IETF Logo Mail Archive

Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros and cons)

Eric Rescorla <ekr@networkresonance.com> Sun, 23 December 2007 21:33 UTC

Return-path: <p2psip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1J6YSJ-00046L-A9; Sun, 23 Dec 2007 16:33:55 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1J6YSI-00046G-6t for p2psip@ietf.org; Sun, 23 Dec 2007 16:33:54 -0500
Received: from [74.95.2.173] (helo=romeo.rtfm.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1J6YSH-00049f-LY for p2psip@ietf.org; Sun, 23 Dec 2007 16:33:54 -0500
Received: from romeo.rtfm.com (localhost.rtfm.com [127.0.0.1]) by romeo.rtfm.com (Postfix) with ESMTP id 979885081A; Sun, 23 Dec 2007 13:33:31 -0800 (PST)
Date: Sun, 23 Dec 2007 13:33:31 -0800
From: Eric Rescorla <ekr@networkresonance.com>
To: Miika Komu <miika@iki.fi>
Subject: Re: [P2PSIP] HIP vs. TLS/DTLS/SRTP (was HIP pros and cons)
In-Reply-To: <Pine.SOL.4.64.0712232239250.25393@kekkonen.cs.hut.fi>
References: <476697F2.4080903@uni-tuebingen.de> <0F3808C7-7BFA-4874-8105-A7AE3F4606A5@magma.ca> <20071218084807.4047C33C69@delta.rtfm.com> <Pine.SOL.4.64.0712232239250.25393@kekkonen.cs.hut.fi>
User-Agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset="US-ASCII"
Message-Id: <20071223213331.979885081A@romeo.rtfm.com>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034
Cc: P2PSIP Mailing List <p2psip@ietf.org>, Henry Sinnreich <hsinnrei@adobe.com>, Philip Matthews <philip_matthews@magma.ca>
X-BeenThere: p2psip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Peer-to-Peer SIP working group discussion list <p2psip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/p2psip>
List-Post: <mailto:p2psip@ietf.org>
List-Help: <mailto:p2psip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/p2psip>, <mailto:p2psip-request@ietf.org?subject=subscribe>
Errors-To: p2psip-bounces@ietf.org

> On Tue, 18 Dec 2007, Eric Rescorla wrote:
> 
> > At Mon, 17 Dec 2007 17:30:24 -0500,
> > Philip Matthews wrote:
> >> In all three proposals, media packets would flow directly between the
> >> X and Y, and not hop-by-hop around the overlay. So when ESP was used,
> >> there would be no need to use STRP for media, or TLS or DTLS for
> >> signaling.
> >
> > This is arguably a bug, not a feature.
> >
> > SRTP was explicitly designed to have very low overhead: just the
> > bits of the authentication tag itself, with no header, etc. The
> > rationale for this design was that RTP packets tend to be very
> > small and so the overhead for the header, IV, etc. was significant.
> > In cases where that type of constraint applies, then wrapping the
> > RTP in ESP would be bad.
> 
> I think the difference is around 18 bytes:
> 
> http://dasan.sejong.ac.kr/~wisa04/ppt/1A1.ppt
> 
> In practice, the difference is insignificant according to these results:
> 
> Bilien et at: Secure VoIP: call establishment and media protection:
> http://www.minisip.org/publications/secvoip-minisip-camera.pdf

I don't see that this paper is at all relevant to the question of whether 18
bytes of per-packet overhead is significant. In any case, if you want
to argue this point, I would advise you to take it up in AVT, since
low overhead was one of the principal design considerations for
SRTP.

-Ekr

_______________________________________________
P2PSIP mailing list
P2PSIP@ietf.org
https://www1.ietf.org/mailman/listinfo/p2psip

v2.23.0 | Report a Bug | By Email