On Friday 16 January 2009 18:18:54 Eric Rescorla wrote: > On Fri, Jan 16, 2009 at 6:01 PM, Justin Karneges <[email protected]> wrote: > > On Friday 16 January 2009 15:39:31 Peter Saint-Andre wrote: > >> So we'd need a way to exchange information about the association via > >> Jingle. In DTLS-SRTP you need a separate DTLS-SRTP session for each > >> host/port quartet, but you can share the same *DTLS* session for > >> multiple DTLS-SRTP sessions. > > > > Yes, although it's unclear to me how you're suggesting DTLS be used here. > > As I understand it, DTLS-SRTP requires an existing DTLS session to > > operate. > > I'm not sure what you mean by "existing". DTLS-SRTP is an inband > key management protocol, so you set up a DTLS association inline with > the SRTP channel.
"Existing" was poor wording, and I got confused when Peter mentioned sharing. I meant that you have to first establish a DTLS association as you would normally, and only after that can you generate SRTP packets. For some reason I thought DTLS-SRTP was merely a framing format, and so referencing that spec alone was not enough to imply that a DTLS negotiation has taken place. Rereading the DTLS-SRTP draft, I see there's more to the document than just Section 5.1, and I also now understand what was meant about sharing. Looks good to me then. -Justin
