Re: [dispatch] Fwd: I-D Action: draft-johnston-dispatch-osrtp-00.txt
Alan Johnston <alan.b.johnston@gmail.com> Wed, 08 July 2015 18:42 UTC
Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F5001A701A for <dispatch@ietfa.amsl.com>; Wed, 8 Jul 2015 11:42:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, J_CHICKENPOX_16=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PTfbPUcN9F0t for <dispatch@ietfa.amsl.com>; Wed, 8 Jul 2015 11:42:54 -0700 (PDT)
Received: from mail-wg0-x229.google.com (mail-wg0-x229.google.com [IPv6:2a00:1450:400c:c00::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 753131A700B for <dispatch@ietf.org>; Wed, 8 Jul 2015 11:42:53 -0700 (PDT)
Received: by wgck11 with SMTP id k11so203854636wgc.0 for <dispatch@ietf.org>; Wed, 08 Jul 2015 11:42:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=pM7ELbfSoh4j6X5UIVAeXt5ovHUWVHwsPZdR1HgkCO4=; b=v7NpjT5T1SOvZeFr8RaUMI0VJRRYFQfRHTtMi+4WXX7HIKf3etBFz8LDYJgjMCA3nz G+AU0idkXZj09FXQQsZBRnNVQfXjz2875/k7k6W5h8jOSUQRYNsJvRv28rDoWeqmA85B e6vf2YPMzuHC1iz0zOk9E3aW+LBDlYfgI06A3ufYAFsCyTUCh/f9aKC/Pyw3UVHTmUES WWgQWpX9xXDVbqP9pF/CZ+iim6P6jP2lLkDRhQ+SWKqRQnSAa14qEUOfR5EwtY89OjjK liQizPDqu/Ddy9jGl+ExhzB4+oyBc5rYAS5PlW7X5/d5OUGi92leQUuNvC1z23iP7LCh FhBw==
MIME-Version: 1.0
X-Received: by 10.194.185.146 with SMTP id fc18mr21135815wjc.46.1436380972170; Wed, 08 Jul 2015 11:42:52 -0700 (PDT)
Received: by 10.28.155.202 with HTTP; Wed, 8 Jul 2015 11:42:52 -0700 (PDT)
In-Reply-To: <CABcZeBP+0g++fZ+krwRNHsN4oQ4=ojN_uhK8B=wcUQurC4dzyw@mail.gmail.com>
References: <20150706184857.15450.31472.idtracker@ietfa.amsl.com> <CAKhHsXH73Uf7_dafmwwDk+CShHHfF7mMhsD1X1aVjXm7pjR8mg@mail.gmail.com> <CABkgnnX50CktRF=Xa9A6DeQWfN5Cmm4R3XkXwok4YQygJysg+g@mail.gmail.com> <CAKhHsXHK-ufE3_ZnC587e_xqdXor0mpSBANz-DmYecRSGq173w@mail.gmail.com> <CABcZeBP+0g++fZ+krwRNHsN4oQ4=ojN_uhK8B=wcUQurC4dzyw@mail.gmail.com>
Date: Wed, 08 Jul 2015 13:42:52 -0500
Message-ID: <CAKhHsXFLAN=pzUh=F9R2J=9U6-qwgL4KYuW3LziVsPRrCaGbKA@mail.gmail.com>
From: Alan Johnston <alan.b.johnston@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: multipart/alternative; boundary="047d7bb03d969bc4fd051a618152"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dispatch/lPBpMtybts8GWkZWllw1JzPJV2c>
Cc: DISPATCH <dispatch@ietf.org>
Subject: Re: [dispatch] Fwd: I-D Action: draft-johnston-dispatch-osrtp-00.txt
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Jul 2015 18:42:57 -0000
Hi Ekr, Thanks for the feedback. See below. More feedback on #3 from others would be very helpful. - Alan - On Wed, Jul 8, 2015 at 1:00 PM, Eric Rescorla <ekr@rtfm.com> wrote: > This seems like a good idea. > > I have three comments: > > 1. You should forbid the answerer from sending back two types of > keying parameters (e.g., a=crypto and a=fingerprint) because that creates > confusion. > Agreed - I'll put that in. > > 2. You probably shouldn't relax the need to send SDES over HTTPS because > the security properties there are still fairly bad. > Right. I tried to say that in the Security Considerations: "For SDP Security Descriptions key agreement [RFC4568], an authenticated signaling channel does not need to be used with OSRTP if it is not available, although an encrypted signaling channel must still be used." Did I get it wrong? > > 3. I would suggest that failure to negotiate a secure channel (for > DTLS-SRTP > and ZRTP) should lead to media failure not falling back. There's basically > no good reason for this to fail and it seems like it will make diagnosing > issues easier. > > I was on the fence about this one. Agree that it shouldn't happen for DTLS-SRTP or ZRTP, but I could imagine it happening for certain MIKEY modes. Should that really fail the whole session? > -Ekr > > > On Wed, Jul 8, 2015 at 9:17 AM, Alan Johnston <alan.b.johnston@gmail.com> > wrote: > >> Hi Martin, >> >> It is the version of the draft that is actually implemented and used. >> There are also a few slight differences due to the way that Opportunistic >> Security is defined. >> >> - Alan - >> >> On Wed, Jul 8, 2015 at 11:14 AM, Martin Thomson <martin.thomson@gmail.com >> > wrote: >> >>> How does this differ from: >>> https://tools.ietf.org/html/draft-kaplan-mmusic-best-effort-srtp-01 >>> >>> On 8 July 2015 at 04:02, Alan Johnston <alan.b.johnston@gmail.com> >>> wrote: >>> > All, >>> > >>> > Many of us have been talking about "Best Effort SRTP" for many years, >>> and >>> > there are a number of deployments. In addition, the IMTC has >>> recommended >>> > it, and the SIP Forum would like to recommend it in SIPconnect 2.0 >>> which for >>> > the first time includes SRTP media. With the publication of RFC 7435 >>> > (https://tools.ietf.org/html/rfc7435), the IETF has endorsed this >>> approach >>> > as Opportunistic Security (OS), so it would be nice to bring standards >>> in >>> > line with industry practice. >>> > >>> > Comments on the draft, "An Opportunistic Approach for Secure Real-time >>> > Transport Protocol (OSRTP)" and the best way forward are most welcome! >>> > >>> > - Alan - >>> > >>> > ---------- Forwarded message ---------- >>> > From: <internet-drafts@ietf.org> >>> > Date: Mon, Jul 6, 2015 at 1:48 PM >>> > Subject: I-D Action: draft-johnston-dispatch-osrtp-00.txt >>> > To: i-d-announce@ietf.org >>> > >>> > >>> > >>> > A New Internet-Draft is available from the on-line Internet-Drafts >>> > directories. >>> > >>> > >>> > Title : An Opportunistic Approach for Secure >>> Real-time >>> > Transport Protocol (OSRTP) >>> > Authors : Alan Johnston >>> > Bernard Aboba >>> > Andy Hutton >>> > Laura Liess >>> > Thomas Stach >>> > Filename : draft-johnston-dispatch-osrtp-00.txt >>> > Pages : 8 >>> > Date : 2015-07-06 >>> > >>> > Abstract: >>> > Opportunistic Secure Real-time Transport Protocol (OSRTP) allows >>> > encrypted media to be used in environments where support for >>> > encryption is not known in advance, and not required. OSRTP is an >>> > implementation of Opportunistic Security, as defined in RFC 7435. >>> > OSRTP does not require advanced SDP extensions or features and is >>> > fully backwards compatible with existing secure and insecure >>> > implementations. OSRTP is not specific to any key management >>> > technique for SRTP. >>> > >>> > >>> > The IETF datatracker status page for this draft is: >>> > https://datatracker.ietf.org/doc/draft-johnston-dispatch-osrtp/ >>> > >>> > There's also a htmlized version available at: >>> > https://tools.ietf.org/html/draft-johnston-dispatch-osrtp-00 >>> > >>> > >>> > Please note that it may take a couple of minutes from the time of >>> submission >>> > until the htmlized version and diff are available at tools.ietf.org. >>> > >>> > Internet-Drafts are also available by anonymous FTP at: >>> > ftp://ftp.ietf.org/internet-drafts/ >>> > >>> > _______________________________________________ >>> > I-D-Announce mailing list >>> > I-D-Announce@ietf.org >>> > https://www.ietf.org/mailman/listinfo/i-d-announce >>> > Internet-Draft directories: http://www.ietf.org/shadow.html >>> > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt >>> > >>> > >>> > _______________________________________________ >>> > dispatch mailing list >>> > dispatch@ietf.org >>> > https://www.ietf.org/mailman/listinfo/dispatch >>> > >>> >> >> >> _______________________________________________ >> dispatch mailing list >> dispatch@ietf.org >> https://www.ietf.org/mailman/listinfo/dispatch >> >> >
- [dispatch] Fwd: I-D Action: draft-johnston-dispat… Alan Johnston
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Martin Thomson
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Alan Johnston
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Eric Rescorla
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Alan Johnston
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Martin Thomson
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Richard Barnes
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Eric Rescorla
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Alan Johnston
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Roni Even
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Laura Liess
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Hutton, Andrew
- Re: [dispatch] Fwd: I-D Action: draft-johnston-di… Roni Even