RE: [MMUSIC] Thinking about best-effort encryption
"Dan Wing" <dwing@cisco.com> Thu, 02 November 2006 22:18 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gfkt2-0003HV-D4; Thu, 02 Nov 2006 17:18:12 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gfkt0-0003FB-Ob for mmusic@ietf.org; Thu, 02 Nov 2006 17:18:10 -0500
Received: from sj-iport-4.cisco.com ([171.68.10.86]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gfksz-0006xh-EZ for mmusic@ietf.org; Thu, 02 Nov 2006 17:18:10 -0500
Received: from sj-dkim-5.cisco.com ([171.68.10.79]) by sj-iport-4.cisco.com with ESMTP; 02 Nov 2006 14:17:59 -0800
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CAHv8SUWrRApP/2dsb2JhbAA
X-IronPort-AV: i="4.09,382,1157353200"; d="scan'208"; a="1861692451:sNHT26986460"
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-5.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id kA2MHxAg024491; Thu, 2 Nov 2006 14:17:59 -0800
Received: from dwingwxp ([10.32.130.99]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id kA2MHoOV012910; Thu, 2 Nov 2006 14:17:54 -0800 (PST)
From: Dan Wing <dwing@cisco.com>
To: 'EKR' <ekr@networkresonance.com>, mmusic@ietf.org, ietf-rtpsec@mail.imc.org
Subject: RE: [MMUSIC] Thinking about best-effort encryption
Date: Thu, 02 Nov 2006 14:17:50 -0800
Message-ID: <0b2d01c6fecc$c0c0c480$c6666b80@amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Thread-Index: Acb+uKfXbfL2dI7gR1q3U/Lt+5ZESwAEVzoQ
In-Reply-To: <20061102194830.868251CC22@delta.rtfm.com>
DKIM-Signature: a=rsa-sha1; q=dns; l=1754; t=1162505879; x=1163369879; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:RE=3A=20[MMUSIC]=20Thinking=20about=20best-effort=20encryption; X=v=3Dcisco.com=3B=20h=3DWGIyV7uSUVLvXb1IjeG/bkgxyWk=3D; b=eDDEVMnBJ513TCgXdUKkTfs/ENkxoL33nwj5FTY0w4PzQzKT7+So4LWpNfzTvhMKe4dEHm33 aWxZKgjfqJOPjP6ko+dWmt1JEw0N5+kuayGX0N1n0WexHe5TgLbBHNtu;
Authentication-Results: sj-dkim-5.cisco.com; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Cc:
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
Errors-To: mmusic-bounces@ietf.org
> Regardless of which key management protocol we ultimately > choose, we need to sort the fundamental architectural issue of: > > Does the signalling (SDP) have to reflect RTP/SAVP? This isn't just a question applicable to security -- this question is also applicable to all other RTP profiles with offer/answer, such as sending an offer where you want the RTP feedback profile (RTP/AVPF) if the answerer supports it, otherwise you will accept RTP without feedback (RTP/AVP). Applicable to security, I expect RTP/AVPFCC (draft-ietf-avt-tfrc-profile-06.txt) will also need an RTP/SAVPFCC profile (it handwaves at such a thing in its section 3. Eventually there will be a profile for running RTP directly over DCCP, too (without UDP, as is done by draft-ietf-avt-tfrc-profile-06). We desperately need one solution for RTP profiles to be negotiated in SDP. -d > If the answer to this question is "Yes", then we either need to: > > 1. Have some convenient way to offer multiple profiles (Flemming's > draft surveys the space of options here). > 2. Do an UPDATE with RTP/SAVP for every secure connection. I get > the impression people find this distasteful. > > If the answer is "No", then you can simplify the offer/answer exchange > by having the signal that you will do security in an a-line, > but at the > cost of having the profile no longer reflect what's on the wire. > > In either case, it seems like deciding this architectural issue is > something we need to do before we spend a lot of time discussing > the details of mechanisms. > > -Ekr > > _______________________________________________ > mmusic mailing list > mmusic@ietf.org > https://www1.ietf.org/mailman/listinfo/mmusic _______________________________________________ mmusic mailing list mmusic@ietf.org https://www1.ietf.org/mailman/listinfo/mmusic
- Re: [MMUSIC] Thinking about best-effort encryption Flemming Andreasen
- Re: [MMUSIC] Thinking about best-effort encryption Flemming Andreasen
- [MMUSIC] Thinking about best-effort encryption EKR
- Re: [MMUSIC] Thinking about best-effort encryption Mark Baugher
- Re: [MMUSIC] Thinking about best-effort encryption Paul Kyzivat
- RE: [MMUSIC] Thinking about best-effort encryption Dan Wing
- Re: [MMUSIC] Thinking about best-effort encryption Colin Perkins
- RE: [MMUSIC] Thinking about best-effort encryption Francois Audet
- RE: [MMUSIC] Thinking about best-effort encryption Dan Wing
- Re: [MMUSIC] Thinking about best-effort encryption Eric Rescorla
- RE: [MMUSIC] Thinking about best-effort encryption Dan Wing
- Re: [MMUSIC] Thinking about best-effort encryption Randell Jesup
- Re: [MMUSIC] Thinking about best-effort encryption Flemming Andreasen
- Re: [MMUSIC] Thinking about best-effort encryption Flemming Andreasen
- [MMUSIC] Re: Thinking about best-effort encryption Michael Richardson
- RE: [MMUSIC] Thinking about best-effort encryption Francois Audet
- [MMUSIC] RE: Thinking about best-effort encryption Francois Audet
- [MMUSIC] Re: Thinking about best-effort encryption Michael Richardson
- RE: [MMUSIC] Thinking about best-effort encryption Hadriel Kaplan
- Re: [MMUSIC] Thinking about best-effort encryption Flemming Andreasen
- RE: [MMUSIC] Thinking about best-effort encryption Hadriel Kaplan
- Re: [MMUSIC] Thinking about best-effort encryption Flemming Andreasen