[AVTCORE] Conveying multiple EKT keys via SDES
"Paul E. Jones" <paulej@packetizer.com> Wed, 02 September 2015 16:13 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4C061B4617 for <avt@ietfa.amsl.com>; Wed, 2 Sep 2015 09:13:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.012
X-Spam-Level:
X-Spam-Status: No, score=-0.012 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NzvdhYk1Ssmt for <avt@ietfa.amsl.com>; Wed, 2 Sep 2015 09:13:36 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94FC21B3F2B for <avt@ietf.org>; Wed, 2 Sep 2015 09:13:36 -0700 (PDT)
Received: from [192.168.1.20] (cpe-098-122-181-215.nc.res.rr.com [98.122.181.215] (may be forged)) (authenticated bits=0) by dublin.packetizer.com (8.14.9/8.14.9) with ESMTP id t82GDVhm022877 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 2 Sep 2015 12:13:32 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1441210412; bh=AvCfv4DeRhVbDcSqojxjOYnrutFggv9lGyvsakNuYzU=; h=From:To:Subject:Date:Reply-To; b=ieeki1hudQxCp2pPVT0y/0U6Uv95RVRRm/3Q4+Ju0NZXvNwKOe1kWjkyBH/5NBkYE G4Rj2/JLvpbc/vnSIbJvFubzwjj7RSMhtvImDon8tWeypquy7pNRdxEbInpqXxYR86 cKXKOMphXVy8s7B6t07SNpTBzG/DaAWuzi4n5IRQ=
From: "Paul E. Jones" <paulej@packetizer.com>
To: John Mattsson <john.mattsson@ericsson.com>, IETF AVTCore WG <avt@ietf.org>
Date: Wed, 02 Sep 2015 16:13:52 +0000
Message-Id: <emed035660-6a7e-489f-b8dd-c4a489c8f4a8@sydney>
User-Agent: eM_Client/6.0.22344.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (dublin.packetizer.com [10.190.222.210]); Wed, 02 Sep 2015 12:13:32 -0400 (EDT)
Archived-At: <http://mailarchive.ietf.org/arch/msg/avt/A5ZDMgX6Sa-ZB8FkTO25yTrtNEA>
Subject: [AVTCORE] Conveying multiple EKT keys via SDES
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Sep 2015 16:13:40 -0000
John, et al,
Presently, the SDES part of the EKT spec allows for a single EKT
parameter, defined as follows:
ekt = "EKT=" cipher "|" key "|" spi
This make it impossible to send more than one EKT key, as identified
using the SPI value. Would we like to allow the exchange of multiple
keys? If so, I would suggest changing the syntax as follows:
ekt = "EKT=" ekt-param *(";" ekt-param)
ekt-param = cipher "|" key "|" spi
So, we could have parameters like this:
EKT=AESKW_128|WWVzQUxvdmVseUVLVGtleQ|3AE0;AESKW_128|VHdvTG92ZWx5RUtUa2V5cw|3AE1
Thoughts?
Paul
- [AVTCORE] Conveying multiple EKT keys via SDES Paul E. Jones