RE: [AVT] Doubt about RFC 3830 - SIGNi payload
"Dan Wing" <dwing@cisco.com> Wed, 12 December 2007 16:28 UTC
Return-path: <avt-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2USB-0005tG-Gw; Wed, 12 Dec 2007 11:28:59 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J2US9-0005sk-OZ for avt@ietf.org; Wed, 12 Dec 2007 11:28:57 -0500
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1J2US9-0001cq-D1 for avt@ietf.org; Wed, 12 Dec 2007 11:28:57 -0500
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-6.cisco.com with ESMTP; 12 Dec 2007 08:28:56 -0800
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id lBCGSu6J017198; Wed, 12 Dec 2007 08:28:56 -0800
Received: from dwingwxp01 ([10.32.240.198]) by sj-core-1.cisco.com (8.12.10/8.12.6) with ESMTP id lBCGSrCH021034; Wed, 12 Dec 2007 16:28:56 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Agustin Cozzetti' <naraku_83@hotmail.com>, avt@ietf.org
References: <BAY141-W388DCC06249BAD06104E26996B0@phx.gbl>
Subject: RE: [AVT] Doubt about RFC 3830 - SIGNi payload
Date: Wed, 12 Dec 2007 08:28:53 -0800
Message-ID: <135201c83cdc$17831f40$c6f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1255"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Acg7P72ZvKoy2Ql2S9WL4FpzoQoa6QBJRxsw
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
In-Reply-To: <BAY141-W388DCC06249BAD06104E26996B0@phx.gbl>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1156; t=1197476936; x=1198340936; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20=3D?windows-1255?Q?RE=3A_=3D5BAVT=3D5D_Doubt_ab out_RFC_3830=3DFE_-_SIGNi_payload?=3D |Sender:=20; bh=gI9LZCYcp360zgFVe4NW7Y7vy+/uFCavrWLVjc0wtwc=; b=SYoPe9BLZeUKImb1iW5GEenXm1fSXRO8DovkUS9fDRWs2X1M4hg141eMgB +jmxdF43OP5CvSxU+KEDLrOQ2xun/1Za2SEouyQaZafOBYt7cVtTQ8PblKb9 9d17D0uHlW;
Authentication-Results: sj-dkim-3; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
X-Spam-Score: 0.6 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Cc:
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
Errors-To: avt-bounces@ietf.org
> -----Original Message----- > From: Agustin Cozzetti [mailto:naraku_83@hotmail.com] > Sent: Monday, December 10, 2007 7:17 AM > To: avt@ietf.org > Subject: [AVT] Doubt about RFC 3830 - SIGNi payload > > Hello, > I have a doubt about SIGNi payload in RFC 3830. > This payload carries the signature of all previous payload in > the DH exchange messages. Is it right? > What should be used to sign the message (key?label?) ??? The > client and server don't have a pre-shared secret and certificates. MIKEY-DHSIGN (RFC3830) requires certificates, and MIKEY-DHHMAC (RFC4650) requires pre-shared keys. If you have neither, you could invent your own MIKEY method that just used DH and crossed fingers that no man-in-the-middle got involved, or you could use RFC4474 to provide protection against man-in-the-middle. You might also be interested in: http://tools.ietf.org/html/draft-ietf-msec-mikey-applicability-06 http://tools.ietf.org/html/draft-ietf-sip-media-security-requirements-01#appen dix-A.1.5 http://tools.ietf.org/html/draft-ietf-sip-media-security-requirements-01#appen dix-A.1.6 -d _______________________________________________ Audio/Video Transport Working Group avt@ietf.org https://www1.ietf.org/mailman/listinfo/avt
- [AVT] Doubt about RFC 3830 - SIGNi payload Agustin Cozzetti
- [AVT] Doubt about RFC 3830 - SIGNi payload Agustin Cozzetti
- RE: [AVT] Doubt about RFC 3830 - SIGNi payload Dan Wing