Re: [rtcweb] SRTP mandatory to implement versus mandatory to use
Bernard Aboba <bernard_aboba@hotmail.com> Sat, 12 November 2011 05:19 UTC
Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2C711F0C3C for <rtcweb@ietfa.amsl.com>; Fri, 11 Nov 2011 21:19:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.571
X-Spam-Level:
X-Spam-Status: No, score=-101.571 tagged_above=-999 required=5 tests=[AWL=1.027, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KzwyLlnyp0Xv for <rtcweb@ietfa.amsl.com>; Fri, 11 Nov 2011 21:19:20 -0800 (PST)
Received: from blu0-omc3-s3.blu0.hotmail.com (blu0-omc3-s3.blu0.hotmail.com [65.55.116.78]) by ietfa.amsl.com (Postfix) with ESMTP id 10DF41F0C3E for <rtcweb@ietf.org>; Fri, 11 Nov 2011 21:19:19 -0800 (PST)
Received: from BLU152-W53 ([65.55.116.73]) by blu0-omc3-s3.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Fri, 11 Nov 2011 21:19:14 -0800
Message-ID: <BLU152-W53224F808D417A8B09DAB793C20@phx.gbl>
Content-Type: multipart/alternative; boundary="_06e128e6-0076-409b-bedd-98521432edb6_"
X-Originating-IP: [203.69.99.16]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Date: Fri, 11 Nov 2011 21:19:13 -0800
Importance: Normal
In-Reply-To: <4EBBA102.2030600@ericsson.com>
References: <4EB26945.40607@ericsson.com>, <4EB2A58E.1040000@jesup.org> <BLU152-W34F446F5422FC87C4B007293DF0@phx.gbl>, <4EBBA102.2030600@ericsson.com>
MIME-Version: 1.0
X-OriginalArrivalTime: 12 Nov 2011 05:19:14.0237 (UTC) FILETIME=[9E249ED0:01CCA0FA]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP mandatory to implement versus mandatory to use
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Nov 2011 05:19:23 -0000
The problem is that WebRTC is not actually a single use case or "application" -- it is a framework that could be used to implement applications, including many of the unicast use cases described in the srtp-not-mandatory draft. As the srtp-not-mandatory draft points out, it is hard for one keying scheme to handle a wide range of scenarios. Even if we exclude the multicast cases, there is enough diversity in the unicast scenarios described in the use case document (e.g. point-to-point and conferencing) for the logic to still hold up. > Date: Thu, 10 Nov 2011 11:01:38 +0100 > From: magnus.westerlund@ericsson.com > To: bernard_aboba@hotmail.com > CC: rtcweb@ietf.org > Subject: Re: [rtcweb] SRTP mandatory to implement versus mandatory to use > > Hi, > > Regarding the srtp-not-mandatory draft. In the discussion I have so far > had with for example the security ADs one conclusion is that when we get > into something that is actually an application or class of applications > and when that is specified by IETF, IETF do need to pick at least one > mandatory to implement solution. > > As WebRTC is an application using RTP this becomes very applicable to > the WebRTC work. We do need to pick at least one mandatory to implement > keying mechanism. We might pick additional mandatory ones if we think > that is necessary to address the space of usages we see. I think that is > what the WG must come to consensus on. > > Cheers > > Magnus > > On 2011-11-09 02:25, Bernard Aboba wrote: > > I support SRTP being "mandatory to implement" but not "mandatory to use". > > > > With respect to mandating a keying mechanism, I would point out the > > arguments in the following document: > > > > http://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory > > > > It appears that the arguments made in this document also apply to RTCWEB > > in that many (though not all) of the use cases mentioned there are also > > to be supported by RTCWEB, potentially leading to disparate keying > > requirements. > > > > > > 2. RTP Applications and Deployment Scenarios > > > > The range of application and deployment scenarios where RTP has been > > Perkins & Westerlund Expires May 3, 2012 [Page 3] > > > > used includes, but is not limited to, the following: > > > > o Point-to-point voice telephony (fixed and wireless networks) > > > > o Point-to-point voice and video conferencing > > > > o Centralised group video conferencing with a multipoint conference > > unit (MCU) > > > > o Any Source Multicast video conferencing (light-weight sessions; > > Mbone conferencing) > > > > o Point-to-point streaming audio and/or video > > > > o Source-specific multicast (SSM) streaming to large group (IPTV and > > 3GPP Multimedia Broadcast Multicast Service (MBMS) [MBMS <http://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory-08#ref-MBMS>]) > > > > o Replicated unicast streaming to a group > > > > o Interconnecting components in music production studios and video > > editing suites > > > > o Interconnecting components of distributed simulation systems > > > > o Streaming real-time sensor data > > > > As can be seen, these scenarios vary from point-to-point to very > > large multicast groups, from interactive to non-interactive, and from > > low bandwidth (kilobits per second) to very high bandwidth (multiple > > gigabits per second). While most of these applications run over UDP > > [RFC0768 <http://tools.ietf.org/html/rfc0768>], some use TCP [RFC0793 <http://tools.ietf.org/html/rfc0793>], [RFC4614 <http://tools.ietf.org/html/rfc4614>] or DCCP [RFC4340 <http://tools.ietf.org/html/rfc4340>] as > > their underlying transport. Some run on highly reliable optical > > networks, others use low rate unreliable wireless networks. Some > > applications of RTP operate entirely within a single trust domain, > > others are inter-domain, with untrusted (and potentially unknown) > > users. The range of scenarios is wide, and growing both in number > > and in heterogeneity. > > > > > > > > > > 3. Implications for RTP Security > > > > > > > > The wide range of application scenarios where RTP is used has led to > > the development of multiple solutions for securing RTP media streams > > and RTCP control messages, considering different requirements. > > Perhaps the most widely applicable of these solutions is the Secure > > RTP (SRTP) framework [RFC3711 <http://tools.ietf.org/html/rfc3711>]. This is an application-level media > > security solution, encrypting the media payload data (but not the RTP > > headers) to provide some degree of confidentiality, and providing > > > > optional source origin authentication. It was carefully designed to > > be both low overhead, and to support the group communication features > > of RTP, across a range of networks. > > > > SRTP is not the only media security solution in use, however, and > > alternatives are more appropriate for some scenarios. For example, > > many client-server streaming media applications can run over a single > > TCP connection, multiplexing media data with control information on > > that connection (RTSP [I-D.ietf-mmusic-rfc2326bis <http://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory-08#ref-I-D.ietf-mmusic-rfc2326bis>] is a widely used > > example of such a protocol). One way to provide media security for > > such client-server media applications is to use TLS [RFC5246 <http://tools.ietf.org/html/rfc5246>] to > > protect the TCP connection, sending the RTP media data over the TLS > > connection. Using the SRTP framework in addition to TLS is > > unnecessary, and would result in double encryption of the media, and > > SRTP cannot be used instead of TLS since it is RTP-specific, and so > > cannot protect the control traffic. > > > > Other RTP use cases work over networks which provide security at the > > network layer, using IPsec. For example, certain 3GPP networks need > > IPsec security associations for other purposes, and can reuse those > > to secure the RTP session [TS-33210 <http://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory-08#ref-TS-33210>]. SRTP is, again, unnecessary in > > such environments, and its use would only introduce overhead for no > > gain. > > > > For some applications it is sufficient to protect the RTP payload > > data while leaving RTP, transport, and network layer headers > > unprotected. An example of this is RTP broadcast over DVB-H > > [ETSI.TS.102.474 <http://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory-08#ref-ETSI.TS.102.474>], where one mode of operation uses ISMA Cryp 2.0 > > [ISMA <http://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory-08#ref-ISMA>] to encrypt the RTP payload data only. > > > > All these are application scenarios where RTP has seen commercial > > deployment. Other use cases exist, with additional requirements. > > For example, if the media transport is done over UDP [RFC0768 <http://tools.ietf.org/html/rfc0768>], DCCP > > [RFC4340 <http://tools.ietf.org/html/rfc4340>] or SCTP [RFC4960 <http://tools.ietf.org/html/rfc4960>], then using DTLS [RFC4347 <http://tools.ietf.org/html/rfc4347>] to protect the > > whole RTP packets is an option. There is no media security protocol > > that is appropriate for all these environments. Accordingly, > > multiple RTP media security protocols can be expected to remain in > > wide use. > > > > > > > > > > 4. Implications for Key Management > > > > > > > > With such a diverse range of use cases come a range of different > > protocols for RTP session establishment. Mechanisms used to provide > > security keying for these different session establishment protocols > > can basically be put into two categories: inband and out-of-band in > > relation to the session establishment mechanism. The requirements > > for these solutions are highly varying. Thus a wide range of > > > > solutions have been developed in this space: > > > > o A common use case for RTP is probably point-to-point voice calls > > or centralised group conferences, negotiated using SIP [RFC3261 <http://tools.ietf.org/html/rfc3261>] > > with the SDP offer/answer model [RFC3264 <http://tools.ietf.org/html/rfc3264>], operating on a trusted > > infrastructure. In such environments, SDP security descriptions > > [RFC4568 <http://tools.ietf.org/html/rfc4568>], or the MIKEY [RFC3830 <http://tools.ietf.org/html/rfc3830>] protocol using the Key > > Management Extensions for SDP [RFC4567 <http://tools.ietf.org/html/rfc4567>], are appropriate keying > > mechanisms, where the keying messages/material are embedded in the > > SDP [RFC4566 <http://tools.ietf.org/html/rfc4566>] exchange. The infrastructure may be secured by > > protecting the SDP exchange in SIP using TLS or S/MIME, for > > example [RFC3261 <http://tools.ietf.org/html/rfc3261>]. Protocols such as DTLS-SRTP [RFC5764 <http://tools.ietf.org/html/rfc5764>] or ZRTP > > [RFC6189 <http://tools.ietf.org/html/rfc6189>] are also appropriate in such environments. > > > > o Point-to-point RTP sessions may be negotiated using SIP with the > > offer/answer model, but operating over a network with untrusted > > infrastructure. In such environments, the key management protocol > > can be run on the media path, bypassing the untrusted > > infrastructure. Protocols such as DTLS-SRTP [RFC5764 <http://tools.ietf.org/html/rfc5764>] or ZRTP > > [RFC6189 <http://tools.ietf.org/html/rfc6189>] are useful here, as are inband mechanism that protect > > the keying material such as MIKEY [RFC3830 <http://tools.ietf.org/html/rfc3830>] using the Key > > Management Extensions for SDP [RFC4567 <http://tools.ietf.org/html/rfc4567>]. It should be noted that > > the end-points for all the above mechanisms must prevent total > > downgrade to no security for the RTP media streams. > > > > o For point-to-point client-server streaming of RTP over RTSP, a TLS > > association is appropriate to manage keying material, in much the > > same manner as would be used to secure an HTTP session. But also > > using SRTP with DTLS-SRTP keying or DTLS are appropriate choices. > > > > o A session description may be sent by email, secured using S/MIME > > or PGP, or retrieved from a web page, using HTTP with TLS. > > > > o A session description may be distributed to a multicast group > > using SAP or FLUTE secured with S/MIME. > > > > o A session description may be distributed using the Open Mobile > > Alliance DRM key management specification [OMA-DRM <http://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory-08#ref-OMA-DRM>] when using a > > point-to-point streaming session setup with RTSP in the 3GPP PSS > > environment [PSS <http://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory-08#ref-PSS>]. > > > > o In the 3GPP Multimedia Broadcast Multicast Service (MBMS) system, > > HTTP and MIKEY are used for key management [MBMS-SEC <http://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory-08#ref-MBMS-SEC>]. > > > > A more detailed survey of requirements for media security management > > protocols can be found in [RFC5479 <http://tools.ietf.org/html/rfc5479>]. As can be seen, the range of > > use cases is wide, and there is no single protocol that is > > appropriate for all scenarios. These solutions have been further > > > > diversified by the existence of infrastructure elements such as > > authentication solutions that are tied into the key management. > > > > > > > > > > > > Magnus said: > > > > > > "Yes, we haven't spent much time on the security consideration section > > yet. "A mandatory to implement media security solution will be required > > to be picked" is pointer at this WG not the implementor. > > > > I would also point at our Charter that in its last paragraph says: > > "The products of the working group will support security and keying as > > required by BCP 61" > > > > If you haven't read BCP 61 you probably should. It is basically says two > > things. IETF should pick strong security and it shall be MANDATORY to > > IMPLEMENT. I at least as chair will ensure that we have fulfilled this. > > And that means for RTP not only encryption and integrity protection, > > probably SRTP, but also a keying method. > > > > Yes, we (authors of draft-ietf-rtcweb-rtp-usage) will write that SRTP is > > a MUST implement as soon as we have that consensus established. But we > > will need a keying scheme also and determine where it should be documented. > > > > Cheers > > > > Magnus Westerlund > > " > > > > > > > -- > > Magnus Westerlund > > ---------------------------------------------------------------------- > Multimedia Technologies, Ericsson Research EAB/TVM > ---------------------------------------------------------------------- > Ericsson AB | Phone +46 10 7148287 > Färögatan 6 | Mobile +46 73 0949079 > SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com > ---------------------------------------------------------------------- >
- Re: [rtcweb] State of the Forking discussion Randell Jesup
- [rtcweb] State of the Forking discussion Magnus Westerlund
- Re: [rtcweb] State of the Forking discussion Christer Holmberg
- Re: [rtcweb] State of the Forking discussion Ravindran Parthasarathi
- Re: [rtcweb] State of the Forking discussion Iñaki Baz Castillo
- Re: [rtcweb] State of the Forking discussion Hadriel Kaplan
- Re: [rtcweb] State of the Forking discussion Christer Holmberg
- Re: [rtcweb] State of the Forking discussion Cullen Jennings
- Re: [rtcweb] SRTP mandatory to implement versus m… Bernard Aboba
- Re: [rtcweb] State of the Forking discussion Christer Holmberg
- Re: [rtcweb] SRTP mandatory to implement versus m… Bernard Aboba
- Re: [rtcweb] State of the Forking discussion Cullen Jennings
- Re: [rtcweb] State of the Forking discussion Christer Holmberg
- Re: [rtcweb] SRTP mandatory to implement versus m… Magnus Westerlund