IETF Logo Mail Archive

Re: [rtcweb] Question about srtp_mki in DTLS/SRTP

Roman Shpount <roman@telurix.com> Wed, 14 January 2015 18:40 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D6271ACD09 for <rtcweb@ietfa.amsl.com>; Wed, 14 Jan 2015 10:40:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CRZrErSBa2AC for <rtcweb@ietfa.amsl.com>; Wed, 14 Jan 2015 10:40:08 -0800 (PST)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 624FF1ACD0E for <rtcweb@ietf.org>; Wed, 14 Jan 2015 10:40:08 -0800 (PST)
Received: by mail-wi0-f170.google.com with SMTP id bs8so28397065wib.1 for <rtcweb@ietf.org>; Wed, 14 Jan 2015 10:40:07 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=eJXWCClaM97J76Rgw0EP3yEvWpxdO4XIXmgRCJ/QcZc=; b=Su2SHD8Do6Cq/jTn94WhNwXP1S2/Bm/3zv5jnSAFKzeuGkf407Hj+btHRW7ZonFDng PTvU/69XlLTvFuLkAlHiM88/NLtIQiEZvI87JrcMUC2h65XG1k/xsv4RwiAopl2KFJbs 1s4+fw2B46QHfpYvUKm/k691CwgocJZh0WECmQy4ax+2mQ9WzYKW3ev7dOqJjxsF0e67 iW97t0y4gFtYAu5zbLy4nowtf3NbPW7YUsuxjUWdXwG4C7k7PX9oAPVVfkc1jtL/MjTT Qzkc3o/dB4lakafp+ChMk4RU5rr4sMJYAz8BGpUYEN5ofaSew5YjKU+/T+6K9NgSFmz7 nWcA==
X-Gm-Message-State: ALoCoQn+HnUNfjWxLjNvDbmp6ZUDVG3GtlMoRpb/gwfLxtAsv7z2gElkeJPflo4STKV1YF8K7b68
X-Received: by 10.180.103.6 with SMTP id fs6mr19278273wib.11.1421260807161; Wed, 14 Jan 2015 10:40:07 -0800 (PST)
Received: from mail-wi0-f180.google.com (mail-wi0-f180.google.com. [209.85.212.180]) by mx.google.com with ESMTPSA id ei5sm19752585wid.2.2015.01.14.10.40.06 for <rtcweb@ietf.org> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 14 Jan 2015 10:40:06 -0800 (PST)
Received: by mail-wi0-f180.google.com with SMTP id n3so12928112wiv.1 for <rtcweb@ietf.org>; Wed, 14 Jan 2015 10:40:05 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.194.2.75 with SMTP id 11mr10390479wjs.78.1421260805957; Wed, 14 Jan 2015 10:40:05 -0800 (PST)
Received: by 10.216.97.141 with HTTP; Wed, 14 Jan 2015 10:40:05 -0800 (PST)
In-Reply-To: <CANO7kWBvmvh7y=Ba2Dx34HA229Ut274RH7SbT9p11ekmi+=VZQ@mail.gmail.com>
References: <CAOW+2dvhEzAfyV51p1YWZoc41vih3TKhoArq3CGXzHvSdHEdcA@mail.gmail.com> <CANO7kWBjs4AwyTXXhOBSDqG=y9ThM=XkLyO_S1xPe3naL9za_Q@mail.gmail.com> <CAOW+2dt5k+dbxRbdodu5Sh+t6zzX0bVgXBUMnmSe+kJP2R+LLw@mail.gmail.com> <CANO7kWATfQdMapdCSDYdke+GFxh8OO6NJQob9hNQUDiASrpDtQ@mail.gmail.com> <CABkgnnV-irZn9N7WMTbvn4Vm1Ltqc7tzoCJo3_towfa6PSRwPw@mail.gmail.com> <CAD5OKxv1UnvZTkhxqc5mWnaBtm1=hagd0yreFz_A8dOs0p_P8A@mail.gmail.com> <CANO7kWBvmvh7y=Ba2Dx34HA229Ut274RH7SbT9p11ekmi+=VZQ@mail.gmail.com>
Date: Wed, 14 Jan 2015 13:40:05 -0500
Message-ID: <CAD5OKxu2X9+n5ZNvYxGZET4Pj1nACSCtb3_RXT3y4ce_f6pe5Q@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Simon Perreault <sperreault@jive.com>
Content-Type: multipart/alternative; boundary="047d7b3a834c78f06c050ca1111f"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/8XJrEjmG1mbuNRgSSTyBnxFkPjE>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Question about srtp_mki in DTLS/SRTP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jan 2015 18:40:11 -0000

On Wed, Jan 14, 2015 at 1:21 PM, Simon Perreault <sperreault@jive.com>
wrote:

>
> On Wed, Jan 14, 2015 at 12:43 PM, Roman Shpount <roman@telurix.com> wrote:
>
>> Yes, SRTP doesn't carry the epoch and trial decryption sucks, so the
>>> MKI is quite attractive... if you rekey.  However, as it stands, very
>>> few implementations will permit a DTLS re-handshake.  Firefox and
>>> Chrome actively disable renegotiation (desktop Chrome anyway, I'm not
>>> 100% on the BoringSSL-based versions, like Android).
>>>
>>>
>> You can handle the key transition based on the SRTP sequence numbers. Not
>> the greatest thing but it does work.
>>
>
> Please explain.
>
>
You can use the old key, until the first SRTP packet fails to verify, try
to verify the SRTP packet using new key and record sequence number for this
SSRC as the first sequence for which new key is used. For all subsequent
packets use the new SRTP key. For all previous -- repeat the above process.
This should work in the absence of MKI. At the end of the day this is
simply optimization of trying to decode using multiple keys. You do need to
maintain the list of old keys, time them out, and keep the sequence numbers
for each SSRC where you start using each key.

_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email