[Sip] SRTP and MIKEY usage in SIP
"Steffen Fries" <steffen.fries@siemens.com> Mon, 20 January 2003 13:55 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id IAA20284 for <sip-archive@odin.ietf.org>; Mon, 20 Jan 2003 08:55:50 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h0KECtq21770 for sip-archive@odin.ietf.org; Mon, 20 Jan 2003 09:12:55 -0500
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0KECHJ21709; Mon, 20 Jan 2003 09:12:17 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0HFWgJ07205 for <sip@optimus.ietf.org>; Fri, 17 Jan 2003 10:32:42 -0500
Received: from david.siemens.de (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA25433 for <sip@ietf.org>; Fri, 17 Jan 2003 10:16:31 -0500 (EST)
Received: from mail1.siemens.de (mail1.siemens.de [139.23.33.14]) by david.siemens.de (8.11.6/8.11.6) with ESMTP id h0HFJrO24305; Fri, 17 Jan 2003 16:19:53 +0100 (MET)
Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail1.siemens.de (8.11.6/8.11.6) with ESMTP id h0HFJqL04988; Fri, 17 Jan 2003 16:19:52 +0100 (MET)
Received: from mail-k.mchp.siemens.de (mail-k.mchp.siemens.de [139.23.202.237]) by mars.cert.siemens.de (8.12.7/8.12.7/$SiemensCERT: mail/cert.mc,v 1.40 2003/01/07 15:49:50 ust Exp $) with ESMTP id h0HFJpuB092879; Fri, 17 Jan 2003 16:19:51 +0100 (CET)
Received: from mhpaba5c (mhpaba5c [139.23.204.46]) by mail-k.mchp.siemens.de with ESMTP id h0HFKBg4016627; Fri, 17 Jan 2003 16:20:11 +0100 (MET)
From: Steffen Fries <steffen.fries@siemens.com>
Organization: Siemens AG
To: sip@ietf.org
Date: Fri, 17 Jan 2003 16:19:49 +0100
MIME-Version: 1.0
Reply-to: steffen.fries@siemens.com
CC: Elisabetta.Carrara@era.ericsson.se
Message-ID: <3E282D25.14384.17A03F6@localhost>
Priority: normal
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Content-description: Mail message body
Content-Transfer-Encoding: 7bit
Subject: [Sip] SRTP and MIKEY usage in SIP
Sender: sip-admin@ietf.org
Errors-To: sip-admin@ietf.org
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Hi,
I'm not quite sure, which working group fits best for this
question, thus I'm starting with the SIP WG ;-)
When SIP and SRTP are used in conjunction, an appropriate
key management is necessary for SRTP. Within the MSEC WG
MIKEY has been defined, which is thought to be used (also)
for SRTP.
MIKEY and an related draft (draft-ietf-msec-MIKEY-DHHMAC-
01.txt) offer 4 different key management methods based on:
- pre-shared secrets
- public key encryption
- Diffie Hellman protected with signatures
- Diffie Hellman protected with pre-shared secrets
When MIKEY and SRTP are to be used in a SIP environment,
what would be a suitable choice out of the four options?
I'm not sure if the pre-shared secret pased methods are
suitable, since this would assume, that all users who want to
communicate need to exchange a shared secret before. Well, this
could be done by puting a shared secret in the SIP message and
securing this by S/MIME, but then MIKEY would be protected by
symmetric methods, although asymmetric technology was used to
secure the shared secret transport, namely S/MIME. One could
also use the certificates and private keys to secure MIKEY
right from the beginning.
There might be scenarios where the symmetric case is
appropriate, but I'm not sure if this is a rather general case.
Is MIKEY generally considered for key management in SIP or will
this rather be done using draft-baugher-mmusic-sdpmediasec-
00.txt secured by S/MIME?
The usage of MIKEY and SRTP is especially interesting in
conjunction with other multimedia protocols like H.323. Voice
encryption and associated key management could be performed
across the different signaling protocols.
Was there already a discussion related to this question, which
I may be missed?
Regards
Steffen
_______________________________________________
Sip mailing list https://www1.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sipping@ietf.org for new developments on the application of sip
- [Sip] RE: SRTP and MIKEY usage in SIP Elisabetta Carrara (EAB)
- [Sip] SRTP and MIKEY usage in SIP Steffen Fries