media-core
media-core copied to clipboard
Review DTLS resources cardinality
This issue is related to #257.
Currently, the handshake process performed by BoucyCastle allows to use multiple certificate resources
, multiple signature algorithms
and only one key resource
. Such cardinality doesn't seems to fit comfortably with the configuration format proposed on #257, so it would be good to investigate further and adapt the configuration and/or implementation accordingly.
Notes:
- If
certificate resources
refers to public key and we intend to allow the configuration of multiple resources, that could be done through a separation token like;
e.g.
<certificate path="../certificate1.pem; ../certificate2.pem;" key="../key.pem" algorithm="rsa"/>
or maybe using a different structure like
<certificate key="../key.pem" algorithm="rsa">
<resource path="../certificate1.pem"/>
<resource path="../certificate2.pem"/>
</certificate>
- For multiple
signature algorithms
the format suggested in #257 properly groups the resources in different elements
<certificates>
<certificate path="../certificate.pem" key="../key.pem" algorithm="rsa"/>
<certificate path="../certificate.pem" key="../key.pem" algorithm="ecdsa"/>
</certificates>
but apparently only one key resource
resource is allowed per handshake, what doesn't allow to use more than one <certificate>
per attempt.