Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gatewaydeadlock
"Dan Wing" <dwing@cisco.com> Tue, 24 June 2008 22:51 UTC
Return-Path: <sip-bounces@ietf.org>
X-Original-To: sip-archive@optimus.ietf.org
Delivered-To: ietfarch-sip-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4C7053A695D; Tue, 24 Jun 2008 15:51:29 -0700 (PDT)
X-Original-To: sip@core3.amsl.com
Delivered-To: sip@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 2CE703A688A for <sip@core3.amsl.com>; Tue, 24 Jun 2008 15:51:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.549
X-Spam-Level:
X-Spam-Status: No, score=-6.549 tagged_above=-999 required=5 tests=[AWL=0.050, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yqcaHVhD1FrI for <sip@core3.amsl.com>; Tue, 24 Jun 2008 15:51:27 -0700 (PDT)
Received: from sj-iport-2.cisco.com (sj-iport-2.cisco.com [171.71.176.71]) by core3.amsl.com (Postfix) with ESMTP id 630923A695D for <sip@ietf.org>; Tue, 24 Jun 2008 15:51:27 -0700 (PDT)
X-IronPort-AV: E=Sophos;i="4.27,698,1204531200"; d="scan'208";a="59981320"
Received: from sj-dkim-2.cisco.com ([171.71.179.186]) by sj-iport-2.cisco.com with ESMTP; 24 Jun 2008 15:51:28 -0700
Received: from sj-core-1.cisco.com (sj-core-1.cisco.com [171.71.177.237]) by sj-dkim-2.cisco.com (8.12.11/8.12.11) with ESMTP id m5OMpSvl013347; Tue, 24 Jun 2008 15:51:28 -0700
Received: from dwingwxp01 ([10.32.240.194]) by sj-core-1.cisco.com (8.13.8/8.13.8) with ESMTP id m5OMpMr0016349; Tue, 24 Jun 2008 22:51:23 GMT
From: Dan Wing <dwing@cisco.com>
To: 'Dean Willis' <dean.willis@softarmor.com>, sip@ietf.org, 'Eric Rescorla' <ekr@rtfm.com>, 'Jason Fischl' <jason@counterpath.com>
References: <7C76092F-6FD4-4951-9166-935CC9001ACD@softarmor.com>
Date: Tue, 24 Jun 2008 15:51:21 -0700
Message-ID: <081801c8d64c$d6909fc0$c2f0200a@cisco.com>
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <7C76092F-6FD4-4951-9166-935CC9001ACD@softarmor.com>
Thread-Index: AcjWHt56HfeHRmgVSOGTSqlcopYg2AALfCAw
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=2202; t=1214347888; x=1215211888; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20RE=3A=20[Sip]=20A=20proposal=20for=20breaking=2 0the=20DTLS-SRTP=20vs=20RFC4474=20gatewaydeadlock |Sender:=20; bh=b4mGrtx8H5lbSyL+N+gK+vG61+B6vo3GFCIOMgH2kaU=; b=L71ltZwDM/7zSrVw6RKr4zu0aPnfqK6Fo+Q7dQQ5JTjfUnNTh9xVMMNKo5 Ix8/fIsg6b0YpJLYwJNiozOUHtyYwBoP9f6SBwMFVmj+ULgR1UvzsvA8oOlH oU85+vmP+w;
Authentication-Results: sj-dkim-2; header.From=dwing@cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: 'Cullen Jennings' <fluffy@cisco.com>, 'Keith Drage' <drage@alcatel-lucent.com>
Subject: Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gatewaydeadlock
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Archive: <https://www.ietf.org/mailman/private/sip>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: sip-bounces@ietf.org
Errors-To: sip-bounces@ietf.org
Works for me. Thanks, -d > -----Original Message----- > From: sip-bounces@ietf.org [mailto:sip-bounces@ietf.org] On > Behalf Of Dean Willis > Sent: Tuesday, June 24, 2008 10:22 AM > To: sip@ietf.org; Eric Rescorla; Jason Fischl > Cc: Cullen Jennings; Keith Drage > Subject: [Sip] A proposal for breaking the DTLS-SRTP vs > RFC4474 gatewaydeadlock > > > We've gotten stuck on a fine point in DTLS-SRTP. > > The current draft-ietf-sip-dtls-srtp-framework-01 uses an RFC 4474 > Identity header to preserve the integrity of the media key's > fingerprint, thereby detecting a certain class of MITM attack. > > However, RFC 4474 Identity headers are of questionable validity when > used with protocol gateways or B2BUAs. More or less, they're > capable > of asserting the identity of the gateway, not the identity of the > calling party. But the recipient has no real way to figure out which > is which. > > We've debated at some length, and with no good result, about whether > we should try and fix RFC 4474. We've had some suggestions that may > work for B2BUAs, and some other suggestions that may work for > gateways, but we certainly don't have a consensus. > > That leaves our chartered deliverable of DTLS-SRTP hanging, and the > milestone has gone past months ago. > > Here's a proposal: > > We add a caveat about the limitation of RFC 4474 to draft-ietf-sip- > dtls-srtp-framework and go ahead and advance that specification. If > somebody later decides to fix RFC 4474, they can do so, and if > necessary update DTLS-SRTP if needed. > > > Does that work for everybody? > > If we agree to it, I suggest that we move the date for WGLC of draft- > ietf-sip-dtls-srtp-framework to July 2008, and move the > milestone for > delivery of that doc to the IESG into September. > > -- > Dean > _______________________________________________ > Sip mailing list https://www.ietf.org/mailman/listinfo/sip > This list is for NEW development of the core SIP Protocol > Use sip-implementors@cs.columbia.edu for questions on current sip > Use sipping@ietf.org for new developments on the application of sip _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Fischer, Kai
- [Sip] A proposal for breaking the DTLS-SRTP vs RF… Dean Willis
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Eric Rescorla
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Dan Wing
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Tschofenig, Hannes (NSN - FI/Espoo)
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Elwell, John
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Eric Rescorla
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Dean Willis
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Paul Kyzivat
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Cullen Jennings
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Cullen Jennings
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Paul Kyzivat
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Cullen Jennings
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Jonathan Rosenberg
- Re: [Sip] A proposal for breaking the DTLS-SRTP v… Dean Willis
- [Sip] Visual indication of trusted identity - Re:… Dan York