Re: [MMUSIC] Feedback requested on requirements - DES F13
worley@ariadne.com (Dale R. Worley) Thu, 18 April 2013 20:48 UTC
Return-Path: <worley@shell01.TheWorld.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B86421F934B for <mmusic@ietfa.amsl.com>; Thu, 18 Apr 2013 13:48:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.751
X-Spam-Level:
X-Spam-Status: No, score=-2.751 tagged_above=-999 required=5 tests=[AWL=0.229, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, RCVD_IN_SORBS_WEB=0.619]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id If2WW619Gkpg for <mmusic@ietfa.amsl.com>; Thu, 18 Apr 2013 13:48:02 -0700 (PDT)
Received: from TheWorld.com (pcls6.std.com [192.74.137.146]) by ietfa.amsl.com (Postfix) with ESMTP id 81DC521F9369 for <mmusic@ietf.org>; Thu, 18 Apr 2013 13:48:02 -0700 (PDT)
Received: from shell.TheWorld.com (svani@shell01.theworld.com [192.74.137.71]) by TheWorld.com (8.14.5/8.14.5) with ESMTP id r3IKl4BN018249 for <mmusic@ietf.org>; Thu, 18 Apr 2013 16:47:06 -0400
Received: from shell01.TheWorld.com (localhost.theworld.com [127.0.0.1]) by shell.TheWorld.com (8.13.6/8.12.8) with ESMTP id r3IKl48g2947630 for <mmusic@ietf.org>; Thu, 18 Apr 2013 16:47:04 -0400 (EDT)
Received: (from worley@localhost) by shell01.TheWorld.com (8.13.6/8.13.6/Submit) id r3IKl4gX2959218; Thu, 18 Apr 2013 16:47:04 -0400 (EDT)
Date: Thu, 18 Apr 2013 16:47:04 -0400
Message-Id: <201304182047.r3IKl4gX2959218@shell01.TheWorld.com>
From: worley@ariadne.com
Sender: worley@ariadne.com
To: mmusic@ietf.org
In-reply-to: <516E5575.1050704@ericsson.com> (magnus.westerlund@ericsson.com)
References: <201304161549.r3GFnui72796125@shell01.TheWorld.com> <516E5575.1050704@ericsson.com>
Subject: Re: [MMUSIC] Feedback requested on requirements - DES F13
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2013 20:48:03 -0000
Answering messages from Magnus and Christer regarding DES F13: > From: Magnus Westerlund <magnus.westerlund@ericsson.com> > > DES F13 It is desirable for RTP media to appear on the wire as > > (encrypted) SRTP packets and for RTCP reports to appear on the > > wire as (authenticated but not encrypted) SRTCP packets. Thus, > > encryption of RTP/RTCP via DTLS and encapsulation of multiplexed > > packets is not desirable. > > I am not certain I understand the motivations for this requirement. Is > the need to having unencrypted RTCP for third party monitors? From a > security point of view I see issues with such blanket statements. There > can be information in the RTCP that is sensitive for privacy reasons. I omitted the discussion of this desideratum: This desideratum was suggested by Martin Thompson (http:// www.ietf.org/mail-archive/web/mmusic/current/msg10400.html) and Dan Wing (http://www.ietf.org/mail-archive/web/mmusic/current/ msg10408.html). The two referenced messages are: From: Martin Thomson <martin.thomson at gmail.com> Date: Wed, 27 Feb 2013 14:11:21 -0800 Cc: "mmusic at ietf.org" <mmusic at ietf.org> There are no security reasons why this wouldn't work. Some applications already do this. The actual problems are manifold: - SRTP was designed to have a low per-packet overhead. The DTLS record layer has a larger per-packet overhead. - SRTP exposes certain attributes in clear text for intermediaries to use. Intentionally. Using DTLS would lose this. - SRTP enjoys wide support. This would harm interoperability with existing communication devices, forcing the use of more complex gateways. From: "Dan Wing" <dwing at cisco.com> Date: Thu, 28 Feb 2013 14:51:52 -0800 Delivered-to: mmusic at ietfa.amsl.com SRTP (RFC3711) was carefully and purposefully designed so the RTP header remains in the clear, and DTLS-SRTP was also purposefully designed so after the DTLS-SRTP handshake establishes the SRTP keys, the SRTP packets flow over the wire exactly like they would for any other keying mechanism (ZRTP, MIKEY-*, Security Descriptions). By sending SRTP packets with their RTP header in the clear, it allows: * the RTP header to be compressed (cRTP [RFC2508], ECRTP [RFC3545]) * analysis devices to see where, on a network path, SRTP packets are lost, delayed, or get mis-ordered. * analysis devices to see SRTCP receiver reports and sender reports, which are typically authenticated but in the clear. The reason I document this as a requirement for bundling is that it excludes certain uses of cryptography and more importantly, it excludes encapsulation techniques. > For the last sentence are you really meaning DTLS or DTLS-SRTP. There is > a big difference here. I may be misusing the terminology, but I believe that "DTLS-SRTP" is "providing keying for SRTP using DTLS", whereas the phrase I used is "encryption of RTP/RTCP via DTLS", which is what I intended. > From: Christer Holmberg <christer.holmberg@ericsson.com> > I am not sure I understand why this is bundle specific. This requirement excludes techniques that use encapsulation, so it is a significant constraint on acceptable bundling techniques. Dale
- Re: [MMUSIC] Feedback requested on requirements Harald Alvestrand
- [MMUSIC] Feedback requested on requirements Dale R. Worley
- [MMUSIC] Feedback requested on requirements Dale R. Worley
- [MMUSIC] "splitting" a bundle Paul Kyzivat
- [MMUSIC] Feedback requested on requirements Dale R. Worley
- [MMUSIC] Feedback requested on requirements Dale R. Worley
- [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] "splitting" a bundle Dale R. Worley
- [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Magnus Westerlund
- Re: [MMUSIC] Feedback requested on requirements Magnus Westerlund
- Re: [MMUSIC] Feedback requested on requirements Christer Holmberg
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements -… Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Justin Uberti
- [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Martin Thomson
- Re: [MMUSIC] Feedback requested on requirements Christer Holmberg
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Christer Holmberg
- Re: [MMUSIC] Feedback requested on requirements Christer Holmberg
- Re: [MMUSIC] Feedback requested on requirements Paul Kyzivat
- Re: [MMUSIC] Feedback requested on requirements Paul Kyzivat
- [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] "splitting" a bundle Dale R. Worley
- Re: [MMUSIC] "splitting" a bundle Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Christer Holmberg
- Re: [MMUSIC] Feedback requested on requirements Christer Holmberg
- Re: [MMUSIC] Feedback requested on requirements Christer Holmberg
- Re: [MMUSIC] Feedback requested on requirements Paul Kyzivat
- Re: [MMUSIC] "splitting" a bundle Paul Kyzivat
- Re: [MMUSIC] "splitting" a bundle Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Christer Holmberg
- Re: [MMUSIC] "splitting" a bundle Paul Kyzivat
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Christer Holmberg
- Re: [MMUSIC] Feedback requested on requirements Dale R. Worley
- Re: [MMUSIC] Feedback requested on requirements Christer Holmberg