IETF Logo Mail Archive

Re: [AVTCORE] Suite B Profile for DTLS-SRTP Internet-Draft

"Peck, Michael A" <mpeck@mitre.org> Wed, 01 June 2011 12:59 UTC

Return-Path: <mpeck@mitre.org>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92FFAE071A for <avt@ietfa.amsl.com>; Wed, 1 Jun 2011 05:59:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cHa+TNfQrxRq for <avt@ietfa.amsl.com>; Wed, 1 Jun 2011 05:59:09 -0700 (PDT)
Received: from smtpksrv1.mitre.org (smtpksrv1.mitre.org [198.49.146.77]) by ietfa.amsl.com (Postfix) with ESMTP id EA91E130620 for <avt@ietf.org>; Wed, 1 Jun 2011 05:35:54 -0700 (PDT)
Received: from smtpksrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 3D9D621B207E; Wed, 1 Jun 2011 08:35:54 -0400 (EDT)
Received: from imchub1.MITRE.ORG (imchub1.mitre.org [129.83.29.73]) by smtpksrv1.mitre.org (Postfix) with ESMTP id 3873721B146D; Wed, 1 Jun 2011 08:35:54 -0400 (EDT)
Received: from IMCMBX3.MITRE.ORG ([129.83.29.206]) by imchub1.MITRE.ORG ([129.83.29.73]) with mapi; Wed, 1 Jun 2011 08:35:54 -0400
From: "Peck, Michael A" <mpeck@mitre.org>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, Glen Zorn <gwz@net-zen.net>
Date: Wed, 01 Jun 2011 08:35:52 -0400
Thread-Topic: [AVTCORE] Suite B Profile for DTLS-SRTP Internet-Draft
Thread-Index: AcwgUCK2UZG3846pQQG5nP2oNcwzOAABN6Jg
Message-ID: <4FD125153A070D45BC87645D3B880288025A13D4AB@IMCMBX3.MITRE.ORG>
References: <4FD125153A070D45BC87645D3B880288025A13CACB@IMCMBX3.MITRE.ORG> <4DE4AC77.9050501@ericsson.com> <80F9AC969A517A4DA0DE3E7CF74CC1BB425B19@MSIS-GH1-UEA06.corp.nsa.gov> <4DE5F3CB.80304@ericsson.com> <4DE613ED.6090503@net-zen.net> <4DE6235A.1030703@ericsson.com>
In-Reply-To: <4DE6235A.1030703@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "avt@ietf.org" <avt@ietf.org>, "Igoe, Kevin M." <kmigoe@nsa.gov>
Subject: Re: [AVTCORE] Suite B Profile for DTLS-SRTP Internet-Draft
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jun 2011 12:59:10 -0000

Magnus, Glen,

Thanks for your comments.  Replies below.

>-----Original Message-----
>From: avt-bounces@ietf.org [mailto:avt-bounces@ietf.org] On Behalf Of
>Magnus Westerlund
>Sent: Wednesday, June 01, 2011 7:33 AM
>To: Glen Zorn
>Cc: avt@ietf.org; Igoe, Kevin M.
>Subject: Re: [AVTCORE] Suite B Profile for DTLS-SRTP Internet-Draft
>
>On 2011-06-01 12:26, Glen Zorn wrote:
>> On 6/1/2011 3:09 PM, Magnus Westerlund wrote:
>>
>> ...
>>
>>> My immediate reaction is if one can define profiles that are not SuiteB
>>> but use the same encryption and authentication algorithm so they are bit
>>> compatible, but not policy compatible?
>>
>> My understanding is that Suite B is all about policy & packaging; no new
>> algorithms are defined (thankfully!).
>
>I am not certain about that. RFC 6188 appears to define the crypto part
>matching SuiteB requirement for SRTP, but not the authentication
>algorithm, thus from an SRTP perspective there appear to be new stuff in
>here.
>
>I am uncertain if there is differences between the PRF for the RFC 6188
>and the SuiteB draft.
>
>So, this specification clearly brings new combinations of encryption and
>authentication and might in fact be a completely new crypto suite if the
>PRF is different with RFC 6188.
>
>The question I have to the WG is if it is worth handling the actual SRTP
>crypto transform defintion from the actual profiles and the additional
>requirements on key management. Thus allowing the usage of the crypto
>transforms themselves outside of a SuiteB context, which clearly can't
>be called SuiteB but which for example is AES-256 with SHA-256 in SRTP
>and some other key management.

The Suite B Profile does not define its own SRTP crypto suites, key derivation, TLS cipher suites, or authentication mechanism but instead makes use of definitions in existing RFCs or other Internet-Drafts. The Suite B Profile describes the Suite B compliant use of all of these to promote interoperability.  (The Suite B profiles of other protocols follow a similar pattern.)

RFC 6188 is not used by our draft (RFC 6188 defines AES-192 and AES-256 SRTP crypto suites using counter mode.  We do not use counter mode or AES-192 in this profile.  We use AES-128 and AES-256 in GCM mode.)

The Suite B Profile makes use of AES-GCM.  As described in section 7 and 8 of our draft, the SRTP crypto suites and DTLS-SRTP SRTP Protection Profiles used by the Suite B Profile are defined in draft-ietf-avt-srtp-aes-gcm.

As described in section 9 of our draft (and in draft-ietf-avt-srtp-aes-gcm), the AES Counter Mode based key derivation function from RFC3711 is used.

>
>>
>>>
>>> Independent I think you need to make it clear in the document that
>>> SuiteB does contain these policy rules.
>>
>> I don't really understand this comment: the very first sentence of the
>> Abstract says The United States government has published guidelines for
>> "NSA Suite B Cryptography", which defines cryptographic algorithm policy
>> for national security applications.
>> ^^^^^^
>>
>> I don't know how it could be made much clearer or more obvious.
>>
>> ...
>
>What I meant is the fact that SuiteB key management is not allowed to
>use Security Descriptions nor MIKEY per policy. The stress on the quoted
>sentence are "these" where "these" referring to forcing usage of DTLS.

This profile specifies the use of DTLS-SRTP as the key management mechanism.
In response to Magnus's other email, I don't think that broadcast and multicast SRTP are forbidden, but rather are just out of scope for this document.

Thanks
Mike Peck

>
>Cheers
>
>Magnus Westerlund
>
>----------------------------------------------------------------------
>Multimedia Technologies, Ericsson Research EAB/TVM
>----------------------------------------------------------------------
>Ericsson AB                | Phone  +46 10 7148287
>Färögatan 6                | Mobile +46 73 0949079
>SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
>----------------------------------------------------------------------
>
>_______________________________________________
>Audio/Video Transport Core Maintenance
>avt@ietf.org
>https://www.ietf.org/mailman/listinfo/avt

v2.23.0 | Report a Bug | By Email