IETF Logo Mail Archive

RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt

"Dan Wing" <dwing@cisco.com> Tue, 31 October 2006 01:13 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1GeiCG-0004tI-Dk; Mon, 30 Oct 2006 20:13:44 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1GeiCF-0004sy-65 for mmusic@ietf.org; Mon, 30 Oct 2006 20:13:43 -0500
Received: from sj-iport-6.cisco.com ([171.71.176.117]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1GeiCC-0005xl-G5 for mmusic@ietf.org; Mon, 30 Oct 2006 20:13:43 -0500
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-6.cisco.com with ESMTP; 30 Oct 2006 17:13:40 -0800
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-2.cisco.com (8.12.11.20060308/8.12.11) with ESMTP id k9V1DdId013084; Mon, 30 Oct 2006 17:13:39 -0800
Received: from dwingwxp ([10.32.130.99]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id k9V1DdW4018609; Mon, 30 Oct 2006 17:13:39 -0800 (PST)
From: Dan Wing <dwing@cisco.com>
To: 'Hadriel Kaplan' <HKaplan@acmepacket.com>, "'Elwell, John'" <john.elwell@siemens.com>, 'Francois Audet' <audet@nortel.com>, mmusic@ietf.org
Subject: RE: [MMUSIC] RE: I-D ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt
Date: Mon, 30 Oct 2006 17:13:39 -0800
Keywords: direct-to-dwing
Message-ID: <57bc01c6fc89$cc8f99c0$5b82200a@amer.cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
In-Reply-To: <006001c6fbc9$2530a0e0$0500a8c0@acmepacket.com>
Thread-Index: Acb7O2c3PZUDoigIQoirauJsm96rFQAjOO/gADAghZA=
DKIM-Signature: a=rsa-sha1; q=dns; l=8933; t=1162257219; x=1163121219; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:RE=3A=20[MMUSIC]=20RE=3A=20I-D=20ACTION=3Adraft-kaplan-mmusic-best-effor t-srtp-01.txt; X=v=3Dcisco.com=3B=20h=3DxBX4iA4VQuhdkcexVU8I2tdVYaA=3D; b=agcWkpPe8yncFYm10AIV+1LnplPfVRHPFITpUAHBpJuRiz7u8tdM7ZKvJ+RAeEUqXYQYW5dF t60eA06UkcXm6ELH6Lu/OUIp7Z6aExV0cY6UGE+ORASzsqyBN4Ee0/Nn;
Authentication-Results: sj-dkim-2.cisco.com; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com verified; );
X-Spam-Score: 0.0 (/)
X-Scan-Signature: ed68cc91cc637fea89623888898579ba
Cc:
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
Errors-To: mmusic-bounces@ietf.org

> I wouldn't think zrtp would need port-mapping. 

Security Descriptions probably doesn't need it, either -- it can't do early
media unless we resurrect draft-wing-mmusic-sdes-early-media-00.txt or some
idea like it.

> They're supposed to handshake in clear RTP (or maybe rtcp 
> depending on how the argument in AVT ends up).  So they should 
> be able to use the m= line ones.  I would expect
> that any media-plane key exchange mechanism would be designed 
> such that it gracefully fails if either side doesn't support 
> it, no? 

You only want to fail gracefully if your security policy allows
RTP, and your signaling indicates the remote party only supports
RTP.  Otherwise, an attacker could interfere with your media-plane
key exchange so that you can only run RTP.

> They may need/want an attribute so the offerer can tell the 
> answerer to try it, or other info like a fingerprint, but 
> port-mapping wouldn't be one of them, would it?

Currently zrtp defines its own a=zrtp attribute; it might
make sense to use the portmapping attribute to mean the
same thing ("I can do ZRTP; can you?").

-d


> -hadriel
> 
> > -----Original Message-----
> > From: Elwell, John [mailto:john.elwell@siemens.com]
> > Sent: Sunday, October 29, 2006 4:20 AM
> > To: Dan Wing; 'Francois Audet'; 'Hadriel Kaplan'; mmusic@ietf.org
> > Subject: RE: [MMUSIC] RE: I-D 
> ACTION:draft-kaplan-mmusic-best-effort-srtp-
> > 01.txt
> > 
> > Dan,
> > 
> > It would probably need to be something like:
> > a=srtp key-mgmt:0=96,18=97 crypto:0=98,18=99 
> fingerprint:0=100,18=101
> > zrtp:0=102,18=103
> > 
> > John
> > 
> > > -----Original Message-----
> > > From: Dan Wing [mailto:dwing@cisco.com]
> > > Sent: 27 October 2006 18:46
> > > To: Elwell, John; 'Francois Audet'; 'Hadriel Kaplan'; 
> mmusic@ietf.org
> > > Subject: RE: [MMUSIC] RE: I-D
> > > ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt
> > >
> > > And another for srtp-dtls and another for zrtp?
> > >
> > > Maybe there is a more efficient way to combine these.  
> Perhaps only
> > > including a=srtp for those key exchange mechanisms which can allow
> > > decrypting SRTP media that arrives prior to the SDP answer?
> > > Or perhaps
> > > specifying the payload types in such a way that they're
> > > assigned to each of
> > > the a= key management mechanisms understood by the answerer.
> > > As a possible
> > > strawman for this last idea:
> > >
> > >   m=blahblah
> > >   a=key-mgmt blahblah
> > >   a=crypto blahblah
> > >   a=fingerprint blahblah (used by srtp-dtls)
> > >   a=zrtp
> > >   a=srtp key-mgmt 40 crypto 41 fingerprint 42 zrtp 43
> > >
> > > -d
> > >
> > >
> > > > -----Original Message-----
> > > > From: Elwell, John [mailto:john.elwell@siemens.com]
> > > > Sent: Thursday, October 26, 2006 11:07 PM
> > > > To: Francois Audet; Hadriel Kaplan; mmusic@ietf.org
> > > > Subject: RE: [MMUSIC] RE: I-D
> > > > ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt
> > > >
> > > > Francois,
> > > >
> > > > Yes, that would work.
> > > >
> > > > John
> > > >
> > > > > -----Original Message-----
> > > > > From: Francois Audet [mailto:audet@nortel.com]
> > > > > Sent: 27 October 2006 01:22
> > > > > To: Elwell, John; Hadriel Kaplan; mmusic@ietf.org
> > > > > Subject: RE: [MMUSIC] RE: I-D
> > > > > ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt
> > > > >
> > > > > Maybe we could use one a=srtp line for crypto, and 
> another one for
> > > > > kmgmt?
> > > > >
> > > > > (i.e., have a different PT for each?)
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Elwell, John [mailto:john.elwell@siemens.com]
> > > > > > Sent: Thursday, October 26, 2006 5:56 AM
> > > > > > To: Hadriel Kaplan; Audet, Francois (SC100:3055);
> > > mmusic@ietf.org
> > > > > > Subject: [MMUSIC] RE: I-D
> > > > > > ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt
> > > > > >
> > > > > > Hadriel, Francois,
> > > > > >
> > > > > > Thanks for working on this update. Just one point. If both
> > > > > > SDescriptions and MIKEY are offered (inclusion of a=crypto
> > > > > > and a=key-mgmt lines) and a different payload type is also
> > > > > > indicated for SRTP, this payload type would apply 
> whether the
> > > > > > SDescription-derived key or the MIKEY-derived key is used.
> > > > > > So until the SDP answer arrives, it would still not be
> > > > > > possible to render SRTP. Of course, in the case of
> > > > > > SDescriptions it is not possible anyway, but in the case of
> > > > > > certain MIKEY options it ought to be possible. Unfortunately
> > > > > > to resolve this we would need somewhat more complex 
> syntax in
> > > > > > the a=srtp line.
> > > > > >
> > > > > > John
> > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Internet-Drafts@ietf.org
> > > [mailto:Internet-Drafts@ietf.org]
> > > > > > > Sent: 25 October 2006 20:50
> > > > > > > To: i-d-announce@ietf.org
> > > > > > > Subject: I-D
> > > ACTION:draft-kaplan-mmusic-best-effort-srtp-01.txt
> > > > > > >
> > > > > > > A New Internet-Draft is available from the on-line
> > > > > Internet-Drafts
> > > > > > > directories.
> > > > > > >
> > > > > > >
> > > > > > > 	Title		: Session Description Protocol (SDP)
> > > > > > > Offer/Answer Negotiation For Best-Effort Secure Real-Time
> > > > > Transport
> > > > > > > Protocol
> > > > > > > 	Author(s)	: F. Audet, H. Kaplan
> > > > > > > 	Filename	:
> > > > draft-kaplan-mmusic-best-effort-srtp-01.txt
> > > > > > > 	Pages		: 17
> > > > > > > 	Date		: 2006-10-25
> > > > > > >
> > > > > > > This document defines the requirements and a proposed
> > > > > solution for
> > > > > > >    an SDP Offer/Answer exchange model for negotiating
> > > > > > best-effort SRTP
> > > > > > >    keys, i.e., in a backward-compatible manner with
> > > > > > non-SRTP devices.
> > > > > > >    The proposed solution is a trivial 
> interpretation of the
> > > > > > usage of
> > > > > > >    the profile and the usage of SDP indication of [sdesc]
> > > > > > and [kmgmt].
> > > > > > >
> > > > > > > A URL for this Internet-Draft is:
> > > > > > > 
> http://www.ietf.org/internet-drafts/draft-kaplan-mmusic-best-e
> > > > > > > ffort-srtp-01.txt
> > > > > > >
> > > > > > > To remove yourself from the I-D Announcement list, send a
> > > > > > message to
> > > > > > > i-d-announce-request@ietf.org with the word unsubscribe in
> > > > > > the body of
> > > > > > > the message.
> > > > > > > You can also visit
> > > > > > > https://www1.ietf.org/mailman/listinfo/I-D-announce
> > > > > > > to change your subscription settings.
> > > > > > >
> > > > > > > Internet-Drafts are also available by anonymous FTP.
> > > > > Login with the
> > > > > > > username "anonymous" and a password of your e-mail
> > > > address. After
> > > > > > > logging in, type "cd internet-drafts" and then "get
> > > > > > > draft-kaplan-mmusic-best-effort-srtp-01.txt".
> > > > > > >
> > > > > > > A list of Internet-Drafts directories can be found in
> > > > > > > http://www.ietf.org/shadow.html or
> > > > > > > ftp://ftp.ietf.org/ietf/1shadow-sites.txt
> > > > > > >
> > > > > > > Internet-Drafts can also be obtained by e-mail.
> > > > > > >
> > > > > > > Send a message to:
> > > > > > > 	mailserv@ietf.org.
> > > > > > > In the body type:
> > > > > > > 	"FILE
> > > > > > > 
> /internet-drafts/draft-kaplan-mmusic-best-effort-srtp-01.txt".
> > > > > > >
> > > > > > > NOTE:	The mail server at ietf.org can return 
> the document
> in
> > > > > > > 	MIME-encoded form by using the "mpack" utility.
> > > >  To use this
> > > > > > > 	feature, insert the command "ENCODING mime"
> > > > before the "FILE"
> > > > > > > 	command.  To decode the response(s), you will
> > > > need "munpack" or
> > > > > > > 	a MIME-compliant mail reader.  Different MIME-compliant
> > > > > > mail readers
> > > > > > > 	exhibit different behavior, especially when dealing with
> > > > > > > 	"multipart" MIME messages (i.e. documents which
> > > > have been split
> > > > > > > 	up into multiple messages), so check your local
> > > > documentation on
> > > > > > > 	how to manipulate these messages.
> > > > > > >
> > > > > > > Below is the data which will enable a MIME compliant
> > > > mail reader
> > > > > > > implementation to automatically retrieve the ASCII
> > > > version of the
> > > > > > > Internet-Draft.
> > > > > > >
> > > > > >
> > > > > > _______________________________________________
> > > > > > mmusic mailing list
> > > > > > mmusic@ietf.org
> > > > > > https://www1.ietf.org/mailman/listinfo/mmusic
> > > > > >
> > > > >
> > > >
> > > > _______________________________________________
> > > > mmusic mailing list
> > > > mmusic@ietf.org
> > > > https://www1.ietf.org/mailman/listinfo/mmusic
> > >

_______________________________________________
mmusic mailing list
mmusic@ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email