1_80
inline:rMForMVpTrQku+UmbMVBsPiSNXyiwORmHpwU7cAH|2^31
a=crypto:2 AES_CM_256_HMAC_SHA1_80
inline:gZHOYoDVOBWyTaSbP3sW9CFbinuxZnetVe5LVBxqXJzrss9kW1qRzgdO9AQZQw==|2^31
My endpoints selects two of the valid matching crypto and sends this back
in the answer. Now the offerer claims that we should have responded with
only ONE crypto citing these excerpts from rfc4568.
1) The ordering of multiple "a=crypto" lines is significant: the most
preferred crypto line is listed first. Each crypto attribute
describes the crypto-suite, key(s), and possibly session parameters
offered for the media stream. In general, a "more preferred"
crypto-suite SHOULD be cryptographically stronger than a "less
preferred" crypto-suite.
2) When the answerer receives the initial offer with one or more crypto
attributes for a given unicast media stream, the answerer MUST either
accept exactly one of the offered crypto attributes, or the offered
stream MUST be rejected
Our understanding of second point is that we can send multiple crypto in
the answer incase they exactly matches with those received in the offer.
Need your inputs regarding our understanding of this scenario.
Thanks in advance.
-kashif
We have a scenario where my endpoint receives multiple crypto in the offer
it selects two of them responds with them in the answer:
Offer:
a=crypto:1 AES_CM_256_HMAC_SHA1_32
inline:raAXCEI2rA+J7VjZo2Z906Lwa+KHSUAW407zRJYwNOSVW5o2HtrdTyI9kq7mnA==|2^31
a=crypto:2 AES_CM_256_HMAC_SHA1_80
inline:A+F16iuXY0PISxw/nGLw+XPUWuC8xbwe7iW7mfvd9N74+aY8Bf+IyV5rVjfgmA==|2^31
a=crypto:3 AES_CM_128_HMAC_SHA1_32
inline:bshMlMoqfvrq3wq+AzhIRpe+ItcQOdlTpWk5hIkl|2^31
a=crypto:40 AES_CM_128_HMAC_SHA1_80
inline:1d97gWFDflDFwhwQ3v5lxyfXb71HiYZj7KWcOmxY|2^31
Answer:
a=crypto:40 AES_CM_128_HMAC_SHA1_80
inline:rMForMVpTrQku+UmbMVBsPiSNXyiwORmHpwU7cAH|2^31
a=crypto:2 AES_CM_256_HMAC_SHA1_80
inline:gZHOYoDVOBWyTaSbP3sW9CFbinuxZnetVe5LVBxqXJzrss9kW1qRzgdO9AQZQw==|2^31
My endpoints selects two of the valid matching crypto and sends this back
in the answer. Now the offerer claims that we should have responded with
only ONE crypto citing these excerpts from rfc4568.
1) The ordering of multiple "a=crypto" lines is significant: the most
preferred crypto line is listed first. Each crypto attribute
describes the crypto-suite, key(s), and possibly session parameters
offered for the media stream. In general, a "more preferred"
crypto-suite SHOULD be cryptographically stronger than a "less
preferred" crypto-suite.
2) When the answerer receives the initial offer with one or more crypto
attributes for a given unicast media stream, the answerer MUST either
accept exactly one of the offered crypto attributes, or the offered
stream MUST be rejected
Our understanding of second point is that we can send multiple crypto in
the answer incase they exactly matches with those received in the offer.
Need your inputs regarding our understanding of this scenario.
Thanks in advance.
-kashif