Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not-mandatory-11.txt
Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 26 November 2012 08:08 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A103021F85C5 for <avt@ietfa.amsl.com>; Mon, 26 Nov 2012 00:08:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.249
X-Spam-Level:
X-Spam-Status: No, score=-106.249 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JaV2yfcNY61G for <avt@ietfa.amsl.com>; Mon, 26 Nov 2012 00:08:05 -0800 (PST)
Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id 52FEC21F85B1 for <avt@ietf.org>; Mon, 26 Nov 2012 00:08:04 -0800 (PST)
X-AuditID: c1b4fb2d-b7f1e6d000002d2c-4b-50b323636f56
Received: from esessmw0256.eemea.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 9E.C0.11564.36323B05; Mon, 26 Nov 2012 09:08:04 +0100 (CET)
Received: from [127.0.0.1] (153.88.115.8) by esessmw0256.eemea.ericsson.se (153.88.115.97) with Microsoft SMTP Server id 8.3.279.1; Mon, 26 Nov 2012 09:08:04 +0100
Message-ID: <50B32362.6090005@ericsson.com>
Date: Mon, 26 Nov 2012 09:08:02 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Harald Alvestrand <harald@alvestrand.no>
References: <20121119225137.6740.64413.idtracker@ietfa.amsl.com> <5119018B-F424-4F1A-AE37-8840169E499C@csperkins.org> <50B15C45.8050600@alvestrand.no>
In-Reply-To: <50B15C45.8050600@alvestrand.no>
X-Enigmail-Version: 1.4.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuplluLIzCtJLcpLzFFi42KZGfG3RjdFeXOAwWNZi5c9K9ktjvV1sTkw eVyZcIXVY8mSn0wBTFFcNimpOZllqUX6dglcGf+uzmYpeCNQMWmLUgPjAd4uRk4OCQETiatT vzBC2GISF+6tZ+ti5OIQEjjJKLG1/RczhLOcUeJf02amLkYODl4BbYmH36xAGlgEVCUu/P7G BmKzCVhI3PzRCGaLCvhKzNrziwnE5hUQlDg58wkLiC0ioCPxcH8DWJxZQEDi/9pmdhBbWMBb YkbHAmYQW0hgGqPE/QZukFWcAroSJ7/YQtwmKbFoWicLRKuexJSrLYwQtrxE89bZUK3aEg1N HawTGIVmIdk8C0nLLCQtCxiZVzGy5yZm5qSXG25iBAbpwS2/dXcwnjoncohRmoNFSZyXK2m/ v5BAemJJanZqakFqUXxRaU5q8SFGJg5OqQZG7hzFPVsrZh+4vExyZ9qDa9G+JcdzNPPL2J4b 2N75NuVTj7uIi0fOmi19BvF/ctzTA75fnNUZLya1pONTkXJ6+ise2wJVS8Zvv90Wil75KCf9 PeTmimU9nZY7F97da6c6rUSO+7hs6V3plToTi3Xe7FH/wc93fm/4yai6F5Y1n8411qTsTWJW YinOSDTUYi4qTgQAN7ZI3SACAAA=
Cc: avt@ietf.org
Subject: Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not-mandatory-11.txt
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2012 08:08:06 -0000
Hi Harald, On 2012-11-25 00:46, Harald Alvestrand wrote: > On 11/19/2012 11:59 PM, Colin Perkins wrote: > One thing I did not understand about the new section 6 .... > It describes RTP/AVPF as a profile that is an example of where a single > security mechanism is not reasonable to mandate, because it's used in > many other contexts. > I think that's OK - but isn't it true that RTP/AVPF *disallows* the use > of SRTP, since it would then be RTP/SAVPF? > > This can be confusing to the reader - it may be clearer if one mentions > explicitly that the RTP/AVPF, which is a set of building blocks that > don't need a security mandate, is used to build RTP/SAVPF, which *is* a > security mandate. > > Or am I the one confused? I guess you are getting tripped up on this sentence: In other cases, though, an RTP profile is applicable to such a wide range of applications that it would not make sense for that profile to mandate particular security building blocks be used (the RTP/AVPF profile [RFC4585] is an example of this type of RTP profile, since it provides building blocks that can be used in different styles of application). This is an example why RTP profiles, independent of which profile it may be is not the appropriate level of putting in the mandatory to implement security solution alternative. And frankly SAVPF and SAVP is only half a security mandate, they lack key-management and without a mandatory to implement key-management solution they do not specify a MTI security solution. And if I count correctly in draft-ietf-avtcore-rtp-security-options there are at least 11 options for keying SRTP. Cheers Magnus Westerlund ---------------------------------------------------------------------- Multimedia Technologies, Ericsson Research EAB/TVM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [AVTCORE] I-D Action: draft-ietf-avt-srtp-not-man… internet-drafts
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… Colin Perkins
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… Harald Alvestrand
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… Magnus Westerlund
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… Harald Alvestrand
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… David McGrew (mcgrew)
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… Hannes Tschofenig