IETF Logo Mail Archive

Re: [MMUSIC] Draft new: draft-holmberg-mmusic-udptl-dtls-00

Christer Holmberg <christer.holmberg@ericsson.com> Thu, 29 August 2013 08:17 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3523C21E8098 for <mmusic@ietfa.amsl.com>; Thu, 29 Aug 2013 01:17:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.909
X-Spam-Level:
X-Spam-Status: No, score=-5.909 tagged_above=-999 required=5 tests=[AWL=0.340, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rliB6BL0L9h0 for <mmusic@ietfa.amsl.com>; Thu, 29 Aug 2013 01:17:29 -0700 (PDT)
Received: from mailgw7.ericsson.se (mailgw7.ericsson.se [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id 8173321E8064 for <mmusic@ietf.org>; Thu, 29 Aug 2013 01:17:17 -0700 (PDT)
X-AuditID: c1b4fb30-b7f9a8e000005620-07-521f038926c0
Received: from ESESSHC010.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw7.ericsson.se (Symantec Mail Security) with SMTP id 78.48.22048.9830F125; Thu, 29 Aug 2013 10:17:14 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.146]) by ESESSHC010.ericsson.se ([153.88.183.48]) with mapi id 14.02.0328.009; Thu, 29 Aug 2013 10:17:13 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Dan Wing <dwing@cisco.com>
Thread-Topic: [MMUSIC] Draft new: draft-holmberg-mmusic-udptl-dtls-00
Thread-Index: Ac6c2+8uzokCW2xnSQeYLTwy0EHdvQAFtGOAAIoTZrABOnz8AAAiwW4g
Date: Thu, 29 Aug 2013 08:17:13 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1C47F98F@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1C46787F@ESESSMB209.ericsson.se> <E158A6F0-2A84-4B81-AFDE-CFF5E1EDE295@cisco.com> <7594FB04B1934943A5C02806D1A2204B1C4754A3@ESESSMB209.ericsson.se> <361F2B18-D0B3-487B-A534-8E8D4604561D@cisco.com>
In-Reply-To: <361F2B18-D0B3-487B-A534-8E8D4604561D@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.19]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrDLMWRmVeSWpSXmKPExsUyM+JvjW4Xs3yQwck7AhYXrz1kspi6/DGL A5PHlN8bWT2WLPnJFMAUxWWTkpqTWZZapG+XwJUxoXUvU8F3pYpP076xNjDOkeli5OSQEDCR WPeyjRXCFpO4cG89WxcjF4eQwGFGibcLb7JCOEsYJc6u/AjkcHCwCVhIdP/TBmkQEZCTuDt/ AjOIzSwgL3FhyRomEFtYwEViwq197BA1rhK9m1azQthuEhNerwWrZxFQlZgxs4kRxOYV8JV4 uPc3C8Su74wSb9Z1MYPs4hSwlVj8WQ+khhHouO+nIOYzC4hL3HoynwniaAGJJXvOM0PYohIv H/+DekZRov1pAyNEvY7Egt2f2CBsbYllC18zQ+wVlDg58wnLBEaxWUjGzkLSMgtJyywkLQsY WVYxsucmZuakl5tvYgTGyMEtvw12MG66L3aIUZqDRUmcd7PemUAhgfTEktTs1NSC1KL4otKc 1OJDjEwcnFINjMunMfYttfCdlB5SNUdB/WWs6J9lih9sXY95MGurN76Vfb3y4s21zh90LEU3 bOGYd0GZe1fN1sm/NohZhF7a2fL77YbroqKSjef3hfeqxf6+3BOze5au2jLfpWEBNxIWb4ze xPXcWvqh8XF5Cya2FXZ7j5yYqsAU/vNI1/qvndWPjR0Ca29M7FFiKc5INNRiLipOBACQ5hMK XwIAAA==
Cc: mmusic WG <mmusic@ietf.org>
Subject: Re: [MMUSIC] Draft new: draft-holmberg-mmusic-udptl-dtls-00
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Aug 2013 08:17:38 -0000

Hi Dan,

The protocols listed in draft-ietf-tls-applayerprotoneg-01 are used without SIP/SDP, so using such mechanism makes sense for those protocols.

In SIP, SDP is used to negotiate the media (including nonsecure fax), and I see no reason why we should introduce a new mechanism for secure fax. 

Regards,

Christer


-----Original Message-----
From: Dan Wing [mailto:dwing@cisco.com] 
Sent: 28. elokuuta 2013 20:41
To: Christer Holmberg
Cc: mmusic WG
Subject: Re: [MMUSIC] Draft new: draft-holmberg-mmusic-udptl-dtls-00


On Aug 22, 2013, at 2:37 AM, Christer Holmberg <christer.holmberg@ericsson.com> wrote:

> Hi Dan,
> 
> Regarding the 3GPP SA3 study, the information I gave was a little misleading. From a security perspective SRTP would be fine.
> 
> The focus of the SA3 study was on how to provide security for the existing fax transmission mechanism, which uses UDPTL/UDP.
> 
> 3GPP already mandates IMS terminals to support UDPTL/UDP for unsecure fax. And, new terminals (supporting secure fax) are still required to also support unsecure fax, in order to communicate with legacy terminals when unsecure fax is sufficient. 
> 
> So, using UDPTL/DTLS/UDP for secure fax makes more sense, as it avoids implementing different mechanisms for secure and unsecure fax - UDPTL/DTLS/UDP only requires a new layer between UDPTL and UDP, it does not require changing the upper layers (UDPTL and above).
> 
> Hopefully this clarifies :)

(Sorry for my delay.  I was on vacation.)

Thanks for the clarification.


Back to your document, it says:

   Since the DTLS record layer "application_data" packet does not
   indicate whether it carries UDPTL, or some other protocol, the usage
   of a dedicated DTLS association for transport of UDPTL needs to be
   negotiated, e.g. using the Session Description Protocol (SDP)
   [RFC4566] and the SDP offer/answer mechanism [RFC3264].

   Therefore, this document specifies a new <proto> value [RFC4566] for
   the SDP "m=" line [RFC3264], in order to indicate UDPTL over DTLS in
   SDP messages [RFC4566].

Have you considered doing UDPTL negotiation in the DTLS handshake itself, using http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg?  That seems ideally suited for indicating the application layer protocol, perhaps in addition to the SDP signaling described in your I-D.

-d


> 
> Regards,
> 
> Christer
> 
> 
> 
> 
> 
> -----Original Message-----
> From: Dan Wing [mailto:dwing@cisco.com]
> Sent: 19. elokuuta 2013 20:43
> To: Christer Holmberg
> Cc: mmusic; mmusic-chairs@tools.ietf.org
> Subject: Re: [MMUSIC] Draft new: draft-holmberg-mmusic-udptl-dtls-00
> 
> 
> On Aug 19, 2013, at 6:03 AM, Christer Holmberg <christer.holmberg@ericsson.com> wrote:
> 
>> Hi,
>> 
>> We have submitted a new draft, draft-holmberg-mmusic-udptl-dtls-00, which defines usage of UDPTL over DTLS, in order to provide secure fax.
>> 
>> The draft was previously submitted to DISPATCH. Based on discussions with the ADs and chairs, it was decided that it shall be submitted to MMUSIC (note that no DTLS extensions are needed).
>> 
>> As is indicated in the draft, 3GPP has performed a study on how to 
>> provide secure fax in the IMS, and the outcome was that secure fax shall be transported using UDPTL over DTLS.
> 
> Got a pointer to that study?  Seems easier to carry UDPTL over RTP, which would allow the RTP to be secured using SRTP (and thus the UDPTL would be secured using SRTP).  There is a spec floating around to do exactly that (carry fax over RTP so that SRTP can secure it).  Advantage of using SRTP to secure fax is it separates the keying mechanism from security, so that Security Descriptions / MIKEY / DTLS-SRTP / whatever-is-invented-in-2020 will work just as effectively for voice as for fax.  And also that upgrading from a voice call to a "fax" call has no additional complexities due to security ("please press START to begin the fax transmission").
> 
> -d
> 
> 
>> However, there is nothing "3GPP/IMS specific" about the mechanism, as UDPTL is commonly used for fax also elsewhere.
>> 
>> Regards,
>> 
>> Christer
>> _______________________________________________
>> mmusic mailing list
>> mmusic@ietf.org
>> https://www.ietf.org/mailman/listinfo/mmusic
>

v2.23.0 | Report a Bug | By Email