IETF Logo Mail Archive

Re: [rtcweb] SRTP mandatory to implement versus mandatory to use

Bernard Aboba <bernard_aboba@hotmail.com> Wed, 09 November 2011 01:25 UTC

Return-Path: <bernard_aboba@hotmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CF9A1F0C4F for <rtcweb@ietfa.amsl.com>; Tue, 8 Nov 2011 17:25:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.531
X-Spam-Level:
X-Spam-Status: No, score=-102.531 tagged_above=-999 required=5 tests=[AWL=0.067, BAYES_00=-2.599, HTML_MESSAGE=0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OQ+7Md0A1Gr0 for <rtcweb@ietfa.amsl.com>; Tue, 8 Nov 2011 17:25:15 -0800 (PST)
Received: from blu0-omc3-s37.blu0.hotmail.com (blu0-omc3-s37.blu0.hotmail.com [65.55.116.112]) by ietfa.amsl.com (Postfix) with ESMTP id EB9461F0C3B for <rtcweb@ietf.org>; Tue, 8 Nov 2011 17:25:14 -0800 (PST)
Received: from BLU152-W34 ([65.55.116.74]) by blu0-omc3-s37.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 8 Nov 2011 17:25:13 -0800
Message-ID: <BLU152-W34F446F5422FC87C4B007293DF0@phx.gbl>
Content-Type: multipart/alternative; boundary="_6f9615c1-c543-4be7-9000-21883a008e83_"
X-Originating-IP: [131.107.0.94]
From: Bernard Aboba <bernard_aboba@hotmail.com>
To: rtcweb@ietf.org, Magnus Westerlund <magnus.westerlund@ericsson.com>
Date: Tue, 08 Nov 2011 17:25:13 -0800
Importance: Normal
In-Reply-To: <4EB2A58E.1040000@jesup.org>
References: <4EB26945.40607@ericsson.com>,<4EB2A58E.1040000@jesup.org>
MIME-Version: 1.0
X-OriginalArrivalTime: 09 Nov 2011 01:25:13.0820 (UTC) FILETIME=[6E29C1C0:01CC9E7E]
Subject: Re: [rtcweb] SRTP mandatory to implement versus mandatory to use
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 01:25:16 -0000

I support SRTP being "mandatory to implement" but not "mandatory to use".  With respect to mandating a keying mechanism, I would point out the arguments in the following document: http://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory It appears that the arguments made in this document also apply to RTCWEB in that many (though not all) of the use cases mentioned there are also to be supported by RTCWEB, potentially leading to disparate keying requirements.   2.  RTP Applications and Deployment Scenarios

   The range of application and deployment scenarios where RTP has been



Perkins & Westerlund       Expires May 3, 2012                  [Page 3]
    used includes, but is not limited to, the following:

   o  Point-to-point voice telephony (fixed and wireless networks)

   o  Point-to-point voice and video conferencing

   o  Centralised group video conferencing with a multipoint conference
      unit (MCU)

   o  Any Source Multicast video conferencing (light-weight sessions;
      Mbone conferencing)

   o  Point-to-point streaming audio and/or video

   o  Source-specific multicast (SSM) streaming to large group (IPTV and
      3GPP Multimedia Broadcast Multicast Service (MBMS) [MBMS])

   o  Replicated unicast streaming to a group

   o  Interconnecting components in music production studios and video
      editing suites

   o  Interconnecting components of distributed simulation systems

   o  Streaming real-time sensor data

   As can be seen, these scenarios vary from point-to-point to very
   large multicast groups, from interactive to non-interactive, and from
   low bandwidth (kilobits per second) to very high bandwidth (multiple
   gigabits per second).  While most of these applications run over UDP
   [RFC0768], some use TCP [RFC0793], [RFC4614] or DCCP [RFC4340] as
   their underlying transport.  Some run on highly reliable optical
   networks, others use low rate unreliable wireless networks.  Some
   applications of RTP operate entirely within a single trust domain,
   others are inter-domain, with untrusted (and potentially unknown)
   users.  The range of scenarios is wide, and growing both in number
   and in heterogeneity.


3.  Implications for RTP Security

   The wide range of application scenarios where RTP is used has led to
   the development of multiple solutions for securing RTP media streams
   and RTCP control messages, considering different requirements.
   Perhaps the most widely applicable of these solutions is the Secure
   RTP (SRTP) framework [RFC3711].  This is an application-level media
   security solution, encrypting the media payload data (but not the RTP
   headers) to provide some degree of confidentiality, and providing   optional source origin authentication.  It was carefully designed to
   be both low overhead, and to support the group communication features
   of RTP, across a range of networks.

   SRTP is not the only media security solution in use, however, and
   alternatives are more appropriate for some scenarios.  For example,
   many client-server streaming media applications can run over a single
   TCP connection, multiplexing media data with control information on
   that connection (RTSP [I-D.ietf-mmusic-rfc2326bis] is a widely used
   example of such a protocol).  One way to provide media security for
   such client-server media applications is to use TLS [RFC5246] to
   protect the TCP connection, sending the RTP media data over the TLS
   connection.  Using the SRTP framework in addition to TLS is
   unnecessary, and would result in double encryption of the media, and
   SRTP cannot be used instead of TLS since it is RTP-specific, and so
   cannot protect the control traffic.

   Other RTP use cases work over networks which provide security at the
   network layer, using IPsec.  For example, certain 3GPP networks need
   IPsec security associations for other purposes, and can reuse those
   to secure the RTP session [TS-33210].  SRTP is, again, unnecessary in
   such environments, and its use would only introduce overhead for no
   gain.

   For some applications it is sufficient to protect the RTP payload
   data while leaving RTP, transport, and network layer headers
   unprotected.  An example of this is RTP broadcast over DVB-H
   [ETSI.TS.102.474], where one mode of operation uses ISMA Cryp 2.0
   [ISMA] to encrypt the RTP payload data only.

   All these are application scenarios where RTP has seen commercial
   deployment.  Other use cases exist, with additional requirements.
   For example, if the media transport is done over UDP [RFC0768], DCCP
   [RFC4340] or SCTP [RFC4960], then using DTLS [RFC4347] to protect the
   whole RTP packets is an option.  There is no media security protocol
   that is appropriate for all these environments.  Accordingly,
   multiple RTP media security protocols can be expected to remain in
   wide use.


4.  Implications for Key Management

   With such a diverse range of use cases come a range of different
   protocols for RTP session establishment.  Mechanisms used to provide
   security keying for these different session establishment protocols
   can basically be put into two categories: inband and out-of-band in
   relation to the session establishment mechanism.  The requirements
   for these solutions are highly varying.  Thus a wide range of
  solutions have been developed in this space:

   o  A common use case for RTP is probably point-to-point voice calls
      or centralised group conferences, negotiated using SIP [RFC3261]
      with the SDP offer/answer model [RFC3264], operating on a trusted
      infrastructure.  In such environments, SDP security descriptions
      [RFC4568], or the MIKEY [RFC3830] protocol using the Key
      Management Extensions for SDP [RFC4567], are appropriate keying
      mechanisms, where the keying messages/material are embedded in the
      SDP [RFC4566] exchange.  The infrastructure may be secured by
      protecting the SDP exchange in SIP using TLS or S/MIME, for
      example [RFC3261].  Protocols such as DTLS-SRTP [RFC5764] or ZRTP
      [RFC6189] are also appropriate in such environments.

   o  Point-to-point RTP sessions may be negotiated using SIP with the
      offer/answer model, but operating over a network with untrusted
      infrastructure.  In such environments, the key management protocol
      can be run on the media path, bypassing the untrusted
      infrastructure.  Protocols such as DTLS-SRTP [RFC5764] or ZRTP
      [RFC6189] are useful here, as are inband mechanism that protect
      the keying material such as MIKEY [RFC3830] using the Key
      Management Extensions for SDP [RFC4567].  It should be noted that
      the end-points for all the above mechanisms must prevent total
      downgrade to no security for the RTP media streams.

   o  For point-to-point client-server streaming of RTP over RTSP, a TLS
      association is appropriate to manage keying material, in much the
      same manner as would be used to secure an HTTP session.  But also
      using SRTP with DTLS-SRTP keying or DTLS are appropriate choices.

   o  A session description may be sent by email, secured using S/MIME
      or PGP, or retrieved from a web page, using HTTP with TLS.

   o  A session description may be distributed to a multicast group
      using SAP or FLUTE secured with S/MIME.

   o  A session description may be distributed using the Open Mobile
      Alliance DRM key management specification [OMA-DRM] when using a
      point-to-point streaming session setup with RTSP in the 3GPP PSS
      environment [PSS].

   o  In the 3GPP Multimedia Broadcast Multicast Service (MBMS) system,
      HTTP and MIKEY are used for key management [MBMS-SEC].

   A more detailed survey of requirements for media security management
   protocols can be found in [RFC5479].  As can be seen, the range of
   use cases is wide, and there is no single protocol that is
   appropriate for all scenarios.  These solutions have been further  diversified by the existence of infrastructure elements such as
   authentication solutions that are tied into the key management.
     Magnus said:  "Yes, we haven't spent much time on the security consideration section
yet. "A mandatory to implement media security solution will be required
to be picked" is pointer at this WG not the implementor.

I would also point at our Charter that in its last paragraph says:
"The products of the working group will support security and keying as
required by BCP 61"

If you haven't read BCP 61 you probably should. It is basically says two
things. IETF should pick strong security and it shall be MANDATORY to
IMPLEMENT. I at least as chair will ensure that we have fulfilled this.
And that means for RTP not only encryption and integrity protection,
probably SRTP, but also a keying method.

Yes, we (authors of draft-ietf-rtcweb-rtp-usage) will write that SRTP is
a MUST implement as soon as we have that consensus established. But we
will need a keying scheme also and determine where it should be documented.

Cheers

Magnus Westerlund
"

v2.23.0 | Report a Bug | By Email