Re: [MMUSIC] Where to apply encryption?
Richard Barnes <rlb@ipv.sx> Wed, 27 February 2013 22:38 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12E2F21F8858 for <mmusic@ietfa.amsl.com>; Wed, 27 Feb 2013 14:38:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.593
X-Spam-Level:
X-Spam-Status: No, score=-2.593 tagged_above=-999 required=5 tests=[AWL=0.383, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WkoSSUeW+crA for <mmusic@ietfa.amsl.com>; Wed, 27 Feb 2013 14:38:07 -0800 (PST)
Received: from mail-oa0-f44.google.com (mail-oa0-f44.google.com [209.85.219.44]) by ietfa.amsl.com (Postfix) with ESMTP id 1913221F8853 for <mmusic@ietf.org>; Wed, 27 Feb 2013 14:38:07 -0800 (PST)
Received: by mail-oa0-f44.google.com with SMTP id h1so2416814oag.31 for <mmusic@ietf.org>; Wed, 27 Feb 2013 14:38:06 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=kSIFI/jK3KuCfKbajVwEwWwBP6IHQfsw3oYT9wFklSs=; b=kdGokwqpOihfBnINfR9L1JXxTlQhEzsq1HRcPQeJBNdrHIwGeqGEx0IZOdx9W3K51O jE1f2bAbz2VkfJL8F4J3MwMltxVj8P39Tg97cVLVj6PCGZdILNHEiayl5K0s/gcGcAWm 4MeAuier5CcEs4u48fmyr7NfK5X2x9IPN9UI/4wQSoz3Hu+3ibHC7I/SErb7EnllbWtr sv3AL3nXeGBEuXTTIkFijmrwLbbJiZE6YMnnNfZ1a0Off/2waVKFaWEbgVNM9DLSgLKg otDO3l5UNSN0aipoWK0PWr0QFMAOe2EGnlz4ESX/Mo8zizTjCJCVED8BX6FpNzTgzcJU xf6A==
MIME-Version: 1.0
X-Received: by 10.60.25.138 with SMTP id c10mr4114497oeg.12.1362004686479; Wed, 27 Feb 2013 14:38:06 -0800 (PST)
Received: by 10.60.60.98 with HTTP; Wed, 27 Feb 2013 14:38:06 -0800 (PST)
X-Originating-IP: [108.18.40.68]
In-Reply-To: <CABkgnnVsHifGvpoucOvKKtp8ZC3Jsr=pheLhyMRbU_LiDQSuMQ@mail.gmail.com>
References: <201302272158.r1RLw6t72679355@shell01.TheWorld.com> <CABkgnnVsHifGvpoucOvKKtp8ZC3Jsr=pheLhyMRbU_LiDQSuMQ@mail.gmail.com>
Date: Wed, 27 Feb 2013 17:38:06 -0500
Message-ID: <CAL02cgTT5XvGQ0GHxUf2W8kFPE1Lxc40YM1Q7Eq4i-2OAfVGxA@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="e89a8ff1c2fc85353e04d6bc6d2c"
X-Gm-Message-State: ALoCoQmOlc2nbumIimCwLVik/RpMB4ptp98mjZUq/OWfP7/bHF3HkMsLMvjcL3imNqX9MO+XIdof
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] Where to apply encryption?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2013 22:38:08 -0000
Yes. Back in the days of the ZRTP / DTLS wars, the possibility of just using DTLS was discussed, but morphed into DTLS-SRTP for the reasons Martin describes. On Wednesday, February 27, 2013, Martin Thomson wrote: > There are no security reasons why this wouldn't work. Some > applications already do this. > > The actual problems are manifold: > > - SRTP was designed to have a low per-packet overhead. The DTLS > record layer has a larger per-packet overhead. > - SRTP exposes certain attributes in clear text for intermediaries to > use. Intentionally. Using DTLS would lose this. > - SRTP enjoys wide support. This would harm interoperability with > existing communication devices, forcing the use of more complex > gateways. > > --Martin > > On 27 February 2013 13:58, Dale R. Worley <worley@ariadne.com<javascript:;>> > wrote: > > Current bundling proposals seem to expect that the packets on the wire > > will be either SRTP/SRTCP or SCTP-within-DTLS. Of course, this > > provides encryption of the carried media. > > > > But it seems to me that it would be more straightforward to multiplex > > RTP/RTCP and SCTP packets, and than as a lower layer, have one DTLS > > association that encrypts all of those packets indifferently. It > > would also provide privacy regarding the number and types of the > > bundled media streams. > > > > But my knowledge of crypto is thin, and maybe there's a reason that > > using one DTLS association to encrypt the multiplexed packet stream > > wouldn't work as well. > > > > Dale > > _______________________________________________ > > mmusic mailing list > > mmusic@ietf.org <javascript:;> > > https://www.ietf.org/mailman/listinfo/mmusic > _______________________________________________ > mmusic mailing list > mmusic@ietf.org <javascript:;> > https://www.ietf.org/mailman/listinfo/mmusic >
- [MMUSIC] Where to apply encryption? Dale R. Worley
- Re: [MMUSIC] Where to apply encryption? Martin Thomson
- Re: [MMUSIC] Where to apply encryption? Richard Barnes
- Re: [MMUSIC] Where to apply encryption? Dan Wing