Re: [rtcweb] SBC hardware and SHA1
"Ravindran Parthasarathi" <pravindran@sonusnet.com> Mon, 03 October 2011 06:10 UTC
Return-Path: <pravindran@sonusnet.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A53621F8801 for <rtcweb@ietfa.amsl.com>; Sun, 2 Oct 2011 23:10:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.496
X-Spam-Level:
X-Spam-Status: No, score=-2.496 tagged_above=-999 required=5 tests=[AWL=0.102, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9ZNgKepysmW1 for <rtcweb@ietfa.amsl.com>; Sun, 2 Oct 2011 23:10:46 -0700 (PDT)
Received: from mail-ma01.sonusnet.com (sonussf2.sonusnet.com [208.45.178.27]) by ietfa.amsl.com (Postfix) with ESMTP id 450FC21F87D6 for <rtcweb@ietf.org>; Sun, 2 Oct 2011 23:10:45 -0700 (PDT)
Received: from sonusmail07.sonusnet.com (sonusmail07.sonusnet.com [10.128.32.157]) by sonuspps2.sonusnet.com (8.14.3/8.14.3) with ESMTP id p936EHZv011197; Mon, 3 Oct 2011 02:14:17 -0400
Received: from sonusinmail02.sonusnet.com ([10.70.51.30]) by sonusmail07.sonusnet.com with Microsoft SMTPSVC(6.0.3790.4675); Mon, 3 Oct 2011 02:13:45 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01CC8193.994BE05F"
Date: Mon, 03 Oct 2011 11:43:41 +0530
Message-ID: <2E239D6FCD033C4BAF15F386A979BF510F12FA@sonusinmail02.sonusnet.com>
In-Reply-To: <CABcZeBM9a6J845VZ=mPXw0MZpK9FjYLdxPdbtJNBeh+jHsmh1Q@mail.gmail.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [rtcweb] SBC hardware and SHA1
Thread-Index: Acx/pM9oNsnwQyfKTQaJCFUQAhuccAB7O+Aw
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com><CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com><CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com><4E80984A.903@skype.net><CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com><4E809EE6.2050702@skype.net><CAD5OKxvUOadaU0dnB7-Ho9cZ92VY+4Owuhj7oKPCx9Jy1iwT1Q@mail.gmail.com><C2DF2C51-B3F7-443D-A047-7E6FB03E6D20@phonefromhere.com><CAOJ7v-3AJJcdrCKcH4AJmv_016sZtcOPOo8yCv3Va65eJogAkQ@mail.gmail.com><53C72381-DC23-4A6A-944C-B418791876B0@cisco.com><CALiegf=nG+KXto9CXfn64CQSp3P5Lfm+S8c0xnA187Fhz=fcrQ@mail.gmail.com><05B54E0C-B867-4D7F-825D-2E008E69B07F@acmepacket.com><4E84F06B.7020705@skype.net><2C381E05-59C5-4678-A431-CFDAC1098050@acmepacket.com><CABcZeBMgFetriRkyvR_pOczWX6RCpMisjzjQeBsPYj9Zg3S0zQ@mail.gmail.com><DF6B5635-BD84-4F87-9228-3EF3BBCC7129@acmepacket.com><CD38B852-5FA5-4CFC-B941-9C4F97BED622@edvina.net><C3C7D62E-6BA8-43F4-A29D-FC9AF3BE689F@acme packet.c om> <CABcZeBM9a6J845VZ=mPXw0MZpK9FjYLdxPdbtJNBeh+jHsmh1Q@mail.gmail.com>
From: Ravindran Parthasarathi <pravindran@sonusnet.com>
To: Eric Rescorla <ekr@rtfm.com>, Hadriel Kaplan <HKaplan@acmepacket.com>
X-OriginalArrivalTime: 03 Oct 2011 06:13:45.0279 (UTC) FILETIME=[9B5004F0:01CC8193]
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] SBC hardware and SHA1
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Oct 2011 06:10:47 -0000
It is possible in SBC Hardware to provide DTLS-SRTP in case customer asks for it. IMO, The performance impacts is based on individual SBC Hardware architecture. Thanks Partha From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of Eric Rescorla Sent: Saturday, October 01, 2011 12:41 AM To: Hadriel Kaplan Cc: <rtcweb@ietf.org> Subject: Re: [rtcweb] SBC hardware and SHA1 On Fri, Sep 30, 2011 at 9:39 AM, Hadriel Kaplan <HKaplan@acmepacket.com> wrote: On Sep 30, 2011, at 2:36 AM, Olle E. Johansson wrote: Hadriel, While on the topic of the hardware, I would like to ask how these systems handle DTLS and SRTP. Assuming you mean terminating the SRTP, I only know of one hardware-based SBC that claims support for terminating DTLS-SRTP, but I don't know if it's real or slideware. I know of a couple software-based ones that do. (you can probably google it to find out who) I don't know a huge amount about how hardware-based SBCs are constructed, but it's important to remember that DTLS-SRTP is DTLS key management but SRTP data transport, so the naive way to build the system would be to do the DTLS in software and then push the keys onto SRTP, thus using all the normal SRTP packet processing. Obviously, there will be some performance cost associated with this (as there is for any asymmetric key exchange). The typical acceleration strategy for TLS is to have hardware acceleration for the asymmetric operations but have the actual TLS stack in software, for the obvious reasons of flexibility and upgradeability. Don't know how much that helps. -Ekr But in general the most popular support by far is for SDES-based keying. There are a couple of off-the-shelf chip solutions for large-scale SRTP that handle it as a bump-in-the wire, but they need to be told the keys per stream and don't handle DTLS inline themselves to do so, so naturally SDES made it a lot easier to use them. Having said that, I do believe that more SBC vendors in the US market will be supporting DTLS-SRTP in the future because the US government has it mandated in some agency or other I've been told. Whether other governments will do the same I don't know. (then again the US government mandates a lot that never gets used in practice) Also, someone asked on this list if SBC vendors support SRTP to begin with. Almost every SBC vendor I know of does support SRTP (at least with SDES keying), but it usually costs more to do so, because it's done in dedicated hardware. So most deployed SBC systems don't do SRTP, because the people buying/deploying them have decided they don't need it and don't want to pay for it. It's more popular in specific vertical markets, but overall it's definitely a minority today. -hadriel _______________________________________________ rtcweb mailing list rtcweb@ietf.org https://www.ietf.org/mailman/listinfo/rtcweb
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cameron Byrne
- [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cameron Byrne
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Ravindran Parthasarathi
- Re: [rtcweb] Requiring ICE for RTC calls Bernard Aboba
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Requiring ICE for RTC calls Justin Uberti
- Re: [rtcweb] Requiring ICE for RTC calls Saúl Ibarra Corretgé
- [rtcweb] RFC 5245 interpretation (Re: Requiring I… Harald Alvestrand
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Justin Uberti
- Re: [rtcweb] RFC 5245 interpretation (Re: Requiri… Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] RFC 5245 interpretation (Re: Requiri… Christer Holmberg
- Re: [rtcweb] Requiring ICE for RTC calls Bernard Aboba
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Requiring ICE for RTC calls Dzonatas Sol
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Bernard Aboba
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Justin Uberti
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] RFC 5245 interpretation (Re: Requiri… Ravindran Parthasarathi
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Ravindran Parthasarathi
- Re: [rtcweb] Requiring ICE for RTC calls Eric Rescorla
- [rtcweb] Solutions sought for non-ICE RTC calls, … Harald Alvestrand
- Re: [rtcweb] Requiring ICE for RTC calls Olle E. Johansson
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Olle E. Johansson
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Matthew Kaufman
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Matthew Kaufman
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Matthew Kaufman
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Randell Jesup
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Igor Faynberg
- [rtcweb] ICE deployment experience (Re: Solutions… Harald Alvestrand
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Cullen Jennings
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Cameron Byrne
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Eric Rescorla
- Re: [rtcweb] Requiring ICE for RTC calls Harald Alvestrand
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Olle E. Johansson
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Olle E. Johansson
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Richard Shockey
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Richard Shockey
- Re: [rtcweb] Requiring ICE for RTC calls Eric Rescorla
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Martin J. Dürst
- Re: [rtcweb] Requiring ICE for RTC calls Harald Alvestrand
- Re: [rtcweb] SBC hardware and SHA1 Olle E. Johansson
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] SBC hardware and SHA1 Hadriel Kaplan
- Re: [rtcweb] SBC hardware and SHA1 Cameron Byrne
- Re: [rtcweb] SBC hardware and SHA1 Olle E. Johansson
- Re: [rtcweb] SBC hardware and SHA1 Olle E. Johansson
- Re: [rtcweb] SBC hardware and SHA1 Eric Rescorla
- Re: [rtcweb] SBC hardware and SHA1 Dzonatas Sol
- Re: [rtcweb] SBC hardware and SHA1 Ravindran Parthasarathi
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Saúl Ibarra Corretgé
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings