IETF Logo Mail Archive

Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros and cons)

Miika Komu <miika@iki.fi> Sun, 23 December 2007 21:01 UTC

Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J6XwX-0002Ig-RY; Sun, 23 Dec 2007 16:01:05 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J6XwW-0002IX-8o for p2psip@ietf.org; Sun, 23 Dec 2007 16:01:04 -0500
Received: from twilight.cs.hut.fi ([130.233.40.5]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J6XwU-0003Yr-0H for p2psip@ietf.org; Sun, 23 Dec 2007 16:01:04 -0500
Received: by twilight.cs.hut.fi (Postfix, from userid 60001) id 0C5452F1B; Sun, 23 Dec 2007 23:01:01 +0200 (EET)
X-Spam-Checker-Version: SpamAssassin 3.2.3-niksula20070810 (2007-08-08) on twilight.cs.hut.fi
X-Spam-Level:
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled version=3.2.3-niksula20070810
X-Spam-Niksula: No
Received: from kekkonen (kekkonen.cs.hut.fi [130.233.41.50]) by twilight.cs.hut.fi (Postfix) with ESMTP id 7A0E12EDE; Sun, 23 Dec 2007 23:00:52 +0200 (EET)
Date: Sun, 23 Dec 2007 23:00:52 +0200
From: Miika Komu <miika@iki.fi>
X-X-Sender: mkomu@kekkonen.cs.hut.fi
To: Eric Rescorla <ekr@networkresonance.com>
Subject: Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros and cons)
In-Reply-To: <20071218084807.4047C33C69@delta.rtfm.com>
Message-ID: <Pine.SOL.4.64.0712232239250.25393@kekkonen.cs.hut.fi>
References: <476697F2.4080903@uni-tuebingen.de> <0F3808C7-7BFA-4874-8105-A7AE3F4606A5@magma.ca> <20071218084807.4047C33C69@delta.rtfm.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464
Cc: Henry Sinnreich <hsinnrei@adobe.com>, Philip Matthews <philip_matthews@magma.ca>, P2PSIP Mailing List <p2psip@ietf.org>
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org

On Tue, 18 Dec 2007, Eric Rescorla wrote:

> At Mon, 17 Dec 2007 17:30:24 -0500,
> Philip Matthews wrote:
>> In all three proposals, media packets would flow directly between the
>> X and Y, and not hop-by-hop around the overlay. So when ESP was used,
>> there would be no need to use STRP for media, or TLS or DTLS for
>> signaling.
>
> This is arguably a bug, not a feature.
>
> SRTP was explicitly designed to have very low overhead: just the
> bits of the authentication tag itself, with no header, etc. The
> rationale for this design was that RTP packets tend to be very
> small and so the overhead for the header, IV, etc. was significant.
> In cases where that type of constraint applies, then wrapping the
> RTP in ESP would be bad.

I think the difference is around 18 bytes:

http://dasan.sejong.ac.kr/~wisa04/ppt/1A1.ppt

In practice, the difference is insignificant according to these results:

Bilien et at: Secure VoIP: call establishment and media protection:
http://www.minisip.org/publications/secvoip-minisip-camera.pdf

Currently, all three (public) HIP implementations support BEET-mode-ESP by 
default. It has exactly the same byte overhead as transport mode.

-- 
Miika Komu                                       http://www.iki.fi/miika/

_______________________________________________
P2PSIP mailing list
P2PSIP@ietf.org
https://www1.ietf.org/mailman/listinfo/p2psip

v2.23.0 | Report a Bug | By Email