IETF Logo Mail Archive

Re: [rtcweb] SRTP not mandatory-to-use

Bernard Aboba <bernard_aboba@hotmail.com> Wed, 11 January 2012 23:07 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4F9E021F86E1 for <rtcweb@ietfa.amsl.com>; Wed, 11 Jan 2012 15:07:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.314
X-Spam-Level:
X-Spam-Status: No, score=-102.314 tagged_above=-999 required=5 tests=[AWL=0.284, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8kM837gTkywq for <rtcweb@ietfa.amsl.com>; Wed, 11 Jan 2012 15:07:56 -0800 (PST)
Received: from blu0-omc1-s23.blu0.hotmail.com (blu0-omc1-s23.blu0.hotmail.com [65.55.116.34]) by ietfa.amsl.com (Postfix) with ESMTP id 554C421F863C for <rtcweb@ietf.org>; Wed, 11 Jan 2012 15:07:55 -0800 (PST)
Received: from BLU152-W62 ([65.55.116.7]) by blu0-omc1-s23.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 11 Jan 2012 15:07:54 -0800
Message-ID: <BLU152-W62B3148D9899099ED240D1939E0@phx.gbl>
Content-Type: multipart/alternative; boundary="_ae02beed-4598-4a98-b1d3-6e5047b1c382_"
X-Originating-IP: [24.17.217.162]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: roman@telurix.com, randell-ietf@jesup.org
Date: Wed, 11 Jan 2012 15:07:54 -0800
Importance: Normal
In-Reply-To: <CAD5OKxsOqzXDz3WYhLejDtB-zGUcZYMCApHxPyU3XV++_RZhBg@mail.gmail.com>
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com>, <CAKhHsXHnT2p7yncha5-BQ=-Lzk3-N+tuijM-UqwfP1mPUi173A@mail.gmail.com>, <BLU152-W1140980759D89AC3C1D0CA93940@phx.gbl>, <CA+9kkMBdX7YT1tPj5M3VrzAPKa6tXNGZVvvhjW9V4oOEC7g_kA@mail.gmail.com>, <CAOJ7v-1_qMoHBb3K7rV=hG9EadqL=xn4KEdG0zdWnKZU9_TipQ@mail.gmail.com>, <4AEFFC17-EF17-40F2-B83B-0B0CC44AD2C3@cisco.com>, <CAKhHsXEes+Lf+uKdTrjXoy+3PMy2uNumNL-W-0s4_xRXW6FiZg@mail.gmail.com>, <4F0CAC8C.8010203@wonderhamster.org>, <1D062974A4845E4D8A343C6538049202074ABD3A@XMB-BGL-414.cisco.com>, <387F9047F55E8C42850AD6B3A7A03C6C01DCF907@inba-mail02.sonusnet.com>, <CALiegfkejnU2rTe-FibUVxTrRS9SivkhGXB5eK+FhD8Vu6iTMA@mail.gmail.com>, <387F9047F55E8C42850AD6B3A7A03C6C01DCF9FC@inba-mail02.sonusnet.com>, <CALiegfn07bS58B+4ZyzRTnO4LCpw1e96dnqpSM+TT1y3QG2Zwg@mail.gmail.com>, <387F9047F55E8C42850AD6B3A7A03C6C01DCFBC1@inba-mail02.sonusnet.com>, <CAOJ7v-20+yL7r+_ODx_czHTiujXZZWESaZRB7MQjhvScg3RFtw@mail.gmail.com>, <4F0DFD0B.2000009@jesup.org>, <CAD5OK xsOqzXDz 3WYhLejDtB-zGUcZYMCApHxPyU3XV++_RZhBg@mail.gmail.com>
MIME-Version: 1.0
X-OriginalArrivalTime: 11 Jan 2012 23:07:54.0857 (UTC) FILETIME=[D9CBC590:01CCD0B5]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP not mandatory-to-use
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jan 2012 23:07:57 -0000


Romain said:

"Can you name a single soft-phone, hard-phone, SBC, or gateway that currently supports DTLS-SRTP? "

[BA] Yes, I can name a single implementation shipping in commercial products :)  However, for ZRTP, I believe there are multiple (independent?) implementations.  

Romain also said:

"The reason I am asking is libsrtp, despite being widely used, is extremely buggy (last official release for instance crashes with GPF), and does not even provide full DES-SRTP implementation (no F8_128_HMAC_SHA1_8 support).


As far as DTLS (non-SRTP) implementations are concerned, can anybody provide an indication on how widely they are used? I know that OpenSSL supported DTLS for a while, but what commonly used software is using this?"

[BA] DTLS is not supported within Windows 7 or Windows Phone 7.5.  Overall, I would say that DTLS is not widely used at the moment, though I do think it's fair to say that interest is increasing. 


Finally, Romain said:

"Also, what would be the impact of adding DTLS to SBC? It would be interesting to hear from SBC implementers before decision is made.

How many additional round trips does DTLS require for connection setup? Are we planning to support certificate validation?"

[BA] By "certificate validation" do you mean PKI support?  Or are we talking about something along the lines of what is in SIP DTLS/SRTP or the RTCWEB security draft Appendix (e.g. support for self-signed certs and fingerprint validation)?

v2.23.0 | Report a Bug | By Email