Tim Panton - Protocol Droid

Westhawk Ltd

What to do now you have a

hole in the ice

https://www.flickr.com/photos/dougbrown47/

Make a secure P2P media

+ data connection?

Use existing protocols:

SRTP x2 - encrypted RTP for voice + video

DTLS - secure set up

SCTP - datagram protocol

RTCP - channel stats and management

Multiplex all the things

+----------------+

| 127 < B < 192 -+--> forward to RTP

| |

packet --> | 19 < B < 64 -+--> forward to DTLS

| |

| B < 2 -+--> forward to ICE

+----------------+

Huh ? Why is ICE there ?

Continuing consent to send:

We are sending ~1mbit/s of video

Imagine the user closes the receiving tab

Signalling is gone

ICE re-tests connection every 30s

Can re-establish a session over different path

We know all about RTP

Maybe not:

SRTP - but uses DTLS to exchange the keys.

Possibly multiple multiplexed streams

RTCP too.

Optional Headers (voice level etc)

DTLS - what is that?

TLS (aka SSL) ’s UDP cousin:

Uses Public key crypto to exchange session key

Session key extracted and used for SRTP key

Also carries datachannel messages

Does not carry media

DTLS - not quite like SSL

DTLS in webRTC has different requirements:

Does not use PKI - no certs to buy

Has heartbeat

DTLS is client server

Peers have to agree who is the client (rant)

Was all that worth it?

Probably:

Secure - selectable crypto suites

No passwords

No central authority

Distributed system - but existing SRTP code used

You forgot STCP

Oops:

Originally designed to run alongside TCP

webRTC uses it to provide Datachannel transport

Run over DTLS (over UDP)

Useful semantics - more flexible that TCP

More widely used than you think (telcos)

A new layer?

Perhaps:

We have a modern set of secure peer to peer network

protocols supported by > 1bn endpoints and counting.

It runs well over the existing internet infrastructure

Lets use it to build fun stuff.