IETF Logo Mail Archive

Re: [rtcweb] state of libsrtp maintenance? (Re: SRTP not mandatory-to-use)

Cullen Jennings <fluffy@iii.ca> Mon, 30 January 2012 05:37 UTC

Return-Path: <fluffy@iii.ca>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A31D21F84C8 for <rtcweb@ietfa.amsl.com>; Sun, 29 Jan 2012 21:37:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.099
X-Spam-Level:
X-Spam-Status: No, score=-5.099 tagged_above=-999 required=5 tests=[AWL=1.500, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CAdCA4UIEHIL for <rtcweb@ietfa.amsl.com>; Sun, 29 Jan 2012 21:37:21 -0800 (PST)
Received: from mtv-iport-3.cisco.com (mtv-iport-3.cisco.com [173.36.130.14]) by ietfa.amsl.com (Postfix) with ESMTP id E80EE21F84B5 for <rtcweb@ietf.org>; Sun, 29 Jan 2012 21:37:20 -0800 (PST)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av4EAHQrJk+rRDoI/2dsb2JhbABDrluBBYFyAQEBAwEBAQEPASc0CwULCxgnBycfEQYTIodaCZojAZ1QBIg8BgMLBAsGBA8BCAEFCQYDBIMZAxUCCwMCZIMIYwSIP5IxjRs
X-IronPort-AV: E=Sophos;i="4.71,590,1320624000"; d="scan'208";a="27759799"
Received: from mtv-core-3.cisco.com ([171.68.58.8]) by mtv-iport-3.cisco.com with ESMTP; 30 Jan 2012 05:37:19 +0000
Received: from [192.168.4.100] (sjc-fluffy-8914.cisco.com [10.20.249.165]) by mtv-core-3.cisco.com (8.14.3/8.14.3) with ESMTP id q0U5bJSG005552; Mon, 30 Jan 2012 05:37:19 GMT
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: Cullen Jennings <fluffy@iii.ca>
In-Reply-To: <4F0F56AE.80306@jesup.org>
Date: Sun, 29 Jan 2012 22:37:18 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <773E3E2F-8A66-4113-AD76-CAB83E79BFDD@iii.ca>
References: <CAErhfrwu322=HTS0JZhum9EGfb73KmYS6CU_KMESyzEWhtvg2w@mail.gmail.com> <CAKhHsXEes+Lf+uKdTrjXoy+3PMy2uNumNL-W-0s4_xRXW6FiZg@mail.gmail.com> <4F0CAC8C.8010203@wonderhamster.org> <1D062974A4845E4D8A343C6538049202074ABD3A@XMB-BGL-414.cisco.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCF907@inba-mail02.sonusnet.com> <CALiegfkejnU2rTe-FibUVxTrRS9SivkhGXB5eK+FhD8Vu6iTMA@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCF9FC@inba-mail02.sonusnet.com> <CALiegfn07bS58B+4ZyzRTnO4LCpw1e96dnqpSM+TT1y3QG2Zwg@mail.gmail.com> <387F9047F55E8C42850AD6B3A7A03C6C01DCFBC1@inba-mail02.sonusnet.com> <CAOJ7v-20+yL7r+_ODx_czHTiujXZZWESaZRB7MQjhvScg3RFtw@mail.gmail.com> <4F0DFD0B.2000009@jesup.org> <BLU152-W62B3148D9899099ED240D1939E0@phx.gbl> <4F0EA4BA.5040809@alvestrand.no> <CAD5OKxvB3J9g5Mq9vTH9WNqqsqSNunGXiXo6AgR6+ORZCeFcnA@mail.gmail.com> <CABcZeBO0kw2BvhMzODuXoX5XSD2UrYwbQ3AnqiY-pAyiE8AmRw@mail.gmail.com> <CAD5OKxs8n8tDCaCT2Nb0osyxVEmRb-WsPHtEVX8qyYqyzy9Ggw@mail.gmail.com> <4F0F56AE.80 306@jesup.org>
To: Randell Jesup <randell-ietf@jesup.org>
X-Mailer: Apple Mail (2.1084)
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] state of libsrtp maintenance? (Re: SRTP not mandatory-to-use)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jan 2012 05:37:23 -0000

Making libsrtp so it had a compile time flag to use the openssl crypto or select it's own crypto seem like it would be a nice improvement to it but lots of the places folks want to use libsrtp is a DSP of some sort - it cab be a big hassle to try and port all of the crypto from openssl to that type of environment so probably would not want to have it require openssl. 


On Jan 12, 2012, at 2:54 PM, Randell Jesup wrote:

> On 1/12/2012 11:18 AM, Roman Shpount wrote:
>> 
>> On Thu, Jan 12, 2012 at 9:37 AM, Eric Rescorla <ekr@rtfm.com
>> <mailto:ekr@rtfm.com>> wrote:
>> 
>>    DTLS-SRTP was specifically designed so that one could put together a
>>    DTLS
>>    stack and an SRTP stack with minimal modifications to both (and no
>>    necessary
>>    modifications to the SRTP stack). In the case of OpenSSL and
>>    libsrtp, you
>>    do the OpenSSL handshake, then use a new interface to export the keys
>>    which you then push onto libsrtp using existing interfaces.
>> 
>> My point is if you use OpenSSL crypto functions you can replace libsrtp
>> with a few hundred lines of code. It is almost easier then integrating
>> with libsrtp (and introduce another instance of unoptimized encryption
>> and check sum functions).
> 
> I'm not tied to libsrtp - though I have commit privileges for it, and made a bunch of improvements and fixes to it back in the 2004-2005 timeframe (SRTCP was broken, remove dependence on long long, etc), since which point (around 2006) it's been very stable outside of a very occasional patch.
> 
> Last set of changes generally seem to be around a year and half ago by Jonathan Lennox. (A few minor C99 changes this fall).
> 
> It does the job.  Perhaps you can replace it with a few hundred lines of OpenSSL code; I have to say I'd be surprised.  But srtp.c is ~2000 lines; I can believe OpenSSL would replace most of the crypto files; you'd still need much of the logic in srtp.c and perhaps the replay code.
> 
> And realize we're not specifying libsrtp, just SRTP - so your comment that libsrtp can be replaced with OpenSSL plus some code is simply more indication that SRTP implementations are not a blocker.
> 
> 
> -- 
> Randell Jesup
> randell-ietf@jesup.org
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email