Re: [MMUSIC] Where to apply encryption?
"Dan Wing" <dwing@cisco.com> Thu, 28 February 2013 22:51 UTC
Return-Path: <dwing@cisco.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 614ED21F8858 for <mmusic@ietfa.amsl.com>; Thu, 28 Feb 2013 14:51:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.218
X-Spam-Level:
X-Spam-Status: No, score=-110.218 tagged_above=-999 required=5 tests=[AWL=0.381, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TO7WOoUGlu-Y for <mmusic@ietfa.amsl.com>; Thu, 28 Feb 2013 14:51:54 -0800 (PST)
Received: from mtv-iport-4.cisco.com (mtv-iport-4.cisco.com [173.36.130.15]) by ietfa.amsl.com (Postfix) with ESMTP id 751B521F884F for <mmusic@ietf.org>; Thu, 28 Feb 2013 14:51:52 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1799; q=dns/txt; s=iport; t=1362091912; x=1363301512; h=from:to:references:in-reply-to:subject:date:message-id: mime-version:content-transfer-encoding; bh=eAt65xz6FdnKaQ8Jh4IT8cEmrxczrubbuxN9Tpg/oFo=; b=fnJ5aCswv4mXqUDOMoFA2ls5OzG5G0kCzAPhGbEL4xzTgFnywWLY5Lju wESlb8KQYsWyaib++/fJmJ9ZKJbaqzIDeTxvN+hbxjcneTeV0Hr4Ad7K3 VAlp0ZVH8sJda6wBiL27CECoK7KYleGbKE6KJ+SMW/hzOyMWwWt4DKYCi Y=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgEFAOzdL1GrRDoH/2dsb2JhbABFwjN9FnOCHwEBAQMBAQEBBQIwLQcQBwEDAgkRBAEBKAcZDh8JCAIEARILBYd9BQ3BNASPCRIGgzoDiGqFLYgqkGqDKQ
X-IronPort-AV: E=Sophos;i="4.84,757,1355097600"; d="scan'208";a="73652360"
Received: from mtv-core-2.cisco.com ([171.68.58.7]) by mtv-iport-4.cisco.com with ESMTP; 28 Feb 2013 22:51:52 +0000
Received: from DWINGWS01 ([10.156.16.168]) by mtv-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r1SMpqCa016575; Thu, 28 Feb 2013 22:51:52 GMT
From: Dan Wing <dwing@cisco.com>
To: "'Dale R. Worley'" <worley@ariadne.com>, mmusic@ietf.org
References: <201302272158.r1RLw6t72679355@shell01.TheWorld.com>
In-Reply-To: <201302272158.r1RLw6t72679355@shell01.TheWorld.com>
Date: Thu, 28 Feb 2013 14:51:52 -0800
Message-ID: <0ed301ce1606$33062a60$99127f20$@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQH1cqWZvkvgjV7WYvae28mXmIpmPJhBJTxg
Content-Language: en-us
Subject: Re: [MMUSIC] Where to apply encryption?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2013 22:52:01 -0000
> -----Original Message----- > From: mmusic-bounces@ietf.org [mailto:mmusic-bounces@ietf.org] On Behalf > Of Dale R. Worley > Sent: Wednesday, February 27, 2013 1:58 PM > To: mmusic@ietf.org > Subject: [MMUSIC] Where to apply encryption? > > Current bundling proposals seem to expect that the packets on the wire > will be either SRTP/SRTCP or SCTP-within-DTLS. Of course, this provides > encryption of the carried media. > > But it seems to me that it would be more straightforward to multiplex > RTP/RTCP and SCTP packets, and than as a lower layer, have one DTLS > association that encrypts all of those packets indifferently. It would > also provide privacy regarding the number and types of the bundled media > streams. SRTP (RFC3711) was carefully and purposefully designed so the RTP header remains in the clear, and DTLS-SRTP was also purposefully designed so after the DTLS-SRTP handshake establishes the SRTP keys, the SRTP packets flow over the wire exactly like they would for any other keying mechanism (ZRTP, MIKEY-*, Security Descriptions). By sending SRTP packets with their RTP header in the clear, it allows: * the RTP header to be compressed (cRTP [RFC2508], ECRTP [RFC3545]) * analysis devices to see where, on a network path, SRTP packets are lost, delayed, or get mis-ordered. * analysis devices to see SRTCP receiver reports and sender reports, which are typically authenticated but in the clear. > But my knowledge of crypto is thin, and maybe there's a reason that > using one DTLS association to encrypt the multiplexed packet stream > wouldn't work as well. -d > Dale > _______________________________________________ > mmusic mailing list > mmusic@ietf.org > https://www.ietf.org/mailman/listinfo/mmusic
- [MMUSIC] Where to apply encryption? Dale R. Worley
- Re: [MMUSIC] Where to apply encryption? Martin Thomson
- Re: [MMUSIC] Where to apply encryption? Richard Barnes
- Re: [MMUSIC] Where to apply encryption? Dan Wing