RE: [AVT] Fwd: I-D Action:draft-zimmermann-avt-zrtp-20.txt
Roni Even <Even.roni@huawei.com> Thu, 03 June 2010 20:37 UTC
Return-Path: <Even.roni@huawei.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 001D428C135; Thu, 3 Jun 2010 13:37:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.495
X-Spam-Level:
X-Spam-Status: No, score=-0.495 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, HELO_MISMATCH_COM=0.553, RDNS_NONE=0.1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FyhaiDNH7wBV; Thu, 3 Jun 2010 13:37:45 -0700 (PDT)
Received: from szxga04-in.huawei.com (unknown [119.145.14.67]) by core3.amsl.com (Postfix) with ESMTP id 54DFC28C104; Thu, 3 Jun 2010 13:37:45 -0700 (PDT)
Received: from huawei.com (szxga04-in [172.24.2.12]) by szxga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0L3G0038WHA9YD@szxga04-in.huawei.com>; Fri, 04 Jun 2010 04:37:22 +0800 (CST)
Received: from huawei.com ([172.24.2.119]) by szxga04-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTP id <0L3G00MTFHA9G2@szxga04-in.huawei.com>; Fri, 04 Jun 2010 04:37:21 +0800 (CST)
Received: from windows8d787f9 (bzq-79-183-15-228.red.bezeqint.net [79.183.15.228]) by szxml02-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 2.14 (built Aug 8 2006)) with ESMTPA id <0L3G00AH6H9ZC0@szxml02-in.huawei.com>; Fri, 04 Jun 2010 04:37:21 +0800 (CST)
Date: Thu, 03 Jun 2010 23:35:20 +0300
From: Roni Even <Even.roni@huawei.com>
Subject: RE: [AVT] Fwd: I-D Action:draft-zimmermann-avt-zrtp-20.txt
In-reply-to: <2D70C2C5-2973-4477-B9EE-52BA767C66AA@mit.edu>
To: 'Philip Zimmermann' <prz@mit.edu>, 'ETF Discussion Mailing List' <ietf@ietf.org>, 'IETF AVT WG' <avt@ietf.org>, 'Colin Perkins' <csp@csperkins.org>
Message-id: <03d201cb035c$4fc18bf0$ef44a3d0$%roni@huawei.com>
MIME-version: 1.0
X-Mailer: Microsoft Office Outlook 12.0
Content-type: text/plain; charset="us-ascii"
Content-language: en-us
Content-transfer-encoding: 7bit
Thread-index: AcsC1gpY76HBz2wdRIKgWM0LkW98QgAhZdSA
References: <4BFD7AE3.2000502@gmail.com> <2D70C2C5-2973-4477-B9EE-52BA767C66AA@mit.edu>
X-Mailman-Approved-At: Fri, 04 Jun 2010 08:16:26 -0700
Cc: 'Robert Sparks' <rjs@nostrum.com>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Jun 2010 20:37:47 -0000
Hi, Section 4.1 points at section 8.1 of RFC 3550 that does not address SSRC collision resolution but suggests how to lower the probability of collision. Section 8.2 addresses the collision resolution. What Colin suggested is that the right thing to do is to accept that SRRC collisions are disruptive, and force a re-negotiation of the secure session. If so, the draft needs to state this explicitly. Roni Even > -----Original Message----- > From: avt-bounces@ietf.org [mailto:avt-bounces@ietf.org] On Behalf Of > Philip Zimmermann > Sent: Thursday, June 03, 2010 7:31 AM > To: ETF Discussion Mailing List; IETF AVT WG; Colin Perkins > Cc: Robert Sparks > Subject: [AVT] Fwd: I-D Action:draft-zimmermann-avt-zrtp-20.txt > > See my comments below regarding SSRC collisions. > > > Begin forwarded message: > > > -------- Original Message -------- > > Subject: Re: [AVT] I-D Action:draft-zimmermann-avt-zrtp-20.txt > > Date: Fri, 14 May 2010 10:23:13 +0100 > > From: Colin Perkins <csp@csperkins.org> > > To: IETF Discussion Mailing List <ietf@ietf.org> > > CC: IETF AVT WG <avt@ietf.org> > > > > On 11 May 2010, at 22:15, Internet-Drafts@ietf.org wrote: > >> A New Internet-Draft is available from the on-line Internet-Drafts > >> directories. > >> > >> Title : ZRTP: Media Path Key Agreement for Unicast > Secure > >> RTP > >> Author(s) : P. Zimmermann, et al. > >> Filename : draft-zimmermann-avt-zrtp-20.txt > >> Pages : 111 > >> Date : 2010-05-11 > >> > >> This document defines ZRTP, a protocol for media path Diffie-Hellman > >> exchange to agree on a session key and parameters for establishing > >> unicast Secure Real-time Transport Protocol (SRTP) sessions for VoIP > >> applications. The ZRTP protocol is media path keying because it is > >> multiplexed on the same port as RTP and does not require support in > >> the signaling protocol. ZRTP does not assume a Public Key > >> Infrastructure (PKI) or require the complexity of certificates in > end > >> devices. For the media session, ZRTP provides confidentiality, > >> protection against man-in-the-middle (MiTM) attacks, and, in cases > >> where the signaling protocol provides end-to-end integrity > >> protection, authentication. ZRTP can utilize a Session Description > >> Protocol (SDP) attribute to provide discovery and authentication > >> through the signaling channel. To provide best effort SRTP, ZRTP > >> utilizes normal RTP/AVP profiles. ZRTP secures media sessions which > >> include a voice media stream, and can also secure media sessions > >> which do not include voice by using an optional digital signature. > >> > >> A URL for this Internet-Draft is: > >> http://www.ietf.org/internet-drafts/draft-zimmermann-avt-zrtp-20.txt > > > > > > This addresses some, but not all, of my comments on -17: > > > > - "In terms of the RTP topologies defined in [RFC5117], ZRTP is > > designed for Point to Point topologies only" - if only Topo-Point-to- > > Point is supported, explicitly state that by shortcut name, otherwise > > also list the other topologies that are supported by shortcut name. > > > > - "Other [RTP] profiles MAY also be used" - which ones? Need to be > > explicit, since not all conceivable RTP profiles would work with > ZRTP. > > > > - This version states that "SSRC collisions would be disruptive to > > ZRTP. This may be avoided via the mechanisms in RFC 3550, Section > 8.2 > > [RFC3550]". The mechanisms in section 8.2 of RFC 3550 explain how to > > resolve SSRC collisions, not how to avoid them, and say nothing about > > how to avoid disruption to ZRTP. Further clarification is needed - > I'd > > guess that the right thing to do is to accept that SRRC collisions > > are disruptive, and force a re-negotiation of the secure session. If > > so, the draft needs to state this explicitly. > > See section 4.1, which does specify what to do if there is an SSRC > collision. > > > > > - A ZRTP Error code of 0x91 "SSRC collision" is defined, but the text > > doesn't mention how it's used. > > Section 4.1 does mention how it is used. > > > > > - The new discussion of timers for non-UDP transports in section 6 is > > much improved, but could still do with giving explicit > recommendations > > for the lengthened timer intervals. > > > > - The new text regarding the ZRTP header extension is better, but > > could still do with explicitly stating that not only does ZRTP not > use > > the RFC 5285 mechanisms, it conflicts with them. > > > > -- > > Colin Perkins > > http://csperkins.org/ > > > > > > > > _______________________________________________ > > Audio/Video Transport Working Group > > avt@ietf.org > > https://www.ietf.org/mailman/listinfo/avt > > ------------------------------------------------ > Philip R Zimmermann prz@mit.edu > (spelled with 2 n's) http://philzimmermann.com > tel +1 831 425-7524 http://zfone.com > > > > > _______________________________________________ > Audio/Video Transport Working Group > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt
- Re: I-D Action:draft-zimmermann-avt-zrtp-20.txt Colin Perkins
- Fwd: I-D Action:draft-zimmermann-avt-zrtp-20.txt Philip Zimmermann
- RE: [AVT] Fwd: I-D Action:draft-zimmermann-avt-zr… Roni Even