IETF Logo Mail Archive

Re: [AVTCORE] Suite B Profile for DTLS-SRTP Internet-Draft

Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 10 June 2011 15:28 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AB9C11E81E5 for <avt@ietfa.amsl.com>; Fri, 10 Jun 2011 08:28:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.599
X-Spam-Level:
X-Spam-Status: No, score=-106.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i4A+F5tYHU2S for <avt@ietfa.amsl.com>; Fri, 10 Jun 2011 08:28:50 -0700 (PDT)
Received: from mailgw9.se.ericsson.net (mailgw9.se.ericsson.net [193.180.251.57]) by ietfa.amsl.com (Postfix) with ESMTP id 31DDF11E80E0 for <avt@ietf.org>; Fri, 10 Jun 2011 08:28:50 -0700 (PDT)
X-AuditID: c1b4fb39-b7bfdae000005125-40-4df23831264f
Received: from esessmw0197.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw9.se.ericsson.net (Symantec Mail Security) with SMTP id CD.2A.20773.13832FD4; Fri, 10 Jun 2011 17:28:49 +0200 (CEST)
Received: from [127.0.0.1] (153.88.115.8) by esessmw0197.eemea.ericsson.se (153.88.115.88) with Microsoft SMTP Server id 8.3.137.0; Fri, 10 Jun 2011 17:28:49 +0200
Message-ID: <4DF2382E.6030303@ericsson.com>
Date: Fri, 10 Jun 2011 17:28:46 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10
MIME-Version: 1.0
To: "Igoe, Kevin M." <kmigoe@nsa.gov>
References: <4FD125153A070D45BC87645D3B880288025A13CACB@IMCMBX3.MITRE.ORG> <4DE4AC77.9050501@ericsson.com> <80F9AC969A517A4DA0DE3E7CF74CC1BB425B19@MSIS-GH1-UEA06.corp.nsa.gov> <4DE5F3CB.80304@ericsson.com> <4DE613ED.6090503@net-zen.net> <4DE6235A.1030703@ericsson.com> <4DE63AD8.6020301@net-zen.net> <4DE64541.2070603@ericsson.com> <80F9AC969A517A4DA0DE3E7CF74CC1BB425B1D@MSIS-GH1-UEA06.corp.nsa.gov>
In-Reply-To: <80F9AC969A517A4DA0DE3E7CF74CC1BB425B1D@MSIS-GH1-UEA06.corp.nsa.gov>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: AAAAAA==
Cc: "avt@ietf.org" <avt@ietf.org>
Subject: Re: [AVTCORE] Suite B Profile for DTLS-SRTP Internet-Draft
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2011 15:28:51 -0000

Hi Igor,

I have now actually reviewed your document in a bit more detail. And I
am sorry for having confused the matter a bit. I didn't quite understand
the purpose of this document initially. But it is clear to me now that
your draft doesn't define new components to SRTP.

My understanding is that it really only specifies the DTLS-SRTP
protection profile and acceptable procedures to meet the suite-B
requirements when it comes to the DTLS procedures.

Thus I don't think it is necessary for us to have it as a WG item.
Although I think it would be good that you inform the WG on the progress
and let us know about any ongoing last calls.

Do you plan to continue to publish this as an individual submission
directly to the Area Director, or find a WG home for it?



As an suggestion for how to improve the document, I note that you appear
to be lacking an IANA consideration section. You need such a one to
request that the 4 specified DTLS-SRTP protection profiles are registered.

Best Regards

Magnus




On 2011-06-01 20:58, Igoe, Kevin M. wrote:
> Our intent wasn't to break new ground by introducing a new primitives (GCM)
> 
> and DTLS) into SRTP, but rather to follow in the footsteps of an
> existing  work:
> 
>  
> 
> For GCM we have:
> 
> -------------------------------------------------------------------------
> 
> Network Working Group                                          D. McGrew
> 
> Internet Draft                                       Cisco Systems, Inc.
> 
> Intended Status: Informational                          January 26, 2011
> 
> Expires: July 30, 2011
> 
>  
> 
>  
> 
>     AES-GCM and AES-CCM Authenticated Encryption in Secure RTP (SRTP)
> 
>                       draft-ietf-avt-srtp-aes-gcm-01
> 
>  
> 
> Abstract
> 
>  
> 
>    This document defines how AES-GCM, AES-CCM, and other Authenticated
> 
>    Encryption with Associated Data (AEAD) algorithms, can be used to
> 
>    provide confidentiality and data authentication mechanisms in the
> 
>    SRTP protocol.
> 
> -------------------------------------------------------------------------
> 
> (This had an earlier incarnation as draft-mcgrew-srtp-aes-gcm-01, but this
> 
> draft eventually expired.)
> 
>  
> 
> For DTLS we have:
> 
> -------------------------------------------------------------------------
> 
> Internet Engineering Task Force (IETF)                         D. McGrew
> 
> Request for Comments: 5764                                 Cisco Systems
> 
> Category: Standards Track                                    E. Rescorla
> 
> ISSN: 2070-1721                                               RTFM, Inc.
> 
>                                                                 May 2010
> 
>  
> 
>  
> 
>   Datagram Transport Layer Security (DTLS) Extension to Establish Keys
> 
>            for the Secure Real-time Transport Protocol (SRTP)
> 
>  
> 
> Abstract
> 
>  
> 
>    This document describes a Datagram Transport Layer Security (DTLS)
> 
>    extension to establish keys for Secure RTP (SRTP) and Secure RTP
> 
>    Control Protocol (SRTCP) flows.  DTLS keying happens on the media
> 
>    path, independent of any out-of-band signalling channel present.
> 
> ---------------------------------------------------------------------
> 
>  
> 
> There is an existing Suite B for TLS (currently undergoing a "bis"):
> 
> ---------------------------------------------------------------------
> 
> Network Working Group                                          M. Salter
> 
> Request for Comments: 5430                      National Security Agency
> 
> Category: Informational                                      E. Rescorla
> 
>                                                        Network Resonance
> 
>                                                               R. Housley
> 
>                                                           Vigil Security
> 
>                                                               March 2009
> 
>  
> 
>  
> 
>            Suite B Profile for Transport Layer Security (TLS)
> 
>  
> 
> Status of This Memo
> 
>  
> 
>    This memo provides information for the Internet community.  It does
> 
>    not specify an Internet standard of any kind.  Distribution of this
> 
>    memo is unlimited.
> 
> ----------------------------------------------------------------------
> 
>  
> 
>  
> 
> We wish only to show how to put these three documents together to get
> 
> Suite B for DTLS-SRTP.
> 
>  
> 
> Do you still think we should go thru avtcore?

-- 

Magnus Westerlund

----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email