RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt
"Dan Wing" <dwing@cisco.com> Tue, 31 October 2006 01:13 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GeiCG-0004tI-Dk; Mon, 30 Oct 2006 20:13:44 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GeiCF-0004sy-65 for mmusic@ietf.org; Mon, 30 Oct 2006 20:13:43 -0500
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GeiCC-0005xl-G5 for mmusic@ietf.org; Mon, 30 Oct 2006 20:13:43 -0500
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 30 Oct 2006 17:13:40 -0800
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9V1DdId013084; Mon, 30 Oct 2006 17:13:39 -0800
Received: from dwingwxp ([10.32.130.99]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k9V1DdW4018609; Mon, 30 Oct 2006 17:13:39 -0800 (PST)
From: Dan Wing <dwing@cisco.com>
To: 'Hadriel Kaplan' <HKaplan@acmepacket.com>, "'Elwell, John'" <john.elwell@siemens.com>, 'Francois Audet' <audet@nortel.com>, mmusic@ietf.org
Subject: RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt
Date: Mon, 30 Oct 2006 17:13:39 -0800
Keywords: direct-to-dwing
Message-ID: <57bc01c6fc89$cc8f99c0$5b82200a@amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
In-Reply-To: <006001c6fbc9$2530a0e0$0500a8c0@acmepacket.com>
Thread-Index: Acb7O2c3PZUDoigIQoirauJsm96rFQAjOO/gADAghZA=
DKIM-Signature: a=rsa-sha1; q=dns; l=8933; t=1162257219; x=1163121219; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:RE=3A=20[MMUSIC]=20RE=3A=20I-D=20ACTION=3Adraft-kaplan-mmusic-best-effor t-srtp-01.txt; X=v=3Dcisco.com=3B=20h=3DxBX4iA4VQuhdkcexVU8I2tdVYaA=3D; b=agcWkpPe8yncFYm10AIV+1LnplPfVRHPFITpUAHBpJuRiz7u8tdM7ZKvJ+RAeEUqXYQYW5dF t60eA06UkcXm6ELH6Lu/OUIp7Z6aExV0cY6UGE+ORASzsqyBN4Ee0/Nn;
Authentication-Results: sj-dkim-2.cisco.com; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ed68cc91cc637fea89623888898579ba
Cc:
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
Errors-To: mmusic-bounces@ietf.org
> I wouldn't think zrtp would need port-mapping. Security Descriptions probably doesn't need it, either -- it can't do early media unless we resurrect draft-wing-mmusic-sdes-early-media-00.txt or some idea like it. > They're supposed to handshake in clear RTP (or maybe rtcp > depending on how the argument in AVT ends up). So they should > be able to use the m= line ones. I would expect > that any media-plane key exchange mechanism would be designed > such that it gracefully fails if either side doesn't support > it, no? You only want to fail gracefully if your security policy allows RTP, and your signaling indicates the remote party only supports RTP. Otherwise, an attacker could interfere with your media-plane key exchange so that you can only run RTP. > They may need/want an attribute so the offerer can tell the > answerer to try it, or other info like a fingerprint, but > port-mapping wouldn't be one of them, would it? Currently zrtp defines its own a=zrtp attribute; it might make sense to use the portmapping attribute to mean the same thing ("I can do ZRTP; can you?"). -d > -hadriel > > > -----Original Message----- > > From: Elwell, John [mailto:john.elwell@siemens.com] > > Sent: Sunday, October 29, 2006 4:20 AM > > To: Dan Wing; 'Francois Audet'; 'Hadriel Kaplan'; mmusic@ietf.org > > Subject: RE: [MMUSIC] RE: I-D > ACTION:draft-kaplan-mmusic-best-effort-srtp- > > 01.txt > > > > Dan, > > > > It would probably need to be something like: > > a=srtp key-mgmt:0=96,18=97 crypto:0=98,18=99 > fingerprint:0=100,18=101 > > zrtp:0=102,18=103 > > > > John > > > > > -----Original Message----- > > > From: Dan Wing [mailto:dwing@cisco.com] > > > Sent: 27 October 2006 18:46 > > > To: Elwell, John; 'Francois Audet'; 'Hadriel Kaplan'; > mmusic@ietf.org > > > Subject: RE: [MMUSIC] RE: I-D > > > ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt > > > > > > And another for srtp-dtls and another for zrtp? > > > > > > Maybe there is a more efficient way to combine these. > Perhaps only > > > including a=srtp for those key exchange mechanisms which can allow > > > decrypting SRTP media that arrives prior to the SDP answer? > > > Or perhaps > > > specifying the payload types in such a way that they're > > > assigned to each of > > > the a= key management mechanisms understood by the answerer. > > > As a possible > > > strawman for this last idea: > > > > > > m=blahblah > > > a=key-mgmt blahblah > > > a=crypto blahblah > > > a=fingerprint blahblah (used by srtp-dtls) > > > a=zrtp > > > a=srtp key-mgmt 40 crypto 41 fingerprint 42 zrtp 43 > > > > > > -d > > > > > > > > > > -----Original Message----- > > > > From: Elwell, John [mailto:john.elwell@siemens.com] > > > > Sent: Thursday, October 26, 2006 11:07 PM > > > > To: Francois Audet; Hadriel Kaplan; mmusic@ietf.org > > > > Subject: RE: [MMUSIC] RE: I-D > > > > ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt > > > > > > > > Francois, > > > > > > > > Yes, that would work. > > > > > > > > John > > > > > > > > > -----Original Message----- > > > > > From: Francois Audet [mailto:audet@nortel.com] > > > > > Sent: 27 October 2006 01:22 > > > > > To: Elwell, John; Hadriel Kaplan; mmusic@ietf.org > > > > > Subject: RE: [MMUSIC] RE: I-D > > > > > ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt > > > > > > > > > > Maybe we could use one a=srtp line for crypto, and > another one for > > > > > kmgmt? > > > > > > > > > > (i.e., have a different PT for each?) > > > > > > > > > > > -----Original Message----- > > > > > > From: Elwell, John [mailto:john.elwell@siemens.com] > > > > > > Sent: Thursday, October 26, 2006 5:56 AM > > > > > > To: Hadriel Kaplan; Audet, Francois (SC100:3055); > > > mmusic@ietf.org > > > > > > Subject: [MMUSIC] RE: I-D > > > > > > ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt > > > > > > > > > > > > Hadriel, Francois, > > > > > > > > > > > > Thanks for working on this update. Just one point. If both > > > > > > SDescriptions and MIKEY are offered (inclusion of a=crypto > > > > > > and a=key-mgmt lines) and a different payload type is also > > > > > > indicated for SRTP, this payload type would apply > whether the > > > > > > SDescription-derived key or the MIKEY-derived key is used. > > > > > > So until the SDP answer arrives, it would still not be > > > > > > possible to render SRTP. Of course, in the case of > > > > > > SDescriptions it is not possible anyway, but in the case of > > > > > > certain MIKEY options it ought to be possible. Unfortunately > > > > > > to resolve this we would need somewhat more complex > syntax in > > > > > > the a=srtp line. > > > > > > > > > > > > John > > > > > > > > > > > > > -----Original Message----- > > > > > > > From: Internet-Drafts@ietf.org > > > [mailto:Internet-Drafts@ietf.org] > > > > > > > Sent: 25 October 2006 20:50 > > > > > > > To: i-d-announce@ietf.org > > > > > > > Subject: I-D > > > ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt > > > > > > > > > > > > > > A New Internet-Draft is available from the on-line > > > > > Internet-Drafts > > > > > > > directories. > > > > > > > > > > > > > > > > > > > > > Title : Session Description Protocol (SDP) > > > > > > > Offer/Answer Negotiation For Best-Effort Secure Real-Time > > > > > Transport > > > > > > > Protocol > > > > > > > Author(s) : F. Audet, H. Kaplan > > > > > > > Filename : > > > > draft-kaplan-mmusic-best-effort-srtp-01.txt > > > > > > > Pages : 17 > > > > > > > Date : 2006-10-25 > > > > > > > > > > > > > > This document defines the requirements and a proposed > > > > > solution for > > > > > > > an SDP Offer/Answer exchange model for negotiating > > > > > > best-effort SRTP > > > > > > > keys, i.e., in a backward-compatible manner with > > > > > > non-SRTP devices. > > > > > > > The proposed solution is a trivial > interpretation of the > > > > > > usage of > > > > > > > the profile and the usage of SDP indication of [sdesc] > > > > > > and [kmgmt]. > > > > > > > > > > > > > > A URL for this Internet-Draft is: > > > > > > > > http://www.ietf.org/internet-drafts/draft-kaplan-mmusic-best-e > > > > > > > ffort-srtp-01.txt > > > > > > > > > > > > > > To remove yourself from the I-D Announcement list, send a > > > > > > message to > > > > > > > i-d-announce-request@ietf.org with the word unsubscribe in > > > > > > the body of > > > > > > > the message. > > > > > > > You can also visit > > > > > > > https://www1.ietf.org/mailman/listinfo/I-D-announce > > > > > > > to change your subscription settings. > > > > > > > > > > > > > > Internet-Drafts are also available by anonymous FTP. > > > > > Login with the > > > > > > > username "anonymous" and a password of your e-mail > > > > address. After > > > > > > > logging in, type "cd internet-drafts" and then "get > > > > > > > draft-kaplan-mmusic-best-effort-srtp-01.txt". > > > > > > > > > > > > > > A list of Internet-Drafts directories can be found in > > > > > > > http://www.ietf.org/shadow.html or > > > > > > > ftp://ftp.ietf.org/ietf/1shadow-sites.txt > > > > > > > > > > > > > > Internet-Drafts can also be obtained by e-mail. > > > > > > > > > > > > > > Send a message to: > > > > > > > mailserv@ietf.org. > > > > > > > In the body type: > > > > > > > "FILE > > > > > > > > /internet-drafts/draft-kaplan-mmusic-best-effort-srtp-01.txt". > > > > > > > > > > > > > > NOTE: The mail server at ietf.org can return > the document > in > > > > > > > MIME-encoded form by using the "mpack" utility. > > > > To use this > > > > > > > feature, insert the command "ENCODING mime" > > > > before the "FILE" > > > > > > > command. To decode the response(s), you will > > > > need "munpack" or > > > > > > > a MIME-compliant mail reader. Different MIME-compliant > > > > > > mail readers > > > > > > > exhibit different behavior, especially when dealing with > > > > > > > "multipart" MIME messages (i.e. documents which > > > > have been split > > > > > > > up into multiple messages), so check your local > > > > documentation on > > > > > > > how to manipulate these messages. > > > > > > > > > > > > > > Below is the data which will enable a MIME compliant > > > > mail reader > > > > > > > implementation to automatically retrieve the ASCII > > > > version of the > > > > > > > Internet-Draft. > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > mmusic mailing list > > > > > > mmusic@ietf.org > > > > > > https://www1.ietf.org/mailman/listinfo/mmusic > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > mmusic mailing list > > > > mmusic@ietf.org > > > > https://www1.ietf.org/mailman/listinfo/mmusic > > > _______________________________________________ mmusic mailing list mmusic@ietf.org https://www1.ietf.org/mailman/listinfo/mmusic
- RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-b… Elwell, John
- RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-b… Dan Wing
- Re: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-b… Robert R. Gilman
- RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-b… Elwell, John
- RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-b… Hadriel Kaplan
- RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-b… Dan Wing
- RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-b… Hadriel Kaplan
- RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-b… Dan Wing
- RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-b… Elwell, John
- RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-b… Hadriel Kaplan
- RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-b… Dan Wing