Re: [MMUSIC] Hi, May I ask for your opinion on draft-zhou-mmusic-sdes-keymod-01?

"Dan Wing" <dwing@cisco.com> Thu, 19 April 2012 15:26 UTC

Return-Path: <dwing@cisco.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7765321F864C for <mmusic@ietfa.amsl.com>; Thu, 19 Apr 2012 08:26:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -108.63
X-Spam-Level:
X-Spam-Status: No, score=-108.63 tagged_above=-999 required=5 tests=[AWL=-0.481, BAYES_00=-2.599, MIME_CHARSET_FARAWAY=2.45, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvirtV3AdRBg for <mmusic@ietfa.amsl.com>; Thu, 19 Apr 2012 08:26:05 -0700 (PDT)
Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id DF7A121F863E for <mmusic@ietf.org>; Thu, 19 Apr 2012 08:26:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=dwing@cisco.com; l=2985; q=dns/txt; s=iport; t=1334849164; x=1336058764; h=from:to:cc:references:in-reply-to:subject:date: message-id:mime-version:content-transfer-encoding; bh=mIwRvuYuOJ54A2P3GHdU4oUmMTq49G6Ub7nwcCGD5HA=; b=F96iL67w3D1a3FZBg3prxc/eYCy0WQapdFeJEBRpRTJt3eEzbodhZA64 MoOk6fRFx7RlAkvJ8+axlpwRD44JNqABX30RWgVA1FA/KsSjjPPMxCLXM g43QNIUFM+UCu5pQNUsmB3zMi8VWfYza6bZqvx6EcmB3fnfMMFZMSNydX 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AsgGADQukE+rRDoI/2dsb2JhbABDhWWbYo4EAQGBdYEHggkBAQEDAQgKARQDTwwBAwIHAg8CBAEBBSMFAhkjCgkIAQEEEwsXh2gEmlKNCgiTFoEri22CCYEcBIhchRWWUIFpgwc
X-IronPort-AV: E=Sophos;i="4.75,446,1330905600"; d="scan'208";a="41274002"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-2.cisco.com with ESMTP; 19 Apr 2012 15:26:03 +0000
Received: from dwingWS ([10.32.240.197]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id q3JFQ34C023554; Thu, 19 Apr 2012 15:26:03 GMT
From: Dan Wing <dwing@cisco.com>
To: zhou.sujing@zte.com.cn
References: <0b9d01cd1dcc$4f46db30$edd49190$@com> <OFA855A751.2A28087D-ON482579E5.0011A9EC-482579E5.0011C4E5@zte.com.cn>
In-Reply-To: <OFA855A751.2A28087D-ON482579E5.0011A9EC-482579E5.0011C4E5@zte.com.cn>
Date: Thu, 19 Apr 2012 08:26:03 -0700
Message-ID: <0d4a01cd1e40$bba18f40$32e4adc0$@com>
MIME-Version: 1.0
Content-Type: text/plain; charset="GB2312"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Ac0d2njHnAUOy8ujT4ivOMGscuEDLAAZjvlg
Content-Language: en-us
Cc: mmusic@ietf.org
Subject: Re: [MMUSIC] Hi, May I ask for your opinion on draft-zhou-mmusic-sdes-keymod-01?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Apr 2012 15:26:09 -0000

> -----Original Message-----
> From: zhou.sujing@zte.com.cn [mailto:zhou.sujing@zte.com.cn]
> Sent: Wednesday, April 18, 2012 8:14 PM
> To: Dan Wing
> Cc: mmusic@ietf.org
> Subject: 答复: RE: RE: RE: RE: Hi, May I ask for your opinion on draft-
> zhou-mmusic-sdes-keymod-01?
> 
> 
> Then do your support our draft being considered into a WG(mmusic)
> work item?

It should be considered, yes.

-d


> 
> Regards~~~
> 
> -Sujing Zhou
> 
> "Dan Wing" <dwing@cisco.com> 写于 2012-04-19 09:32:40:
> 
> > > -----Original Message-----
> > > From: zhou.sujing@zte.com.cn [mailto:zhou.sujing@zte.com.cn]
> > > Sent: Wednesday, April 18, 2012 5:48 PM
> > > To: Dan Wing
> > > Cc: mmusic@ietf.org
> > > Subject: Re: RE: RE: RE: Hi, May I ask for your opinion on draft-
> zhou-
> > > mmusic-sdes-keymod-01?
> > >
> > >
> > >
> > > > >
> > > > > Generaly it is preferable the session key  between two peers
> be
> > > > > established with contribution from both peers,otherwise we will
> get
> > > > > into trouble
> > > > > as  SDES now in the scenarios of re-targetting and forking.
> > > > > Our 01 version actually suggests to change the unidirectional
> key
> > > > > transport in SDES into a key agreement(indicated by "keymod"):
> > > > > offerer provides: k1
> > > > > answer provides: keymod value
> > > > > the outgoing key from offerer to answerer is derived from k1
> and
> > > keymod
> > > > > value no matter in which situation.
> > > > > Re-targeting and forking  happen to be the scenarios that
> > > especially
> > > > > benefit from the change.
> > > >
> > > > Which involves the same number of (signaling) round-trips, right?
> > >
> > > In my opinion, the new method does not add extra round trips, it
> has
> > > the same round trips with
> > > the current SDES without re-INVITE or UPDATE.
> > >
> > > offerer-->answerer:INVITE
> > >        a=crypto:1 AES_CM_128_HMAC_SHA1_80
> > >         inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32 -
> --
> > > >k1
> > >         keymod:rand|xor|
> > > offerer<--answerer:Response
> > >        a=crypto:1 AES_CM_128_HMAC_SHA1_32
> > >        inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32; -
> --
> > > >k2
> > >        keymod:rand|xor|WVNfX19zZW1jdGwgKCkgew==         ->keymod
> value
> > >
> > > after the single round,
> > >     k1 and keymod value-->k1' to protect session from offerer to
> > > answerer
> > >    k2 -->  to protect session from answerer   to offerer
> >
> > I now understand what you're proposing, thanks for explaining it this
> way.
> >
> > That avoids a signaling round trip, but does require the Offerer and
> > Answerer support keymod.  If either of them don't, the Offerer needs
> to
> > always do a re-Invite.  So this appears a reasonable optimization to
> avoid
> > always doing a re-Invite.
> >
> > -d
> >
> >
> >