Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474gatewaydeadlock
"Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com> Wed, 25 June 2008 08:08 UTC
Return-Path: <sip-bounces@ietf.org>
X-Original-To: sip-archive@optimus.ietf.org
Delivered-To: ietfarch-sip-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 128EB3A68FA; Wed, 25 Jun 2008 01:08:56 -0700 (PDT)
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6DDE53A68FA for <sip@core3.amsl.com>; Wed, 25 Jun 2008 01:08:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.099
X-Spam-Level:
X-Spam-Status: No, score=-3.099 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IM-T9aUfFiOF for <sip@core3.amsl.com>; Wed, 25 Jun 2008 01:08:54 -0700 (PDT)
Received: from demumfd002.nsn-inter.net (demumfd002.nsn-inter.net [217.115.75.234]) by core3.amsl.com (Postfix) with ESMTP id 46A653A6852 for <sip@ietf.org>; Wed, 25 Jun 2008 01:08:54 -0700 (PDT)
Received: from demuprx016.emea.nsn-intra.net ([10.150.129.55]) by demumfd002.nsn-inter.net (8.12.11.20060308/8.12.11) with ESMTP id m5P88nSa022011 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 25 Jun 2008 10:08:49 +0200
Received: from demuexc023.nsn-intra.net (webmail.nsn-intra.net [10.150.128.36]) by demuprx016.emea.nsn-intra.net (8.12.11.20060308/8.12.11) with ESMTP id m5P88kRt009356; Wed, 25 Jun 2008 10:08:48 +0200
Received: from demuexc024.nsn-intra.net ([10.159.32.11]) by demuexc023.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.3959); Wed, 25 Jun 2008 10:08:48 +0200
Received: from FIESEXC007.nsn-intra.net ([10.159.0.15]) by demuexc024.nsn-intra.net with Microsoft SMTPSVC(6.0.3790.3959); Wed, 25 Jun 2008 10:08:48 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Wed, 25 Jun 2008 11:08:48 +0300
Message-ID: <C41BFCED3C088E40A8510B57B165C16231309B@FIESEXC007.nsn-intra.net>
In-Reply-To: <198A10EC585EC74687BCA414E2A5971802296B4A@MCHP7RDA.ww002.siemens.net>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474gatewaydeadlock
Thread-Index: AcjWHtwte7dPhd5lT0KGLuVKo++pzQAesldAAAA7gtA=
References: <7C76092F-6FD4-4951-9166-935CC9001ACD@softarmor.com> <198A10EC585EC74687BCA414E2A5971802296B4A@MCHP7RDA.ww002.siemens.net>
From: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
To: "ext Fischer, Kai" <kai.fischer@siemens.com>, Dean Willis <dean.willis@softarmor.com>, sip@ietf.org, Eric Rescorla <ekr@rtfm.com>, Jason Fischl <jason@counterpath.com>
X-OriginalArrivalTime: 25 Jun 2008 08:08:48.0201 (UTC) FILETIME=[B2231390:01C8D69A]
X-TM-AS-Product-Ver: SMEX-7.0.0.1584-5.5.1027-15992.005
X-TM-AS-Result: No--23.787100-8.000000-31
Cc: Cullen Jennings <fluffy@cisco.com>, Keith Drage <drage@alcatel-lucent.com>
Subject: Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474gatewaydeadlock
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/sip>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
Dean, I like your approach. Ciao Hannes >-----Original Message----- >From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On >Behalf Of ext Fischer, Kai >Sent: 25 June, 2008 11:06 >To: Dean Willis; sip@ietf.org; Eric Rescorla; Jason Fischl >Cc: Cullen Jennings; Keith Drage >Subject: Re: [Sip] A proposal for breaking the DTLS-SRTP vs >RFC4474gatewaydeadlock > >If it is the goal to proceed with the DTLS-SRTP framework >timely and to reach the milestone, that's the only reasonable >approach. However, I hope there will be support to fix RFC >4474 and we can address the backwards compatibility issues. > >Kai > > >> -----Original Message----- >> From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On >Behalf Of >> Dean Willis >> Sent: Dienstag, 24. Juni 2008 19:22 >> To: sip@ietf.org; Eric Rescorla; Jason Fischl >> Cc: Cullen Jennings; Keith Drage >> Subject: [Sip] A proposal for breaking the DTLS-SRTP vs >> RFC4474 gatewaydeadlock >> >> >> We've gotten stuck on a fine point in DTLS-SRTP. >> >> The current draft-ietf-sip-dtls-srtp-framework-01 uses an RFC 4474 >> Identity header to preserve the integrity of the media key's >> fingerprint, thereby detecting a certain class of MITM attack. >> >> However, RFC 4474 Identity headers are of questionable validity when >> used with protocol gateways or B2BUAs. More or less, >they're capable >> of asserting the identity of the gateway, not the identity of the >> calling party. But the recipient has no real way to figure out which >> is which. >> >> We've debated at some length, and with no good result, about whether >> we should try and fix RFC 4474. We've had some suggestions that may >> work for B2BUAs, and some other suggestions that may work for >> gateways, but we certainly don't have a consensus. >> >> That leaves our chartered deliverable of DTLS-SRTP hanging, and the >> milestone has gone past months ago. >> >> Here's a proposal: >> >> We add a caveat about the limitation of RFC 4474 to draft-ietf-sip- >> dtls-srtp-framework and go ahead and advance that specification. If >> somebody later decides to fix RFC 4474, they can do so, and if >> necessary update DTLS-SRTP if needed. >> >> >> Does that work for everybody? >> >> If we agree to it, I suggest that we move the date for WGLC >of draft- >> ietf-sip-dtls-srtp-framework to July 2008, and move the >milestone for >> delivery of that doc to the IESG into September. >> >> -- >> Dean >> _______________________________________________ >> Sip mailing list https://www.ietf.org/mailman/listinfo/sip >> This list is for NEW development of the core SIP Protocol Use >> sip-implementors@cs.columbia.edu for questions on current sip Use >> sipping@ietf.org for new developments on the application of sip >> >_______________________________________________ >Sip mailing list https://www.ietf.org/mailman/listinfo/sip >This list is for NEW development of the core SIP Protocol Use >sip-implementors@cs.columbia.edu for questions on current sip >Use sipping@ietf.org for new developments on the application of sip > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Fischer, Kai
- [Sip] A proposal for breaking the DTLS-SRTP vs RF… Dean Willis
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Eric Rescorla
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Dan Wing
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Elwell, John
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Eric Rescorla
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Dean Willis
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Paul Kyzivat
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Cullen Jennings
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Cullen Jennings
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Paul Kyzivat
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Cullen Jennings
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Jonathan Rosenberg
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Dean Willis
- [Sip] Visual indication of trusted identity - Re:… Dan York