Re: [ietf-privacy] Checking an old protocol, RTSP

Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 21 May 2014 13:28 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0F2F1A0675 for <ietf-privacy@ietfa.amsl.com>; Wed, 21 May 2014 06:28:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pCu3YOWRH1zO for <ietf-privacy@ietfa.amsl.com>; Wed, 21 May 2014 06:28:37 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 375161A0665 for <ietf-privacy@ietf.org>; Wed, 21 May 2014 06:28:36 -0700 (PDT)
X-AuditID: c1b4fb25-f79226d000004024-2f-537caa02a1e7
Received: from ESESSHC016.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 68.1B.16420.20AAC735; Wed, 21 May 2014 15:28:34 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.68) with Microsoft SMTP Server id 14.3.174.1; Wed, 21 May 2014 15:28:33 +0200
Message-ID: <537CAA00.1020004@ericsson.com>
Date: Wed, 21 May 2014 09:28:32 -0400
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: <ietf-privacy@ietf.org>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpiluLIzCtJLcpLzFFi42KZGfG3RpdpVU2wwdPNahaHrzawOzB6LFny kymAMYrLJiU1J7MstUjfLoErY2//IuaCpXwVi3bMY29g3MndxcjJISFgItH4Yh87hC0mceHe ejYQW0jgKKNE42mlLkYuIHs5o8STnbvAErwC2hLLfu1lBLFZBFQl3u/uYQGx2QQsJG7+aASr ERUIltjw8C87RL2gxMmZT8BqRASkJfq/3wWrERawkrg5v5Wpi5EDaLG4RE9jEEiYWUBPYsrV FkYIW16ieetsZoh7tCUamjpYJzDyz0IydRaSlllIWhYwMq9iFC1OLU7KTTcy1kstykwuLs7P 08tLLdnECAy0g1t+q+5gvPzG8RCjAAejEg+vwozqYCHWxLLiytxDjNIcLErivBc1gEIC6Ykl qdmpqQWpRfFFpTmpxYcYmTg4pRoY3bZWKv3LzZm53fCm36UdZ44/1k9aJZjYY9L6729R2VrF ZY+2XnvGl/NQVdSuwFritUv+ZYlT5y5uuH7iXgiT+9VgFcfwuFU7jl/TV5klmP+p/qT0qc9z Pmhy7pVa2X89vENupmDTTBblBuspCSdKK8rPGCosYXzmXbZhJ+eG4As7ljfrG1UcV2Ipzkg0 1GIuKk4EAKGpbeQVAgAA
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf-privacy/bBegKW7WnqNC75sGchbA6-WjeyA
X-Mailman-Approved-At: Wed, 21 May 2014 06:38:49 -0700
Subject: Re: [ietf-privacy] Checking an old protocol, RTSP
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy/>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 May 2014 13:28:38 -0000

Hi,

Scott Brim invoked me as the author of RTSP 2.0. So I hope can shed some
light on the below questions.

> 
> 
> On 21/05/14 07:27, Christian Huitema wrote:
>> I am currently taking a look at RFC 2326: Real Time Streaming Protocol. The
>> design of RTSP/1.0 is pretty close to that of HTTP/1.0, with very similar
>> security and privacy considerations, but RTSP did not evolve as quickly as
>> HTTP. In particular, I cannot find a profile for running RTSP over SSL or
>> TLS in the RFC series. Is that defined elsewhere?

RTSP 1.0 has a registered port (332) for RTSP over TLS as well as a URI
scheme "rtsps". To my understanding RTSP 1.0 over TLS is fairly commonly
implemented. However, you are correct that there is no RFC specifying
this mode. It was all done by individual registration and without any
specification.

> 
> I recall commenting on RTSP and TLS when we did IESG review of that.
> Main comment I had (that I recall;-) was there's no equivalent of
> HTTP CONNECT.

In RTSP 2.0 you have a specification for RTSP 2.0 over TLS. That also
include a possibility for hop by hop TLS security where user can accept
the proxies being used in the chain. Stephen is correct that neither
RTSP 1.0 or 2.0 does define a method for connecting TLS through a proxy,
i.e. the equivalent to HTTP Connect.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------