Re: [rtcweb] SRTP not mandatory-to-use
"Olle E. Johansson" <oej@edvina.net> Thu, 05 January 2012 20:35 UTC
Return-Path: <oej@edvina.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAEF121F8870 for <rtcweb@ietfa.amsl.com>; Thu, 5 Jan 2012 12:35:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.007
X-Spam-Level:
X-Spam-Status: No, score=-1.007 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, J_CHICKENPOX_16=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QPZdqZEd6cm2 for <rtcweb@ietfa.amsl.com>; Thu, 5 Jan 2012 12:35:00 -0800 (PST)
Received: from smtp7.webway.se (smtp7.webway.se [IPv6:2a02:920:212e::205]) by ietfa.amsl.com (Postfix) with ESMTP id D7A5421F85D0 for <rtcweb@ietf.org>; Thu, 5 Jan 2012 12:34:58 -0800 (PST)
Received: from [192.168.40.4] (unknown [87.96.134.129]) by smtp7.webway.se (Postfix) with ESMTPA id C83DD754A8A3; Thu, 5 Jan 2012 20:34:56 +0000 (UTC)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset="iso-8859-1"
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <BLU152-W533F1DA98B3F04C5EC142E93970@phx.gbl>
Date: Thu, 05 Jan 2012 08:54:56 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <FCADD9FB-D187-421D-B203-934DD456369E@edvina.net>
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com>, <CABcZeBOeg-O+6===5tk0haxC8nLxUQyEUFRES2FAoFEf00fKng@mail.gmail.com>, <CAErhfrxTKdo7Z+61x5ZcDt5ZM7C7ob5LNxMzwng_kk3Uqrp2_Q@mail.gmail.com>, <4F01A790.4060704@alvestrand.no>, <4F02A061.60905@jesup.org>, <E44893DD4E290745BB608EB23FDDB762141EF8@008-AM1MPN1-042.mgdnok.nokia.com>, <4F035DD5.3050305@jesup.org>, <CAOJ7v-1dziaA_ePCuMxjn6uhBgOH=ZVybUmLBwQi5qiuyOzDMA@mail.gmail.com>, <BLU152-W469B2EB104C104547FC42393960@phx.gbl>, <CA+9kkMBwyUMAdDyQaYZBx0NYvoe3RV+VVKxzqNCC5Ui6xNdsOA@mail.gmail.com> <BLU152-W533F1DA98B3F04C5EC142E93970@phx.gbl>
To: Bernard Aboba <bernard_aboba@hotmail.com>
X-Mailer: Apple Mail (2.1251.1)
Cc: randell-ietf@jesup.org, rtcweb@ietf.org
Subject: Re: [rtcweb] SRTP not mandatory-to-use
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2012 20:35:00 -0000
4 jan 2012 kl. 01:28 skrev Bernard Aboba: > > Ted Hardie said: > > > I'm a little lost. In a gateway implemented in a back-to-back user > > agent, won't you end up with the same illusion? > > > > The case I think you're talking about is this: > > > > UA--1<-Connection1->B2BUA/Gateway<-Connection-2->UA-2 > > > > Do you expect that the gateway would be refuse to use SRTP on one side > > if it intended not to use it on the other? > > > [BA] If the SBC needed to enable communication with a legacy endpoint, then it > might want to negotiate security compatible with that endpoint. > > Today there are PSTN gateways that support SRTP with SDES, but interop is > frequently an issue (I've had to debug interop issues countless times), so > I've often had to advise customers to turn SRTP off until an issue was resolved. Interoperability with SRTP has been an issue at several SIPits. But we do see a change, we see huge improvements in the number of successful interoperability tests. From the summary of the latest SIPit: "** SRTP All implementations supported SDES for SRTP key exchange. Good interop with many different combinations of endpoints. Some calls were left up for an extended period so that sequence number wrapping and roc increments were tested. Once the roc had changed the call was put on hold and resumed with success. In this situation new RTP streams with different SSRCs were created and the sequence number/roc combination re-generated thus proving that support for multiple SRTP contexts exists. Debate surrounding how to signal 'best-effort crypto' continues. Some implementations choose to advertise RTP/AVP with a=crypto attributes and then go crypto if answer also has them and non-crypto if they do not. RTP/SAVP is used to signal the desire for mandatory crypto. Another approach observed was to repeat the same media line twice, once for crypto and once for non-crypto and rely on the receiving end to only accept one of them and port reject the other. In this case both m-lines had the same port number and payload number descriptions so if a receiving end accepted both then the originator would have no clue as to whether it was receiving crypto or non-crypto traffic." https://www.sipit.net/SIPit29_summary The first time I personally tested SRTP at SIpit we couldn't get any calls through across vendor boundaries... We will have to bring Webrtc to SIPit for testing :-) /O
- Re: [rtcweb] SRTP not mandatory-to-use Xavier Marjou
- [rtcweb] SRTP not mandatory-to-use Xavier Marjou
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Iñaki Baz Castillo
- Re: [rtcweb] SRTP not mandatory-to-use Markus.Isomaki
- Re: [rtcweb] SRTP not mandatory-to-use Xavier Marjou
- Re: [rtcweb] SRTP not mandatory-to-use Igor Faynberg
- Re: [rtcweb] SRTP not mandatory-to-use Roy, Radhika R USA CIV (US)
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Harald Alvestrand
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Markus.Isomaki
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Justin Uberti
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Ted Hardie
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Alan Johnston
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Ted Hardie
- Re: [rtcweb] SRTP not mandatory-to-use Ted Hardie
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Justin Uberti
- Re: [rtcweb] SRTP not mandatory-to-use Olle E. Johansson
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Stefan Hakansson LK
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Harald Alvestrand
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Cullen Jennings
- Re: [rtcweb] SRTP not mandatory-to-use Kevin P. Fleming
- Re: [rtcweb] SRTP not mandatory-to-use Alan Johnston
- Re: [rtcweb] SRTP not mandatory-to-use Ted Hardie
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Spencer Dawkins
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Muthu Arul Mozhi Perumal (mperumal)
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Iñaki Baz Castillo
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Iñaki Baz Castillo
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Justin Uberti
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Bernard Aboba
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Justin Uberti
- Re: [rtcweb] SRTP not mandatory-to-use Justin Uberti
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- [rtcweb] JSEP draft query [was RE: SRTP not manda… Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Cullen Jennings
- [rtcweb] state of libsrtp maintenance? (Re: SRTP … Harald Alvestrand
- Re: [rtcweb] JSEP draft query [was RE: SRTP not m… Harald Alvestrand
- Re: [rtcweb] SRTP DTLS - SIPit Olle E. Johansson
- Re: [rtcweb] JSEP draft query [was RE: SRTP not m… Ravindran, Parthasarathi
- Re: [rtcweb] SRTP not mandatory-to-use Ravindran, Parthasarathi
- Re: [rtcweb] state of libsrtp maintenance? (Re: S… Roman Shpount
- Re: [rtcweb] state of libsrtp maintenance? (Re: S… Eric Rescorla
- Re: [rtcweb] SRTP DTLS - SIPit Eric Rescorla
- Re: [rtcweb] SRTP DTLS - SIPit Hannes Tschofenig
- Re: [rtcweb] state of libsrtp maintenance? (Re: S… Roman Shpount
- Re: [rtcweb] SRTP not mandatory-to-use Oscar Ohlsson
- Re: [rtcweb] state of libsrtp maintenance? (Re: S… Randell Jesup
- Re: [rtcweb] SRTP not mandatory-to-use Ted Hardie
- Re: [rtcweb] SRTP not mandatory-to-use Eric Rescorla
- Re: [rtcweb] SRTP not mandatory-to-use Harald Alvestrand
- Re: [rtcweb] SRTP not mandatory-to-use Oscar Ohlsson
- Re: [rtcweb] Security analysis of RTCWEB Bernard Aboba
- Re: [rtcweb] Security analysis of RTCWEB Eric Rescorla
- Re: [rtcweb] Security analysis of RTCWEB Igor Faynberg
- Re: [rtcweb] Security analysis of RTCWEB Bernard Aboba
- Re: [rtcweb] state of libsrtp maintenance? (Re: S… Cullen Jennings