Re: [AVT] SRTP: question about MKI length
Mark Baugher <mbaugher@cisco.com> Thu, 21 July 2005 15:15 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DvclX-0007ti-Fn; Thu, 21 Jul 2005 11:15:15 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1DvclW-0007nX-1W for avt@megatron.ietf.org; Thu, 21 Jul 2005 11:15:14 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id LAA08904 for <avt@ietf.org>; Thu, 21 Jul 2005 11:15:11 -0400 (EDT)
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1DvdFZ-0006em-7D for avt@ietf.org; Thu, 21 Jul 2005 11:46:17 -0400
Received: from sj-core-2.cisco.com (171.71.177.254) by sj-iport-1.cisco.com with ESMTP; 21 Jul 2005 08:15:04 -0700
X-IronPort-AV: i="3.93,308,1115017200"; d="scan'208"; a="649899767:sNHT28955308"
Received: from xbh-sjc-211.amer.cisco.com (xbh-sjc-211.cisco.com [171.70.151.144]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id j6LFEsvF024956; Thu, 21 Jul 2005 08:14:58 -0700 (PDT)
Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 21 Jul 2005 08:14:53 -0700
Received: from [192.168.0.12] ([10.21.98.54]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.211); Thu, 21 Jul 2005 08:14:52 -0700
In-Reply-To: <AB6CA8B4C094AE43BED03A0D9FC1C55E07F1CD@NAEX06.na.qualcomm.com>
References: <AB6CA8B4C094AE43BED03A0D9FC1C55E07F1CD@NAEX06.na.qualcomm.com>
Mime-Version: 1.0 (Apple Message framework v622)
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Message-Id: <43d4106148f238c7f8292a74cb5afe05@cisco.com>
Content-Transfer-Encoding: quoted-printable
From: Mark Baugher <mbaugher@cisco.com>
Subject: Re: [AVT] SRTP: question about MKI length
Date: Thu, 21 Jul 2005 08:14:51 -0700
To: "Dondeti, Lakshminath" <ldondeti@qualcomm.com>
X-Mailer: Apple Mail (2.622)
X-OriginalArrivalTime: 21 Jul 2005 15:14:52.0266 (UTC) FILETIME=[F18154A0:01C58E06]
X-Spam-Score: 0.0 (/)
X-Scan-Signature: b5d20af10c334b36874c0264b10f59f1
Content-Transfer-Encoding: quoted-printable
Cc: Usha Sharma <Usha_Sharma@net.com>, avt@ietf.org
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
Sender: avt-bounces@ietf.org
Errors-To: avt-bounces@ietf.org
hi Lakshminath,
I heard from NDS (and also Nagra, I think) that they put as much key
management information as they can into the broadcast stream, such as
an MPEG-2 Transport Stream. Since they don't publish their key
management protocols, conditional access companies typically don't
explain why they do things. But a couple of years ago, it was
announced in the press that a large satellite vendor gradually
downloaded code and re-programmed the conditional access system in the
settop boxes of its entire customer base to disable unauthorized
receivers. This was an NDS system if I recall correctly. So, there
are shenanigans like that going on and probably the same sorts of key
management things that LKH and similar systems might do.
Mark
On Jul 21, 2005, at 7:25 AM, Dondeti, Lakshminath wrote:
> Hi Mark,
>
> I am curious about using the MKI to convey "a variety of key
> management information." Could you please elaborate? I know of the
> MKI being used in 3GPP2 to send key management information also, but
> with the concern that the MKI field is not integrity protected. If
> the MKI is used to send a key index, we know that no integrity
> protection is required, but if it is intended for sending arbitrary
> key management information, then perhaps integrity protecting that
> field would be necessary.
>
> Thoughts?
>
> thanks and regards,
> Lakshminath
>
>
> -----Original Message-----
> From: avt-bounces@ietf.org on behalf of Mark Baugher
> Sent: Thu 7/21/2005 7:04 AM
> To: Usha Sharma
> Cc: avt@ietf.org
> Subject: Re: [AVT] SRTP: question about MKI length
>
> hi
> RFC 3711 assumes that the key management system will set the
> maximum
> length for the MKI. The use of an MKI function is common in video
> broadcasting where a key gets rotated at rates that may be less than
> one second. TV conditional access vendors operate proprietary systems
> that rotate the key according to application needs (there is really no
> cryptographic need to rotate a 128-bit AES counter-mode key until 2^64
> packets have been encrypted using it - a very long time). The MKI was
> added for this application - and vendors in this industry use various
> sizes for the key index, particularly to convey a variety of key
> management information over a broadcast channel.
>
> In general, there is no need to use an MKI. If there is, I would
> expect that a small, one-byte MKI would suffice to handle cases where
> key rotation might be useful.
>
> Mark
> On Jul 20, 2005, at 11:18 PM, Usha Sharma wrote:
>
> > There is no description in RFC 3711 for upper limit of MKI length
> and
> > range of MKI value. SDP (draft-ietf-mmusic-sdescriptions-11.txt)
> > defines that MKI value is a positive integer and MKI length could be
> > up to 128 byte. Is it worthwhile to use such big MKI value for voice
> > applications, considering the bandwidth overhead introduced by it.
> > What would be the optimal value of MKI length for most applications?
> > _______________________________________________
> > Audio/Video Transport Working Group
> > avt@ietf.org
> > https://www1.ietf.org/mailman/listinfo/avt
>
> _______________________________________________
> Audio/Video Transport Working Group
> avt@ietf.org
> https://www1.ietf.org/mailman/listinfo/avt
>
>
_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt
- [AVT] SRTP: question about MKI length Usha Sharma
- Re: [AVT] SRTP: question about MKI length Mark Baugher
- RE: [AVT] SRTP: question about MKI length Dondeti, Lakshminath
- Re: [AVT] SRTP: question about MKI length Mark Baugher