Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not-mandatory-11.txt
"David McGrew (mcgrew)" <mcgrew@cisco.com> Mon, 26 November 2012 16:18 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 748F421F8569 for <avt@ietfa.amsl.com>; Mon, 26 Nov 2012 08:18:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gSzihKSG6+V6 for <avt@ietfa.amsl.com>; Mon, 26 Nov 2012 08:18:32 -0800 (PST)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) by ietfa.amsl.com (Postfix) with ESMTP id 2223D21F8567 for <avt@ietf.org>; Mon, 26 Nov 2012 08:18:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2941; q=dns/txt; s=iport; t=1353946712; x=1355156312; h=from:to:cc:subject:date:message-id:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=5puTG7IbdCesLDA7IuDrosD40afW1eRRW/XKYb/IDDo=; b=ixd8VYIGjjahq/EV1lJZueFa6AHcm8+CdiTGrfvlZlEzy30u42ru/d9L s3i7BD4ik2coAQctyu7WtQr52ooyms30a0GmcmD2Egq6I5Jk6Q6rJouHv +2wSwapvW+YQSbB94g8jOwmmIePacFTgkvmzkJ9E5AyUzE2gcw0t//1dh k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAOuUs1CtJV2Z/2dsb2JhbABEwCIWc4IeAQEBBAEBAQltDgQBCBgKHSIMCxQRAgQBDQUIE4dyDMAJBASMM4NgYQOIKZ4cgm+CHQ
X-IronPort-AV: E=McAfee;i="5400,1158,6907"; a="146240312"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-8.cisco.com with ESMTP; 26 Nov 2012 16:18:31 +0000
Received: from xhc-rcd-x15.cisco.com (xhc-rcd-x15.cisco.com [173.37.183.89]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id qAQGIV8W015897 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 26 Nov 2012 16:18:31 GMT
Received: from xmb-rcd-x04.cisco.com ([169.254.8.66]) by xhc-rcd-x15.cisco.com ([173.37.183.89]) with mapi id 14.02.0318.001; Mon, 26 Nov 2012 10:18:31 -0600
From: "David McGrew (mcgrew)" <mcgrew@cisco.com>
To: Harald Alvestrand <harald@alvestrand.no>, Magnus Westerlund <magnus.westerlund@ericsson.com>
Thread-Topic: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not-mandatory-11.txt
Thread-Index: AQHNxqiNoXUNT+0BcES/Anm7lwdigpfyKkCAgAfoyoCAAh6JAIAAC48AgAApp4A=
Date: Mon, 26 Nov 2012 16:18:31 +0000
Message-ID: <747787E65E3FBD4E93F0EB2F14DB556B0F547799@xmb-rcd-x04.cisco.com>
In-Reply-To: <50B32D14.2030409@alvestrand.no>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.2.1.120420
x-originating-ip: [10.117.10.227]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <C1E7D67FE6721940B3BEC696B94AEF40@cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "avt@ietf.org" <avt@ietf.org>
Subject: Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not-mandatory-11.txt
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2012 16:18:33 -0000
On 11/26/12 3:49 AM, "Harald Alvestrand" <harald@alvestrand.no> wrote: >On 11/26/2012 09:08 AM, Magnus Westerlund wrote: >> Hi Harald, >> >> >> On 2012-11-25 00:46, Harald Alvestrand wrote: >>> On 11/19/2012 11:59 PM, Colin Perkins wrote: >>> One thing I did not understand about the new section 6 .... >>> It describes RTP/AVPF as a profile that is an example of where a single >>> security mechanism is not reasonable to mandate, because it's used in >>> many other contexts. >>> I think that's OK - but isn't it true that RTP/AVPF *disallows* the use >>> of SRTP, since it would then be RTP/SAVPF? >>> >>> This can be confusing to the reader - it may be clearer if one mentions >>> explicitly that the RTP/AVPF, which is a set of building blocks that >>> don't need a security mandate, is used to build RTP/SAVPF, which *is* a >>> security mandate. >>> >>> Or am I the one confused? >> I guess you are getting tripped up on this sentence: >> >> In other cases, though, >> an RTP profile is applicable to such a wide range of applications >> that it would not make sense for that profile to mandate particular >> security building blocks be used (the RTP/AVPF profile [RFC4585] is >> an example of this type of RTP profile, since it provides building >> blocks that can be used in different styles of application). >> >> This is an example why RTP profiles, independent of which profile it may >> be is not the appropriate level of putting in the mandatory to implement >> security solution alternative. And frankly SAVPF and SAVP is only half a >> security mandate, they lack key-management and without a mandatory to >> implement key-management solution they do not specify a MTI security >> solution. >Yes, my opinion of the usefulness of the RTP "profile" field is >sometimes acerbic. >SAVP(F) mandates use of SRTP, but that gets you only some of the way. >> >> And if I count correctly in draft-ietf-avtcore-rtp-security-options >> there are at least 11 options for keying SRTP. >Sigh. Eleven keying method sounds right; that would be DTLS-SRTP, SDP Security Descriptions, EKT, plus the eight different MIKEY methods. Too many options, but not all of them are standards track. David >> >> Cheers >> >> Magnus Westerlund >> >> ---------------------------------------------------------------------- >> Multimedia Technologies, Ericsson Research EAB/TVM >> ---------------------------------------------------------------------- >> Ericsson AB | Phone +46 10 7148287 >> Färögatan 6 | Mobile +46 73 0949079 >> SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com >> ---------------------------------------------------------------------- >> > >_______________________________________________ >Audio/Video Transport Core Maintenance >avt@ietf.org >https://www.ietf.org/mailman/listinfo/avt
- [AVTCORE] I-D Action: draft-ietf-avt-srtp-not-man… internet-drafts
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… Colin Perkins
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… Harald Alvestrand
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… Magnus Westerlund
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… Harald Alvestrand
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… David McGrew (mcgrew)
- Re: [AVTCORE] I-D Action: draft-ietf-avt-srtp-not… Hannes Tschofenig