[Sip] RE: Review of draft-ietf-sip-media-security-requirements-00
"Dan Wing" <dwing@cisco.com> Tue, 06 November 2007 18:00 UTC
Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IpSiw-00048W-QN; Tue, 06 Nov 2007 13:00:26 -0500
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1IpSiv-000467-Du for sip-confirm+ok@megatron.ietf.org; Tue, 06 Nov 2007 13:00:25 -0500
Received: from [10.90.34.44] (helo=chiedprmail1.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IpSiv-00045y-01 for sip@ietf.org; Tue, 06 Nov 2007 13:00:25 -0500
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by chiedprmail1.ietf.org with esmtp (Exim 4.43) id 1IpSiu-0006Sm-2M for sip@ietf.org; Tue, 06 Nov 2007 13:00:24 -0500
X-IronPort-AV: E=Sophos;i="4.21,379,1188802800"; d="scan'208";a="30538513"
Received: from sj-dkim-3.cisco.com ([171.71.179.195]) by sj-iport-1.cisco.com with ESMTP; 06 Nov 2007 10:00:23 -0800
Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-3.cisco.com (8.12.11/8.12.11) with ESMTP id lA6I0NUI023949; Tue, 6 Nov 2007 10:00:23 -0800
Received: from dwingwxp01 ([10.32.240.196]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id lA6I0Mfb028123; Tue, 6 Nov 2007 18:00:22 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Richard Barnes' <rbarnes@bbn.com>
References: <47080AF8.9060303@bbn.com> <033c01c81fe7$cffe11e0$c4f0200a@cisco.com> <47309BA1.7090405@bbn.com>
Date: Tue, 06 Nov 2007 10:00:22 -0800
Message-ID: <06d301c8209e$e6dbdf70$c4f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcgglVZKjUZ1MLTBQRK+HNgFMD4RbgACEdgQ
In-Reply-To: <47309BA1.7090405@bbn.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=5204; t=1194372023; x=1195236023; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20Review=20of=20draft-ietf-sip-media-security-requireme nts-00 |Sender:=20; bh=80Hkryfp1hjHY8t3EEkcipvUP564MeesyIf4uwCO5c0=; b=pw+f2YtuhiOZ/BdaZb/lXx/CkJt257AhvQEKIe0WjgsW+I6wASBXADVrRTNk62aQNI5Vd5g0 AEqsvPaTV1VlX8MvMef14N6o4K32l9fgiOqaTqyOZZeVxQutQ0AkytOZ;
Authentication-Results: sj-dkim-3; header.From=dwing@cisco.com; dkim=pass (s ig from cisco.com/sjdkim3002 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 093efd19b5f651b2707595638f6c4003
Cc: 'IETF SIP List' <sip@ietf.org>, 'Francois Audet' <audet@nortel.com>, "'Fries, Steffen'" <steffen.fries@siemens.com>
Subject: [Sip] RE: Review of draft-ietf-sip-media-security-requirements-00
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org
> -----Original Message----- > From: Richard Barnes [mailto:rbarnes@bbn.com] > Sent: Tuesday, November 06, 2007 8:52 AM > To: Dan Wing > Cc: 'IETF SIP List'; 'Hannes Tschofenig'; 'Fries, Steffen'; > 'Francois Audet' > Subject: Re: Review of draft-ietf-sip-media-security-requirements-00 > > Dan, > > I agree that R23 and R25 aren't necessarily related to lawful > intercept, but all three requirements are related to third parties > having access to plain-text media -- and the whole point of > encrypting data is to protect it against access by unauthorized > third parties. In order to provide access to these parties (quality > of service, law enforcement, or middleboxes) and still provide > security, either (1) the protocol needs to have some mechanism for > explicitly authorizing these users, or (2) there needs to be an > out-of-band mechanism like draft-wing-sipping-srtp-key. > > Option (1) (explicit authorization) is (IMO) the much less > appealing option: > 1. It directly conflicts with R24, since it enables the > endpoints to be aware that another party is being given access. Disclosing the SRTP via PUBLISH (option (2)) also creates the same awareness. > 2. It means that the requirements can only be satisfied by a > multi-party / multicast keying protocol (since it has to assume that > there are at least three parties to a call). Not necessarily. It could be accomplished with DTLS-SRTP with two DTLS handshakes, like this diagram: endpoint middlebox remote endpoint | | | | |<--DTLS ClientHello--| | |---DTLS SrvrHello--->| | | ... | | |<--finished-- | | |---finished--------->| | |<-SRTP with key "A"->| |<--DTLS ClientHello--| | |---DTLS SrvrHello--->| | | ... | | |<--finished----------| | |---finished--------->| | |<-SRTP with key "B"->| | There are two SRTP keys (A and B), and the middlebox would need to decrypt SRTP and re-encrypt SRTP. I expect this is not terribly desirable due to the computational effort to decrypt and re-encrypt the SRTP traffic. > 3. It adds hard authentication requirements (so that not just > anyone can be the listening party), which will hinder deployment That's probably true. > Option (2), on the other hand, requires no text in the media security > requirements. It provides the same functionality, with two caveats: > 1. One endpoint has to be willing to transmit the keys to the > listener. > In a enterprise network, this isn't a problem, since endpoints are > tightly controlled. A VSP that wants to provide lawful intercept can > just block SRTP calls that don't provide a key. > 2. The listener has to be willing to tolerate the delay induced by > routing the keys through SIP. AFAIK, there are no requirements for > real-time recording or lawful intercept, but this may be a > small problem for middleboxes. (2) isn't a significant problem, assuming DTLS-SRTP is allowed to complete before the call is answered (and SRTP wants to start flowing). > So on the whole, it seems to me like option (2) covers at > least two of the three use cases you've proposed. I agree, which is why I have co-authored draft-wing-sipping-srtp-key. But I'm trying to step back and ensure that it meets with everyone's requirements regarding recording (for banks, stock brokers, etc.), and transcoding (compressed codecs to 'standard' codecs). I don't yet have a message flow for how draft-wing-sipping-srtp-key would work well with transcoding; what I have sketched out is far uglier (more messages) than what everyone does for RTP transcoding today. -d > --Richard > > > > R23 refers only to recording of media. This is necessary in many > > business environments such as banks, stock brokers, catalog > ordering call > > centers, and so on. This is a requirement for many businesses. It > > is not yet clear if draft-wing-sipping-srtp-key (or > something like it) > > meets requirement R23. > > It seems like does, provided that (1) endpoints are willing > to send key > to authorized listeners, and (2) the delay induced by SIP is > tolerable. > Both of these would seem to be true in the enterprise > environments you > describe. > > > I agree R24 refers to lawful intercept. This is a requirement from > > other SDOs that need to provide lawful intercept with their > solutions. > > > > Another email on R24 lawful intercept will be forthcoming shortly. > > > R25 reference to 'intermediate nodes' is to transcoders and > SBCs which > > handle signaling and media traffic. It seems important > that any keying > > mechanism work with such intermediate nodes, as those > intermediate nodes > > are common on many SIP networks. _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] Review of draft-ietf-sip-media-security-req… Richard Barnes
- RE: [Sip] Review of draft-ietf-sip-media-security… Fries, Steffen
- [Sip] RE: Review of draft-ietf-sip-media-security… Dan Wing
- Re: [Sip] RE: Review of draft-ietf-sip-media-secu… Matt Lepinski
- RE: [Sip] RE: Review of draft-ietf-sip-media-secu… Dan Wing
- [Sip] Re: Review of draft-ietf-sip-media-security… Richard Barnes
- [Sip] RE: Review of draft-ietf-sip-media-security… Dan Wing
- [Sip] Re: Review of draft-ietf-sip-media-security… Richard Barnes