Re: [AVTCORE] Fwd: I-D Action:draft-lennox-avtcore-srtp-encrypted-header-ext-00.txt
Qin Wu <sunseawq@huawei.com> Fri, 06 May 2011 01:22 UTC
Return-Path: <sunseawq@huawei.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4B00E06A8 for <avt@ietfa.amsl.com>; Thu, 5 May 2011 18:22:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.719
X-Spam-Level:
X-Spam-Status: No, score=-4.719 tagged_above=-999 required=5 tests=[AWL=1.880, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vb2Bh3CyMzIb for <avt@ietfa.amsl.com>; Thu, 5 May 2011 18:22:19 -0700 (PDT)
Received: from szxga04-in.huawei.com (szxga04-in.huawei.com [119.145.14.67]) by ietfa.amsl.com (Postfix) with ESMTP id BBEE8E0688 for <avt@ietf.org>; Thu, 5 May 2011 18:22:18 -0700 (PDT)
Received: from huawei.com (szxga04-in [172.24.2.12]) by szxga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LKR005YN2H5MN@szxga04-in.huawei.com> for avt@ietf.org; Fri, 06 May 2011 09:22:17 +0800 (CST)
Received: from huawei.com ([172.24.2.119]) by szxga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0LKR00BGV2H5P8@szxga04-in.huawei.com> for avt@ietf.org; Fri, 06 May 2011 09:22:17 +0800 (CST)
Received: from w53375 ([10.138.41.70]) by szxml06-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0LKR007EI2H44O@szxml06-in.huawei.com> for avt@ietf.org; Fri, 06 May 2011 09:22:17 +0800 (CST)
Date: Fri, 06 May 2011 09:25:48 +0800
From: Qin Wu <sunseawq@huawei.com>
To: Jonathan Lennox <jonathan@vidyo.com>
Message-id: <011e01cc0b8c$883392b0$46298a0a@china.huawei.com>
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.3664
X-Mailer: Microsoft Outlook Express 6.00.2900.3664
Content-type: text/plain; charset="iso-8859-1"
Content-transfer-encoding: 7bit
X-Priority: 3
X-MSMail-priority: Normal
References: <20110328090001.18465.38410.idtracker@localhost> <17CE6EA0-074D-43BD-990F-467F0A8708BD@vidyo.com> <001d01cc0b17$944dc5e0$46298a0a@china.huawei.com> <7D66AF27-F3CD-4E02-849B-DB2D12F60799@vidyo.com>
Cc: avt@ietf.org
Subject: Re: [AVTCORE] Fwd: I-D Action:draft-lennox-avtcore-srtp-encrypted-header-ext-00.txt
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2011 01:22:19 -0000
Thanks for clarification. I removed the fixed comments, please see inline. ----- Original Message ----- From: "Jonathan Lennox" <jonathan@vidyo.com> To: "Qin Wu" <sunseawq@huawei.com> Cc: <avt@ietf.org> Sent: Thursday, May 05, 2011 11:34 PM Subject: Re: [AVTCORE] Fwd: I-D Action:draft-lennox-avtcore-srtp-encrypted-header-ext-00.txt > Section 3 Encryption Mechanism > " > To encrypt (or decrypt) an encrypted extension header, an SRTP > participant first generates a keystream for the SRTP extension > header. This keystream is generated in the same manner as the > encryption keystream for the corresponding SRTP payload, except the > the SRTP encryption and salting keys k_e and k_s are replaced by the > keys k_he and k_hs, respectively. > " > [Qin]: Is it possible to use the same keystream and crypto-suite for SRTP payload > to provide encryption for the payload of header extension element? > What's the benefit to choose the different keystream and crypto-suite for header extension elements? > Can we say the same keystream and crypto-suite for SRTP payload can be applied to header extension elements? It definitely uses the same cryptosuite, but it can't be the same keystream -- if the payload and the extension elements are encrypted with the same keystream, you have a two-time-pad security failure. [Qin]: I agree using the same keystream to encrypt twice will cause two-time pad security failure issue, i.e., first use the keystream to encrypt STRP payload, and then use the same keystream to encrypt header extension elements. However if we regard the payload of header extension elements and SRTP payload as a big payload, we only need to use the same keystream to encrypt this big payload once. there is no two-time pad security issue, right? In principle you could use a different region of the same keystream, but there's no obvious way to do that in a way that's backward-compatible with existing SRTP. Since SRTP implementations are already generating six separate keys based on the master key (encryption, salting, and authentication for both RTP and RTCP) and two keystreams (for RTP and RTCP), adding two additional keys and one additional keystream doesn't seem like a particularly large implementation burden. [Qin]: True.
- [AVTCORE] Fwd: I-D Action:draft-lennox-avtcore-sr… Jonathan Lennox
- Re: [AVTCORE] Fwd: I-D Action:draft-lennox-avtcor… Qin Wu
- Re: [AVTCORE] Fwd: I-D Action:draft-lennox-avtcor… Jonathan Lennox
- Re: [AVTCORE] Fwd: I-D Action:draft-lennox-avtcor… Qin Wu
- Re: [AVTCORE] Fwd: I-D Action:draft-lennox-avtcor… Jonathan Lennox
- Re: [AVTCORE] Fwd: I-D Action:draft-lennox-avtcor… Qin Wu