Re: [AVTCORE] Suite B Profile for DTLS-SRTP Internet-Draft

["Igoe, Kevin M." <kmigoe@nsa.gov>]

Magnus:

  Thanks for your input.  We'll put this under avtcore per your request.
As to allowing keying methods other than DTLS, we have no objections
(obviously) to non-Suite B implementations using them, but in an
effort to maximize interoperability betwixt Suite B SRTP implementations
policy dictates that only DTLS keying will be allowed in Suite B mode.
If another keying methods is used, it is by definition not Suite B compliant.

If you think it would be helpful, we could mention the existence of the MIKEY 
and Security description keying mechanisms, but only with the caveat that their 
use is forbidden when running in Suite B mode.



> -----Original Message-----
> From: Magnus Westerlund [mailto:magnus.westerlund@ericsson.com]
> Sent: Tuesday, May 31, 2011 4:53 AM
> To: Peck, Michael A
> Cc: avt@ietf.org; Igoe, Kevin M.
> Subject: Re: [AVTCORE] Suite B Profile for DTLS-SRTP Internet-Draft
> 
> Hi,
> 
> If I understand this document correctly there are actually three pieces
> to it:
> 
> - The SuiteB Crypto algorithms for SRTP
> - The SuiteB specific DTLS-SRTP procedures
> - Registration of DTLS-SRTP protection profiles
> 
> Thus in light of this document and also the ARIA SRTP registration I
> think we should discuss how to handle SRTP crypto algorithms and their
> connection to the keying mechanisms.
> 
> SRTP has at least three different IETF define ways to be keyed:
> - DTLS-SRTP [RFC5764]
> - MIKEY [3830]
> - Security Descriptions [RFC 4568]
> 
> And to my understanding they are all used somewhere.
> 
> From my perspective as WG chair I wonder if shouldn't require anyone
> that creates a new crypto suit for SRTP to also create the suite
> profiles / identifiers for all of these three keying mechanisms?
> 
> Opinions?
> 
> 
> Secondly, as the part that define the SRTP crypto algorithm needs to go
> through this WG I would recommend the authors to submit their draft
> with
> a new filename that includes avtcore as the second part in the
> filename,
> for example as: draft-peck-avtcore-suiteb-dtls-srtp-00.txt
> 
> Cheers
> 
> Magnus Westerlund
> WG Chair
> 
> On 2011-05-26 19:26, Peck, Michael A wrote:
> > Kevin Igoe and I have submitted draft-peck-suiteb-dtls-srtp-00, Suite
> B Profile for Datagram Transport Layer Security / Secure Real-time
> Transport Protocol (DTLS-SRTP) as an independent submission.  We would
> appreciate any comments.
> >
> > http://www.ietf.org/internet-drafts/draft-peck-suiteb-dtls-srtp-
> 00.txt
> >
> > Abstract
> >
> >    The United States government has published guidelines for "NSA
> Suite
> >    B Cryptography", which defines cryptographic algorithm policy for
> >    national security applications.  This document describes the use
> of
> >    Suite B cryptography with the Datagram Transport Layer Security
> >    (DTLS) protocol, the Secure Real-Time Protocol (SRTP), and the
> Secure
> >    Real-Time Control Protocol (SRTCP) to provide a robust
> architecture
> >    for securing real-time data.
> >
> > Thanks,
> > Mike Peck
> > _______________________________________________
> > Audio/Video Transport Core Maintenance
> > avt@ietf.org
> > https://www.ietf.org/mailman/listinfo/avt
> >
> 
> 
> --
> 
> Magnus Westerlund
> 
> ----------------------------------------------------------------------
> Multimedia Technologies, Ericsson Research EAB/TVM
> ----------------------------------------------------------------------
> Ericsson AB                | Phone  +46 10 7148287
> Färögatan 6                | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------