IETF Logo Mail Archive

Re: [rtcweb] state of libsrtp maintenance? (Re: SRTP not mandatory-to-use)

Randell Jesup <randell-ietf@jesup.org> Thu, 12 January 2012 21:55 UTC

Return-Path: <randell-ietf@jesup.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0950021F865F for <rtcweb@ietfa.amsl.com>; Thu, 12 Jan 2012 13:55:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.483
X-Spam-Level:
X-Spam-Status: No, score=-2.483 tagged_above=-999 required=5 tests=[AWL=0.116, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id x2BtnMxe2VBz for <rtcweb@ietfa.amsl.com>; Thu, 12 Jan 2012 13:55:32 -0800 (PST)
Received: from r2-chicago.webserversystems.com (r2-chicago.webserversystems.com [173.236.101.58]) by ietfa.amsl.com (Postfix) with ESMTP id 7E2EF21F865B for <rtcweb@ietf.org>; Thu, 12 Jan 2012 13:55:32 -0800 (PST)
Received: from pool-173-49-135-74.phlapa.fios.verizon.net ([173.49.135.74] helo=[192.168.1.12]) by r2-chicago.webserversystems.com with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <randell-ietf@jesup.org>) id 1RlScN-0007gz-Ux for rtcweb@ietf.org; Thu, 12 Jan 2012 15:55:32 -0600
Message-ID: <4F0F56AE.80306@jesup.org>
Date: Thu, 12 Jan 2012 16:54:54 -0500
From: Randell Jesup <randell-ietf@jesup.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: rtcweb@ietf.org
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com> <CAKhHsXEes+Lf+uKdTrjXoy+3PMy2uNumNL-W-0s4_xRXW6FiZg@mail.gmail.com> <4F0CAC8C.8010203@wonderhamster.org> <1D062974A4845E4D8A343C6538049202074ABD3A@XMB-BGL-414.cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCF907@inba-mail02.sonusnet.com> <CALiegfkejnU2rTe-FibUVxTrRS9SivkhGXB5eK+FhD8Vu6iTMA@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCF9FC@inba-mail02.sonusnet.com> <CALiegfn07bS58B+4ZyzRTnO4LCpw1e96dnqpSM+TT1y3QG2Zwg@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCFBC1@inba-mail02.sonusnet.com> <CAOJ7v-20+yL7r+_ODx_czHTiujXZZWESaZRB7MQjhvScg3RFtw@mail.gmail.com> <4F0DFD0B.2000009@jesup.org> <BLU152-W62B3148D9899099ED240D1939E0@phx.gbl> <4F0EA4BA.5040809@alvestrand.no> <CAD5OKxvB3J9g5Mq9vTH9WNqqsqSNunGXiXo6AgR6+ORZCeFcnA@mail.gmail.com> <CABcZeBO0kw2BvhMzODuXoX5XSD2UrYwbQ3AnqiY-pAyiE8AmRw@mail.gmail.com> <CAD5OKxs8n8tDCaCT2Nb0osyxVEmRb-WsPHtEVX8qyYqyzy9Ggw@mail.gmail.com>
In-Reply-To: <CAD5OKxs8n8tDCaCT2Nb0osyxVEmRb-WsPHtEVX8qyYqyzy9Ggw@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r2-chicago.webserversystems.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - jesup.org
X-Source:
X-Source-Args:
X-Source-Dir:
Subject: Re: [rtcweb] state of libsrtp maintenance? (Re: SRTP not mandatory-to-use)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2012 21:55:33 -0000

On 1/12/2012 11:18 AM, Roman Shpount wrote:
>
> On Thu, Jan 12, 2012 at 9:37 AM, Eric Rescorla <ekr@rtfm.com
> <mailto:ekr@rtfm.com>> wrote:
>
>     DTLS-SRTP was specifically designed so that one could put together a
>     DTLS
>     stack and an SRTP stack with minimal modifications to both (and no
>     necessary
>     modifications to the SRTP stack). In the case of OpenSSL and
>     libsrtp, you
>     do the OpenSSL handshake, then use a new interface to export the keys
>     which you then push onto libsrtp using existing interfaces.
>
> My point is if you use OpenSSL crypto functions you can replace libsrtp
> with a few hundred lines of code. It is almost easier then integrating
> with libsrtp (and introduce another instance of unoptimized encryption
> and check sum functions).

I'm not tied to libsrtp - though I have commit privileges for it, and 
made a bunch of improvements and fixes to it back in the 2004-2005 
timeframe (SRTCP was broken, remove dependence on long long, etc), since 
which point (around 2006) it's been very stable outside of a very 
occasional patch.

Last set of changes generally seem to be around a year and half ago by 
Jonathan Lennox. (A few minor C99 changes this fall).

It does the job.  Perhaps you can replace it with a few hundred lines of 
OpenSSL code; I have to say I'd be surprised.  But srtp.c is ~2000 
lines; I can believe OpenSSL would replace most of the crypto files; 
you'd still need much of the logic in srtp.c and perhaps the replay code.

And realize we're not specifying libsrtp, just SRTP - so your comment 
that libsrtp can be replaced with OpenSSL plus some code is simply more 
indication that SRTP implementations are not a blocker.


-- 
Randell Jesup
randell-ietf@jesup.org

v2.23.0 | Report a Bug | By Email