Re: [rtcweb] SBC hardware and SHA1
Cameron Byrne <cb.list6@gmail.com> Fri, 30 September 2011 16:47 UTC
Return-Path: <cb.list6@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCB9221F8BF3 for <rtcweb@ietfa.amsl.com>; Fri, 30 Sep 2011 09:47:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.459
X-Spam-Level:
X-Spam-Status: No, score=-3.459 tagged_above=-999 required=5 tests=[AWL=0.140, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jrd6yOSo1TyU for <rtcweb@ietfa.amsl.com>; Fri, 30 Sep 2011 09:47:59 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by ietfa.amsl.com (Postfix) with ESMTP id 35BE721F8BEE for <rtcweb@ietf.org>; Fri, 30 Sep 2011 09:47:59 -0700 (PDT)
Received: by qyk33 with SMTP id 33so1866923qyk.10 for <rtcweb@ietf.org>; Fri, 30 Sep 2011 09:50:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=htrsnHvqGFK+zq9Z5IHb8bMUPRu2plr0eWV94A4UksE=; b=kI0JZkXEFzhyQabkFDnzQqjGvhYDu4GvkHootPGlToCdAnQ7T5PRsftkKM4JP+QYh0 1+xkX26c7JrvnkK1jLni1SVSVQqbN23/l3MtL6mlmCWic5i12tNq4Eh6fTdJf7vFpXG6 /9oR3/6RlP0mcrO5goXn9flnWhDN93K4uRsNw=
MIME-Version: 1.0
Received: by 10.68.36.166 with SMTP id r6mr59581415pbj.77.1317401452867; Fri, 30 Sep 2011 09:50:52 -0700 (PDT)
Received: by 10.143.2.8 with HTTP; Fri, 30 Sep 2011 09:50:52 -0700 (PDT)
In-Reply-To: <C3C7D62E-6BA8-43F4-A29D-FC9AF3BE689F@acmepacket.com>
References: <CAD5OKxtNjmWBz92bRuxka7e-BUpTPgVUvr3ahJGpmZ-U5nuPbQ@mail.gmail.com> <CAD6AjGSmz5T_F+SK2EoBQm6T-iRKp7dd4j8ZAF5JKdbbyomZQA@mail.gmail.com> <CALiegfmO54HC+g9L_DYn4jtXAAbLEvS++qxKa6TNrLDREs9SeA@mail.gmail.com> <4E80984A.903@skype.net> <CALiegfmyvTb57WVooKryS-ubfcg+w5gZ+zfO1zzBLn3609AzaA@mail.gmail.com> <4E809EE6.2050702@skype.net> <CAD5OKxvUOadaU0dnB7-Ho9cZ92VY+4Owuhj7oKPCx9Jy1iwT1Q@mail.gmail.com> <C2DF2C51-B3F7-443D-A047-7E6FB03E6D20@phonefromhere.com> <CAOJ7v-3AJJcdrCKcH4AJmv_016sZtcOPOo8yCv3Va65eJogAkQ@mail.gmail.com> <53C72381-DC23-4A6A-944C-B418791876B0@cisco.com> <CALiegf=nG+KXto9CXfn64CQSp3P5Lfm+S8c0xnA187Fhz=fcrQ@mail.gmail.com> <05B54E0C-B867-4D7F-825D-2E008E69B07F@acmepacket.com> <4E84F06B.7020705@skype.net> <2C381E05-59C5-4678-A431-CFDAC1098050@acmepacket.com> <CABcZeBMgFetriRkyvR_pOczWX6RCpMisjzjQeBsPYj9Zg3S0zQ@mail.gmail.com> <DF6B5635-BD84-4F87-9228-3EF3BBCC7129@acmepacket.com> <CD38B852-5FA5-4CFC-B941-9C4F97BED622@edvina.net> <C3C7D62E-6BA8-43F4-A29D-FC9AF3BE689F@acmepacket.com>
Date: Fri, 30 Sep 2011 09:50:52 -0700
Message-ID: <CAD6AjGSoBN7eig-RnLWJFj4q0QgS81gHwT5dqjzK-ivN9Ag5Ng@mail.gmail.com>
From: Cameron Byrne <cb.list6@gmail.com>
To: Hadriel Kaplan <HKaplan@acmepacket.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: "<rtcweb@ietf.org>" <rtcweb@ietf.org>
Subject: Re: [rtcweb] SBC hardware and SHA1
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Sep 2011 16:47:59 -0000
On Fri, Sep 30, 2011 at 9:39 AM, Hadriel Kaplan <HKaplan@acmepacket.com> wrote: > > On Sep 30, 2011, at 2:36 AM, Olle E. Johansson wrote: > > Hadriel, > While on the topic of the hardware, I would like to ask how these systems > handle DTLS and SRTP. > > Assuming you mean terminating the SRTP, I only know of one hardware-based > SBC that claims support for terminating DTLS-SRTP, but I don't know if it's > real or slideware. I know of a couple software-based ones that do. (you can > probably google it to find out who) > But in general the most popular support by far is for SDES-based keying. > There are a couple of off-the-shelf chip solutions for large-scale SRTP > that handle it as a bump-in-the wire, but they need to be told the keys per > stream and don't handle DTLS inline themselves to do so, so naturally SDES > made it a lot easier to use them. Having said that, I do believe that more > SBC vendors in the US market will be supporting DTLS-SRTP in the future > because the US government has it mandated in some agency or other I've been > told. Whether other governments will do the same I don't know. (then again > the US government mandates a lot that never gets used in practice) > Also, someone asked on this list if SBC vendors support SRTP to begin with. > Almost every SBC vendor I know of does support SRTP (at least with SDES > keying), but it usually costs more to do so, because it's done in dedicated > hardware. So most deployed SBC systems don't do SRTP, because the people > buying/deploying them have decided they don't need it and don't want to pay > for it. It's more popular in specific vertical markets, but overall it's > definitely a minority today. > -hadriel > As a service provider, i cannot imagine rolling out a solution that lacks encryption. Cost of bad press and unmet user expectations is higher than a few extra boxes. If you choose not to encrypt, well... that becomes a differentiation for those that do. We have already bought and paid for SRTP in our existing IMS/SIP applications that exist on the Internet and will mandate it for anything we do with RTCWeb too, it's policy. Cameron
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cameron Byrne
- [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cameron Byrne
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Ravindran Parthasarathi
- Re: [rtcweb] Requiring ICE for RTC calls Bernard Aboba
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Requiring ICE for RTC calls Justin Uberti
- Re: [rtcweb] Requiring ICE for RTC calls Saúl Ibarra Corretgé
- [rtcweb] RFC 5245 interpretation (Re: Requiring I… Harald Alvestrand
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Justin Uberti
- Re: [rtcweb] RFC 5245 interpretation (Re: Requiri… Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] RFC 5245 interpretation (Re: Requiri… Christer Holmberg
- Re: [rtcweb] Requiring ICE for RTC calls Bernard Aboba
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Requiring ICE for RTC calls Dzonatas Sol
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Bernard Aboba
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Justin Uberti
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] RFC 5245 interpretation (Re: Requiri… Ravindran Parthasarathi
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Ravindran Parthasarathi
- Re: [rtcweb] Requiring ICE for RTC calls Eric Rescorla
- [rtcweb] Solutions sought for non-ICE RTC calls, … Harald Alvestrand
- Re: [rtcweb] Requiring ICE for RTC calls Olle E. Johansson
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Olle E. Johansson
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Eric Rescorla
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Matthew Kaufman
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Matthew Kaufman
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Matthew Kaufman
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Randell Jesup
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Igor Faynberg
- [rtcweb] ICE deployment experience (Re: Solutions… Harald Alvestrand
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Cullen Jennings
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Cameron Byrne
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Eric Rescorla
- Re: [rtcweb] Requiring ICE for RTC calls Harald Alvestrand
- Re: [rtcweb] Requiring ICE for RTC calls Iñaki Baz Castillo
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Olle E. Johansson
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Olle E. Johansson
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Roman Shpount
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Matthew Kaufman
- Re: [rtcweb] Requiring ICE for RTC calls Richard Shockey
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Richard Shockey
- Re: [rtcweb] Requiring ICE for RTC calls Eric Rescorla
- Re: [rtcweb] Requiring ICE for RTC calls Hadriel Kaplan
- Re: [rtcweb] Requiring ICE for RTC calls Martin J. Dürst
- Re: [rtcweb] Requiring ICE for RTC calls Harald Alvestrand
- Re: [rtcweb] SBC hardware and SHA1 Olle E. Johansson
- Re: [rtcweb] Requiring ICE for RTC calls Tim Panton
- Re: [rtcweb] SBC hardware and SHA1 Hadriel Kaplan
- Re: [rtcweb] SBC hardware and SHA1 Cameron Byrne
- Re: [rtcweb] SBC hardware and SHA1 Olle E. Johansson
- Re: [rtcweb] SBC hardware and SHA1 Olle E. Johansson
- Re: [rtcweb] SBC hardware and SHA1 Eric Rescorla
- Re: [rtcweb] SBC hardware and SHA1 Dzonatas Sol
- Re: [rtcweb] SBC hardware and SHA1 Ravindran Parthasarathi
- Re: [rtcweb] Solutions sought for non-ICE RTC cal… Saúl Ibarra Corretgé
- Re: [rtcweb] Requiring ICE for RTC calls Cullen Jennings