[botan-devel] DTLS-SRTP support

Iñaki Baz Castillo ibc at aliax.net
Fri Aug 1 10:24:33 EDT 2014


2014-08-01 15:59 GMT+02:00 Jack Lloyd <lloyd at randombit.net>:
> This would be pretty easy to add as key material export is already
> supported, but I don't have the time right now to work on it myself.
> It would mostly involve defining the extension structure and adding
> another API to the Policy class to specify which SRTP profiles are
> desired. If you're interested in writing it yourself I'd be happy
> to help, otherwise I may be able to get to it later this year.

I will try. May you please give me some initial guidelines on ho to
start? I assume I can inspect any other TLS extension supported by
Botan.


> However one additional problem remains, which is that currently the
> DTLS implementation does not handle timeouts or retransmissions during
> the handshake. So it works fine with reliable datagrams like SCTP but,
> at the moment, likely rather less well on UDP over the Internet. And
> it may be a while before I have a free day or three blocked off for
> that, summer is a busy season for me.

Let me a question: I assume that the missing timeout API would be
similar to the one in OpenSSL, in which the library provides two
functions:
- dtls_get_timeout() which returns the timeout value for the user to
set its own timer.
- dtls_handle_timeout() which is invoked by the user after the value
retrieved from the previous method, and would write the retransmission
message into the network write buffer.

Am I right?

Thanks a lot.


-- 
Iñaki Baz Castillo
<ibc at aliax.net>


More information about the botan-devel mailing list