Re: [AVTCORE] Last Call: <draft-ietf-avt-srtp-not-mandatory-14.txt> (Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution) to Informational RFC

worley@ariadne.com (Dale R. Worley) Tue, 10 December 2013 19:16 UTC

Return-Path: <worley@shell01.TheWorld.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA4CF1AE042 for <avt@ietfa.amsl.com>; Tue, 10 Dec 2013 11:16:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yqEWEeYSIseQ for <avt@ietfa.amsl.com>; Tue, 10 Dec 2013 11:16:16 -0800 (PST)
Received: from TheWorld.com (pcls6.std.com [192.74.137.146]) by ietfa.amsl.com (Postfix) with ESMTP id DA3E41AE1B1 for <avt@ietf.org>; Tue, 10 Dec 2013 11:16:06 -0800 (PST)
Received: from shell.TheWorld.com (root@shell01.theworld.com [192.74.137.71]) by TheWorld.com (8.14.5/8.14.5) with ESMTP id rBAJFDf9030863; Tue, 10 Dec 2013 14:15:16 -0500
Received: from shell01.TheWorld.com (localhost.theworld.com [127.0.0.1]) by shell.TheWorld.com (8.13.6/8.12.8) with ESMTP id rBAJBsZD571819; Tue, 10 Dec 2013 14:11:54 -0500 (EST)
Received: (from worley@localhost) by shell01.TheWorld.com (8.13.6/8.13.6/Submit) id rBAJBsGL571409; Tue, 10 Dec 2013 14:11:54 -0500 (EST)
Date: Tue, 10 Dec 2013 14:11:54 -0500 (EST)
Message-Id: <201312101911.rBAJBsGL571409@shell01.TheWorld.com>
From: worley@ariadne.com (Dale R. Worley)
Sender: worley@ariadne.com (Dale R. Worley)
To: ietf@ietf.org, avt@ietf.org
In-reply-to: <5B0CCCC0-9E65-467B-A9C8-799CBBB85AA6@cisco.com> (fluffy@cisco.com)
References: <20131122220752.31098.83432.idtracker@ietfa.amsl.com> <1286562B-6C43-4ADC-8999-C70CA356F587@cisco.com> <89E376B0-5555-40D8-A59E-0286CABC856C@csperkins.org> <BC503965-42C2-4E02-B7C2-70550EBB11C1@cisco.com> <0FA6EC2C-3FAB-4E72-882E-13640108C328@csperkins.org> <5B0CCCC0-9E65-467B-A9C8-799CBBB85AA6@cisco.com>
Subject: Re: [AVTCORE] Last Call: <draft-ietf-avt-srtp-not-mandatory-14.txt> (Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution) to Informational RFC
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 19:16:20 -0000

> From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>

> So lets be blunt here - this document is about justifying that RTP
> will not have any MTI security. I will note that
> rtp-security-options also does not add any MTI security requirements
> to RTP.

I believe that people are confusing two similar questions:

1. Is there a single mandatory-to-implement security system for *all*
   RTP uses?

2. Are all RTP uses required to specify mandatory-to-implement
   security (although different RTP use situations may mandate
   different security systems)?

As far as I can see, draft-ietf-avt-srtp-not-mandatory-14.txt says
that the answer to question 1 is "No".  As far as I can see, Cullen is
arguing that the answer to question 2 is "Yes".  These are not
contradictory positions.

There is, of course, an implementation cost if we do not mandate the
same security solution for all RTP uses.

Dale