IETF Logo Mail Archive

RE: [MMUSIC] Thinking about best-effort encryption

"Dan Wing" <dwing@cisco.com> Thu, 02 November 2006 22:18 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gfkt2-0003HV-D4; Thu, 02 Nov 2006 17:18:12 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gfkt0-0003FB-Ob for mmusic@ietf.org; Thu, 02 Nov 2006 17:18:10 -0500
Received: from sj-iport-4.cisco.com ([171.68.10.86]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gfksz-0006xh-EZ for mmusic@ietf.org; Thu, 02 Nov 2006 17:18:10 -0500
Received: from sj-dkim-5.cisco.com ([171.68.10.79]) by sj-iport-4.cisco.com with ESMTP; 02 Nov 2006 14:17:59 -0800
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Ao8CAHv8SUWrRApP/2dsb2JhbAA
X-IronPort-AV: i="4.09,382,1157353200"; d="scan'208"; a="1861692451:sNHT26986460"
Received: from sj-core-4.cisco.com (sj-core-4.cisco.com [171.68.223.138]) by sj-dkim-5.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id kA2MHxAg024491; Thu, 2 Nov 2006 14:17:59 -0800
Received: from dwingwxp ([10.32.130.99]) by sj-core-4.cisco.com (8.12.10/8.12.6) with ESMTP id kA2MHoOV012910; Thu, 2 Nov 2006 14:17:54 -0800 (PST)
From: Dan Wing <dwing@cisco.com>
To: 'EKR' <ekr@networkresonance.com>, mmusic@ietf.org, ietf-rtpsec@mail.imc.org
Subject: RE: [MMUSIC] Thinking about best-effort encryption
Date: Thu, 02 Nov 2006 14:17:50 -0800
Message-ID: <0b2d01c6fecc$c0c0c480$c6666b80@amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
Thread-Index: Acb+uKfXbfL2dI7gR1q3U/Lt+5ZESwAEVzoQ
In-Reply-To: <20061102194830.868251CC22@delta.rtfm.com>
DKIM-Signature: a=rsa-sha1; q=dns; l=1754; t=1162505879; x=1163369879; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:RE=3A=20[MMUSIC]=20Thinking=20about=20best-effort=20encryption; X=v=3Dcisco.com=3B=20h=3DWGIyV7uSUVLvXb1IjeG/bkgxyWk=3D; b=eDDEVMnBJ513TCgXdUKkTfs/ENkxoL33nwj5FTY0w4PzQzKT7+So4LWpNfzTvhMKe4dEHm33 aWxZKgjfqJOPjP6ko+dWmt1JEw0N5+kuayGX0N1n0WexHe5TgLbBHNtu;
Authentication-Results: sj-dkim-5.cisco.com; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352
Cc:
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
Errors-To: mmusic-bounces@ietf.org

> Regardless of which key management protocol we ultimately
> choose, we need to sort the fundamental architectural issue of:
> 
>    Does the signalling (SDP) have to reflect RTP/SAVP?

This isn't just a question applicable to security -- this question is
also applicable to all other RTP profiles with offer/answer, such as
sending an offer where you want the RTP feedback profile (RTP/AVPF) if
the answerer supports it, otherwise you will accept RTP without
feedback (RTP/AVP).

Applicable to security, I expect RTP/AVPFCC
(draft-ietf-avt-tfrc-profile-06.txt) will also need an RTP/SAVPFCC
profile (it handwaves at such a thing in its section 3.  Eventually
there will be a profile for running RTP directly over DCCP, too
(without UDP, as is done by draft-ietf-avt-tfrc-profile-06).

We desperately need one solution for RTP profiles to be 
negotiated in SDP.

-d

> If the answer to this question is "Yes", then we either need to:
> 
> 1. Have some convenient way to offer multiple profiles (Flemming's
>    draft surveys the space of options here).
> 2. Do an UPDATE with RTP/SAVP for every secure connection. I get
>    the impression people find this distasteful.
> 
> If the answer is "No", then you can simplify the offer/answer exchange
> by having the signal that you will do security in an a-line, 
> but at the
> cost of having the profile no longer reflect what's on the wire.
> 
> In either case, it seems like deciding this architectural issue is
> something we need to do before we spend a lot of time discussing
> the details of mechanisms.
> 
> -Ekr
> 
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www1.ietf.org/mailman/listinfo/mmusic

_______________________________________________
mmusic mailing list
mmusic@ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email