IETF Logo Mail Archive

Re: [MMUSIC] Feedback requested on requirements - DES F13

worley@ariadne.com (Dale R. Worley) Thu, 18 April 2013 20:48 UTC

Return-Path: <worley@shell01.TheWorld.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B86421F934B for <mmusic@ietfa.amsl.com>; Thu, 18 Apr 2013 13:48:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.751
X-Spam-Level:
X-Spam-Status: No, score=-2.751 tagged_above=-999 required=5 tests=[AWL=0.229, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, RCVD_IN_SORBS_WEB=0.619]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id If2WW619Gkpg for <mmusic@ietfa.amsl.com>; Thu, 18 Apr 2013 13:48:02 -0700 (PDT)
Received: from TheWorld.com (pcls6.std.com [192.74.137.146]) by ietfa.amsl.com (Postfix) with ESMTP id 81DC521F9369 for <mmusic@ietf.org>; Thu, 18 Apr 2013 13:48:02 -0700 (PDT)
Received: from shell.TheWorld.com (svani@shell01.theworld.com [192.74.137.71]) by TheWorld.com (8.14.5/8.14.5) with ESMTP id r3IKl4BN018249 for <mmusic@ietf.org>; Thu, 18 Apr 2013 16:47:06 -0400
Received: from shell01.TheWorld.com (localhost.theworld.com [127.0.0.1]) by shell.TheWorld.com (8.13.6/8.12.8) with ESMTP id r3IKl48g2947630 for <mmusic@ietf.org>; Thu, 18 Apr 2013 16:47:04 -0400 (EDT)
Received: (from worley@localhost) by shell01.TheWorld.com (8.13.6/8.13.6/Submit) id r3IKl4gX2959218; Thu, 18 Apr 2013 16:47:04 -0400 (EDT)
Date: Thu, 18 Apr 2013 16:47:04 -0400
Message-Id: <201304182047.r3IKl4gX2959218@shell01.TheWorld.com>
From: worley@ariadne.com
Sender: worley@ariadne.com
To: mmusic@ietf.org
In-reply-to: <516E5575.1050704@ericsson.com> (magnus.westerlund@ericsson.com)
References: <201304161549.r3GFnui72796125@shell01.TheWorld.com> <516E5575.1050704@ericsson.com>
Subject: Re: [MMUSIC] Feedback requested on requirements - DES F13
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2013 20:48:03 -0000

Answering messages from Magnus and Christer regarding DES F13:

> From: Magnus Westerlund <magnus.westerlund@ericsson.com>

> >    DES F13  It is desirable for RTP media to appear on the wire as
> >       (encrypted) SRTP packets and for RTCP reports to appear on the
> >       wire as (authenticated but not encrypted) SRTCP packets.  Thus,
> >       encryption of RTP/RTCP via DTLS and encapsulation of multiplexed
> >       packets is not desirable.
> 
> I am not certain I understand the motivations for this requirement. Is
> the need to having unencrypted RTCP for third party monitors? From a
> security point of view I see issues with such blanket statements. There
> can be information in the RTCP that is sensitive for privacy reasons.

I omitted the discussion of this desideratum:

   This desideratum was suggested by Martin Thompson (http://
   www.ietf.org/mail-archive/web/mmusic/current/msg10400.html) and Dan
   Wing (http://www.ietf.org/mail-archive/web/mmusic/current/
   msg10408.html).

The two referenced messages are:

    From: Martin Thomson <martin.thomson at gmail.com>
    Date: Wed, 27 Feb 2013 14:11:21 -0800
    Cc: "mmusic at ietf.org" <mmusic at ietf.org>

    There are no security reasons why this wouldn't work.  Some
    applications already do this.

    The actual problems are manifold:

     - SRTP was designed to have a low per-packet overhead.  The DTLS
    record layer has a larger per-packet overhead.
     - SRTP exposes certain attributes in clear text for intermediaries to
    use.  Intentionally.  Using DTLS would lose this.
     - SRTP enjoys wide support.  This would harm interoperability with
    existing communication devices, forcing the use of more complex
    gateways.

    From: "Dan Wing" <dwing at cisco.com>
    Date: Thu, 28 Feb 2013 14:51:52 -0800
    Delivered-to: mmusic at ietfa.amsl.com

    SRTP (RFC3711) was carefully and purposefully designed so the RTP header 
    remains in the clear, and DTLS-SRTP was also purposefully designed so
    after the DTLS-SRTP handshake establishes the SRTP keys, the SRTP packets
    flow over the wire exactly like they would for any other keying 
    mechanism (ZRTP, MIKEY-*, Security Descriptions).

    By sending SRTP packets with their RTP header in the clear, it allows:
      * the RTP header to be compressed (cRTP [RFC2508], ECRTP [RFC3545])
      * analysis devices to see where, on a network path, SRTP packets 
	are lost, delayed, or get mis-ordered.
      * analysis devices to see SRTCP receiver reports and sender reports,
	which are typically authenticated but in the clear.

The reason I document this as a requirement for bundling is that it
excludes certain uses of cryptography and more importantly, it
excludes encapsulation techniques.

> For the last sentence are you really meaning DTLS or DTLS-SRTP. There is
> a big difference here.

I may be misusing the terminology, but I believe that "DTLS-SRTP" is
"providing keying for SRTP using DTLS", whereas the phrase I used is
"encryption of RTP/RTCP via DTLS", which is what I intended.

> From: Christer Holmberg <christer.holmberg@ericsson.com>

> I am not sure I understand why this is bundle specific.

This requirement excludes techniques that use encapsulation, so it is
a significant constraint on acceptable bundling techniques.

Dale

v2.23.0 | Report a Bug | By Email