Re: [AVTCORE] Last Call: <draft-ietf-avt-srtp-not-mandatory-14.txt> (Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution) to Informational RFC

"Cullen Jennings (fluffy)" <fluffy@cisco.com> Mon, 09 December 2013 22:16 UTC

Return-Path: <fluffy@cisco.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F89B1AE5F0; Mon, 9 Dec 2013 14:16:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -114.502
X-Spam-Level:
X-Spam-Status: No, score=-114.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ttwFyVWJXvwF; Mon, 9 Dec 2013 14:16:19 -0800 (PST)
Received: from rcdn-iport-7.cisco.com (rcdn-iport-7.cisco.com [173.37.86.78]) by ietfa.amsl.com (Postfix) with ESMTP id D802D1AE5EA; Mon, 9 Dec 2013 14:16:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3842; q=dns/txt; s=iport; t=1386627374; x=1387836974; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=68RTbr/R7MHz60ZiXYbeWispemhV9pnRkv8cBWNfhRI=; b=IEHQl1h3prDAsQWCLmigG/39YOmgiPPRF1o4MzDY4nAHJahIfT45xo6i btpNbZpo+OUdXgZTiKQ7ND7GJe7qnU4BgDZVERFJCpGDcHjgzgUeMMck2 qSDG7CQIc93PzmiISoMhYvN6zwCH16iHOuLLQT3S+cD4aZ64lZaGB4//j Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgUFAOU/plKtJXHB/2dsb2JhbABZgwc4U7kWgTIWdIIlAQEBAwEBAQE3NAsFBwQCAQgOAwEDAQEBHgUEByEGCxQDBggCBA4FG4dVAwkGDbl1DYZnF4x9gWAzBwaDGoETA5YpgWuBMIsqhTmBa4E+gio
X-IronPort-AV: E=Sophos;i="4.93,860,1378857600"; d="scan'208";a="290413432"
Received: from rcdn-core2-6.cisco.com ([173.37.113.193]) by rcdn-iport-7.cisco.com with ESMTP; 09 Dec 2013 22:16:13 +0000
Received: from xhc-rcd-x12.cisco.com (xhc-rcd-x12.cisco.com [173.37.183.86]) by rcdn-core2-6.cisco.com (8.14.5/8.14.5) with ESMTP id rB9MGDFS032351 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 9 Dec 2013 22:16:13 GMT
Received: from xmb-aln-x02.cisco.com ([169.254.5.231]) by xhc-rcd-x12.cisco.com ([173.37.183.86]) with mapi id 14.03.0123.003; Mon, 9 Dec 2013 16:16:13 -0600
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: Roni Even <ron.even.tlv@gmail.com>
Thread-Topic: [AVTCORE] Last Call: <draft-ietf-avt-srtp-not-mandatory-14.txt> (Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution) to Informational RFC
Thread-Index: AQHO9SxFEwg7OLOsskW+JDdGB07dOA==
Date: Mon, 9 Dec 2013 22:16:13 +0000
Message-ID: <A22A842D-8391-467B-8DC0-17A3966DFF74@cisco.com>
References: <20131122220752.31098.83432.idtracker@ietfa.amsl.com> <1286562B-6C43-4ADC-8999-C70CA356F587@cisco.com> <017801cef20f$6f82aff0$4e880fd0$@gmail.com>
In-Reply-To: <017801cef20f$6f82aff0$4e880fd0$@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.20.249.164]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <BBF61CA5FB7FEC4E883D03B45FB9AD38@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<ietf@ietf.org>" <ietf@ietf.org>, "<avt@ietf.org>" <avt@ietf.org>
Subject: Re: [AVTCORE] Last Call: <draft-ietf-avt-srtp-not-mandatory-14.txt> (Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution) to Informational RFC
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Dec 2013 22:16:21 -0000

On Dec 5, 2013, at 4:12 PM, Roni Even <ron.even.tlv@gmail.com> wrote:

> Cullen,
> Let's say hypothetically that the AVTcore WG will propose and get consensus
> that for RTCweb usage the security mechanism MUST use SDES for key exchange,
> do you see this as a binding recommendation for RTCweb? The selection was
> done by RTCweb and not by AVTcore.

I was pushing more on the privacy / confidentiality for RTP vs the keying, so more SRTP than SDES. 


> 
> The document does not say that there should be no security but says that it
> is up to the usage or a for a decision. The security option document provide
> the information about the different security options available and where
> they are used.
> 
> Roni Even
> 
>> -----Original Message-----
>> From: avt [mailto:avt-bounces@ietf.org] On Behalf Of Cullen Jennings
> (fluffy)
>> Sent: 05 December, 2013 6:57 PM
>> To: ietf@ietf.org
>> Cc: avt@ietf.org WG
>> Subject: Re: [AVTCORE] Last Call:
> <draft-ietf-avt-srtp-not-mandatory-14.txt>
>> (Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single
>> Media Security Solution) to Informational RFC
>> 
>> 
>> Given the hum in the IETF plenary at the last IETF, I no longer think this
>> document represents IETF consensus. Given the hum in RTCWeb working group,
>> I doubt this represents the consensus of the RAI area either.
>> 
>> I think I would be tempted to resolve this by saying for each different
> scenario
>> RTP is used in (SIP, RTSP, Mulitcast etc) exactly how it needs to be
> secured and
>> for scenarios not listed such as new usages, what the requirements are.
> For
>> something like SIP, having just one way to secure RTP is much better than
>> having many ways.
>> 
>> 
>> 
>> On Nov 22, 2013, at 3:07 PM, The IESG <iesg-secretary@ietf.org> wrote:
>> 
>>> 
>>> The IESG has received a request from the Audio/Video Transport Core
>>> Maintenance WG (avtcore) to consider the following document:
>>> - 'Securing the RTP Protocol Framework: Why RTP Does Not Mandate a
> Single
>>>  Media Security Solution'
>>> <draft-ietf-avt-srtp-not-mandatory-14.txt> as Informational RFC
>>> 
>>> The IESG plans to make a decision in the next few weeks, and solicits
>>> final comments on this action. Please send substantive comments to the
>>> ietf@ietf.org mailing lists by 2013-12-06. Exceptionally, comments may
>>> be sent to iesg@ietf.org instead. In either case, please retain the
>>> beginning of the Subject line to allow automated sorting.
>>> 
>>> Abstract
>>> 
>>> 
>>>  This memo discusses the problem of securing real-time multimedia
>>>  sessions, and explains why the Real-time Transport Protocol (RTP),
>>>  and the associated RTP Control Protocol (RTCP), do not mandate a
>>>  single media security mechanism.  Guidelines for designers and
>>>  reviewers of future RTP extensions are provided, to ensure that
>>>  appropriate security mechanisms are mandated, and that any such
>>>  mechanisms are specified in a manner that conforms with the RTP
>>>  architecture.
>>> 
>>> 
>>> 
>>> 
>>> The file can be obtained via
>>> http://datatracker.ietf.org/doc/draft-ietf-avt-srtp-not-mandatory/
>>> 
>>> IESG discussion can be tracked via
>>> http://datatracker.ietf.org/doc/draft-ietf-avt-srtp-not-mandatory/ball
>>> ot/
>>> 
>>> 
>>> No IPR declarations have been submitted directly on this I-D.
>>> 
>>> 
>>> _______________________________________________
>>> Audio/Video Transport Core Maintenance avt@ietf.org
>>> https://www.ietf.org/mailman/listinfo/avt
>> 
>> _______________________________________________
>> Audio/Video Transport Core Maintenance
>> avt@ietf.org
>> https://www.ietf.org/mailman/listinfo/avt
>