IETF Logo Mail Archive

Re: [rtcweb] SRTP DTLS - SIPit

"Olle E. Johansson" <oej@edvina.net> Thu, 12 January 2012 10:06 UTC

Return-Path: <oej@edvina.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCE4521F84E4 for <rtcweb@ietfa.amsl.com>; Thu, 12 Jan 2012 02:06:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.334
X-Spam-Level:
X-Spam-Status: No, score=-2.334 tagged_above=-999 required=5 tests=[AWL=0.265, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WMc4eXrR4VaP for <rtcweb@ietfa.amsl.com>; Thu, 12 Jan 2012 02:06:03 -0800 (PST)
Received: from smtp7.webway.se (smtp7.webway.se [IPv6:2a02:920:212e::205]) by ietfa.amsl.com (Postfix) with ESMTP id 2966121F84E1 for <rtcweb@ietf.org>; Thu, 12 Jan 2012 02:06:02 -0800 (PST)
Received: from [192.168.40.4] (unknown [87.96.134.129]) by smtp7.webway.se (Postfix) with ESMTPA id D897D754A8A2; Thu, 12 Jan 2012 10:05:59 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset="us-ascii"
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <CAOJ7v-1ebrK6V4y3s1mp4mVc_erwa5WHuvKrvutFb3CvV9SCtA@mail.gmail.com>
Date: Thu, 12 Jan 2012 11:05:59 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <1A996A85-7CE8-4768-B1AE-168F33145135@edvina.net>
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com> <CAKhHsXHnT2p7yncha5-BQ=-Lzk3-N+tuijM-UqwfP1mPUi173A@mail.gmail.com> <BLU152-W1140980759D89AC3C1D0CA93940@phx.gbl> <CA+9kkMBdX7YT1tPj5M3VrzAPKa6tXNGZVvvhjW9V4oOEC7g_kA@mail.gmail.com> <CAOJ7v-1_qMoHBb3K7rV=hG9EadqL=xn4KEdG0zdWnKZU9_TipQ@mail.gmail.com> <4AEFFC17-EF17-40F2-B83B-0B0CC44AD2C3@cisco.com> <CAKhHsXEes+Lf+uKdTrjXoy+3PMy2uNumNL-W-0s4_xRXW6FiZg@mail.gmail.com> <4F0CAC8C.8010203@wonderhamster.org> <1D062974A4845E4D8A343C6538049202074ABD3A@XMB-BGL-414.cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCF907@inba-mail02.sonusnet.com> <CALiegfkejnU2rTe-FibUVxTrRS9SivkhGXB5eK+FhD8Vu6iTMA@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCF9FC@inba-mail02.sonusnet.com> <CALiegfn07bS58B+4ZyzRTnO4LCpw1e96dnqpSM+TT1y3QG2Zwg@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCFBC1@inba-mail02.sonusnet.com> <CAOJ7v-20+yL7r+_ODx_czHTiujXZZWESaZRB7MQjhvScg3RFtw@mail.gmail.com> <4F0DFD0B.2000009@jesup.o rg> <BLU152-W526C0352986D38A33C020E939E0@phx.gbl> <CAOJ7v-1ebrK6V4y3s1mp4mVc_erwa5WHuvKrvutFb3CvV9SCtA@mail.gmail.com>
To: Justin Uberti <juberti@google.com>
X-Mailer: Apple Mail (2.1251.1)
Cc: randell-ietf@jesup.org, rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP DTLS - SIPit
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2012 10:06:03 -0000

12 jan 2012 kl. 00:14 skrev Justin Uberti:

> The SIPIt reports note progress on SDES implementation, but DTLS/SRTP
> not so much, and integrating DTLS/SRTP within RTCWEB would require more
> work beyond what is available in SIP DTLS/SRTP implementations today. 
> As a result, I am more inclined toward Justin's proposal for RTCWEB v1.0
> (assuming that the questions are answered). 

When asking implementers at SIPit I have gotten a lot of people pointing to not ready implementations in GnutTLS and OpenSSL (still in beta). Talking with an OpenSSL developer a few days ago, I was clearly informed that OpenSSL DTLS support is ready for implementation, no reason to wait.

Another reason I heard mostly from hardware device vendors was that the chips vendors lack support of DTLS.

I think it's mostly a question of lack of customer demand. If people realize that the encryption keys are more or less distributed without control with SDES, this will not be accepted. A secure IP-telephony project in germany went for ZRTP because they could not accept SDES and hardware phone vendors did not want to fix DTLS even if they was offered orders of a quantity of phones...

With all the implementations listed in this thread I think we can have successful tests of DTLS-srtp at the next SIPit event. Remember that we had very few participants at SIPit in Monaco, so using that report as statistical evidence is propably not a good thing.

/O

v2.23.0 | Report a Bug | By Email