Re: [AVTCORE] Scope of EKT

"Paul E. Jones" <> Mon, 23 March 2015 19:32 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 9D7521B29C6 for <>; Mon, 23 Mar 2015 12:32:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.012
X-Spam-Status: No, score=-2.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 1yp3tGVyTFZV for <>; Mon, 23 Mar 2015 12:32:10 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id E812C1A0104 for <>; Mon, 23 Mar 2015 12:32:09 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.9/8.14.9) with ESMTP id t2NJW5tq020272 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 23 Mar 2015 15:32:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=dublin; t=1427139126; bh=texA+t5BrApbLnjDWcQwIeNR/jhDiCY205vxtbpl+Gw=; h=From:To:Subject:Date:In-Reply-To:Reply-To; b=fqzQR8epQpQFFeuDp5sMZ0QeGgRjyjC9gJMG6pika4VcELxOG3nVgVOnApY+MQn9F ehoG1UbfkCZTaus99LtreeoHWhtTUBfLFQStFui82SprK9hAgFQU3/+dTsnQFNf0tm bFtuEM5qlb09gj2ZFGyr7yk/v03ua4mzmgCoFTnU=
From: "Paul E. Jones" <>
To: John Mattsson <>, IETF AVTCore WG <>
Date: Mon, 23 Mar 2015 19:32:06 +0000
Message-Id: <eme71ca617-68e7-48af-9200-22d33bba8462@helsinki>
In-Reply-To: <>
User-Agent: eM_Client/6.0.21372.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [AVTCORE] Scope of EKT
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: "Paul E. Jones" <>
List-Id: Audio/Video Transport Core Maintenance <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 23 Mar 2015 19:32:11 -0000

It probably goes without saying, but I supported that.  At the very 
least, I think we should keep this option available as we discuss the 
e2e security problem.


------ Original Message ------
From: "John Mattsson" <>
To: "IETF AVTCore WG" <>
Sent: 3/23/2015 9:20:53 AM
Subject: [AVTCORE] Scope of EKT

>When the work on EKT started, e2e secure conferencing was not in scope. 
>In draft-jones-avtcore-private-media-framework-01 Cisco (authors of the 
>EKT draft) is proposing to use EKT for the e2e secure conferencing use 
>case. Several changes to EKT is also proposed:
>- The position of the EKT field is changed from last in packet to 
>before the authentication tag.
>- A change to EKT such that the ROC is transmitted in the clear.
>- An extension of EKT in order to negotiate the SRTP Protection Profile 
>used for end-to-end encryption and authentication.
>- An extension of EKT in order to send the participant identifier.
>Without commenting on the specific changes, I agree that EKT is a good 
>match for the e2e secure conferencing case and I support widening the 
>scope of EKT to include this.
>What does the group think?
>Audio/Video Transport Core Maintenance