[AVTCORE] Key diversification with DTLS-SRTP with Shim
Eric Rescorla <ekr@rtfm.com> Thu, 08 November 2012 23:09 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28E5321F8932 for <avt@ietfa.amsl.com>; Thu, 8 Nov 2012 15:09:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H+IsDD2LpuaL for <avt@ietfa.amsl.com>; Thu, 8 Nov 2012 15:09:26 -0800 (PST)
Received: from mail-la0-f44.google.com (mail-la0-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id 6045321F89E5 for <avt@ietf.org>; Thu, 8 Nov 2012 15:09:26 -0800 (PST)
Received: by mail-la0-f44.google.com with SMTP id b11so2771591lam.31 for <avt@ietf.org>; Thu, 08 Nov 2012 15:09:25 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:from:date:message-id:subject:to :content-type:x-gm-message-state; bh=cmUaU5mFUSOBFBtdY/lSwPvBpQ5GrKZ8P3TVnHtEs7U=; b=h+iOayOxESyavvG/QtiJzbwq+gm5013XZ3WdmpxLmVIjBp0bDfXJFatgH8SG/6ioJW Tk5cuYZnfTPPddxNBA61nCjs36EtvxjNYdU3CvPmCFX9hRsMCy0dbcmBEx9X9F4f0Y9d azZWxoIsqygZ+RTch6ugXA4AP55xqhOF1JoVKOTfeYCwOT6qK+ZYxE8AvAV8YvN9vl7O /4ovkqRQn0UGZO4sdjTCzs0wdGiCwUZKdqUucnTIY0zCidagjvudQLp5uxcHRBgwFfyA 56r75OwOLXRHnaPhZRtDlExpl157lN4/IpAnxv6Pac7JmwtTyS8q5yIPI0bTEw9nMbLr OBig==
Received: by 10.112.47.228 with SMTP id g4mr3682759lbn.21.1352416165023; Thu, 08 Nov 2012 15:09:25 -0800 (PST)
MIME-Version: 1.0
Received: by 10.152.25.39 with HTTP; Thu, 8 Nov 2012 15:08:41 -0800 (PST)
X-Originating-IP: [130.129.16.175]
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 08 Nov 2012 18:08:41 -0500
Message-ID: <CABcZeBPp_52L73_qYhqiKjPuUBpT9c+9qP17OtgEy+d_ts5XgQ@mail.gmail.com>
To: avt@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQnjuJs6K/+szx+8egrbwHTpzew4EeJ5ybsM+rz3lauwUuLzkCmHIXULTRlFcByk7bLo9IF/
Subject: [AVTCORE] Key diversification with DTLS-SRTP with Shim
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Nov 2012 23:09:27 -0000
Section 6.3.2 of http://tools.ietf.org/id/draft-westerlund-avtcore-transport-multiplexing-04.txt states: Instead we propose that an DTLS-SRTP key-derivation change is introduced. By including the Session ID value in the derivation of the keying material a single DTLS-SRTP key-management operation could apply keys and parameters for all the RTP sessions in the same transport flow. Thus the keying cost is significantly reduced, especially in regards to network communication and delay impact and vunerability to packet loss. This seems totally reasonable. DTLS-SRTP uses RFC 5705 TLS Exporters. These take an optional "context" value which is currently not used. I propose we set the "context" to be the shim ID (represented as a 16-bit big-endian unsigned integer). -Ekr
- [AVTCORE] Key diversification with DTLS-SRTP with… Eric Rescorla
- Re: [AVTCORE] Key diversification with DTLS-SRTP … Magnus Westerlund