[Sip] media-security-requirements and lawful intercept
"Dan Wing" <dwing@cisco.com> Tue, 06 November 2007 17:50 UTC
Return-path: <sip-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IpSZd-0004HT-EW; Tue, 06 Nov 2007 12:50:49 -0500
Received: from sip by megatron.ietf.org with local (Exim 4.43) id 1IpSZb-0004H8-Qt for sip-confirm+ok@megatron.ietf.org; Tue, 06 Nov 2007 12:50:47 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IpSZb-0004H0-HH for sip@ietf.org; Tue, 06 Nov 2007 12:50:47 -0500
Received: from sj-iport-1-in.cisco.com ([171.71.176.70] helo=sj-iport-1.cisco.com) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IpSZY-0002Mk-6H for sip@ietf.org; Tue, 06 Nov 2007 12:50:47 -0500
X-IronPort-AV: E=Sophos;i="4.21,379,1188802800"; d="scan'208";a="30535905"
Received: from sj-dkim-1.cisco.com ([171.71.179.21]) by sj-iport-1.cisco.com with ESMTP; 06 Nov 2007 09:50:43 -0800
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-1.cisco.com (8.12.11/8.12.11) with ESMTP id lA6HohpQ000837 for <sip@ietf.org>; Tue, 6 Nov 2007 09:50:43 -0800
Received: from dwingwxp01 ([10.32.240.196]) by sj-core-5.cisco.com (8.12.10/8.12.6) with ESMTP id lA6HohQ6028499 for <sip@ietf.org>; Tue, 6 Nov 2007 17:50:43 GMT
From: Dan Wing <dwing@cisco.com>
To: 'IETF SIP List' <sip@ietf.org>
Date: Tue, 06 Nov 2007 09:50:42 -0800
Message-ID: <06c101c8209d$8d543700$c4f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: AcggnYz0vr1y5PPGSTSoHa6HBVInvw==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1191; t=1194371443; x=1195235443; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing@cisco.com> |Subject:=20media-security-requirements=20and=20lawful=20intercept |Sender:=20; bh=XikQeHRa5pJOI8YS69TpGNianY0wNsq4Yg7ixhs41Y8=; b=BbSrO5XPn+tHIfWXeWEjQf13dDKrbbjHgElFohKh7jnY1gP1L5ojJbPRMiD3+TrdsbyuHJPw XjhzUV/ib0j2/zuQJldQTw4rXjymjmQRT136ZyzVZ2DIWeODvy4d82gk3kuNYtPcQOjXRKE8XI Ep2kUbQ2MohJ+XNCmEQC1PvmU=;
Authentication-Results: sj-dkim-1; header.From=dwing@cisco.com; dkim=pass (s ig from cisco.com/sjdkim1004 verified; );
X-Spam-Score: -4.0 (----)
X-Scan-Signature: ea4ac80f790299f943f0a53be7e1a21a
Subject: [Sip] media-security-requirements and lawful intercept
X-BeenThere: sip@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Session Initiation Protocol <sip.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sip@ietf.org>
List-Help: <mailto:sip-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
Errors-To: sip-bounces@ietf.org
Other SDOs have lawful intercept requirements, which are currently captured in requirement R24 in draft-ietf-sip-media-security-requirements-00: "R24: The media security key management protocol SHOULD NOT allow end users to determine whether their end-to-end interaction is subject to lawful interception." DTLS-SRTP was selected by IETF as the IETF's preferred mechanism to establish SRTP keys for unicast, point-to-point SRTP sessions. There appear to be two methods to meet R24 with DTLS-SRTP. They are: a. provide a network element on every SRTP call which relays media, performs a DTLS handshake, and decrypts and re-encrypts SRTP, or; b. have endpoints perform key disclosure for every call (using a technique similar to draft-wing-sipping-srtp-key), and perform validation of that disclosed key on every call. If these methods to meet R24 are deemed acceptable to other SDOs, we don't find any reason for those SDOs to reject IETF's decision to use DTLS-SRTP as the preferred mechanism to establish SRTP keys for unicast, point-to-point SRTP sessions. Comments welcome. -d _______________________________________________ Sip mailing list https://www1.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use sip-implementors@cs.columbia.edu for questions on current sip Use sipping@ietf.org for new developments on the application of sip
- [Sip] media-security-requirements and lawful inte… Dan Wing
- RE: [Sip] media-security-requirements and lawful … Elwell, John
- [Sip] UII to SIP INFO Narendra V
- Re: [Sip] media-security-requirements and lawful … Dean Willis
- RE: [Sip] media-security-requirements and lawful … Dan Wing
- RE: [Sip] UII to SIP INFO Bhattacharyya, Dipankar
- RE: [Sip] media-security-requirements and lawful … Fischer, Kai
- RE: [Sip] media-security-requirements and lawful … Elwell, John
- RE: [Sip] media-security-requirements and lawful … Elwell, John
- Re: [Sip] media-security-requirements and lawful … Joel M. Halpern
- Re: [Sip] media-security-requirements and lawful … Dean Willis
- Re: [Sip] media-security-requirements and lawful … Dean Willis
- Re: [Sip] media-security-requirements and lawful … Eric Rescorla
- Re: [Sip] media-security-requirements and lawful … Paul Kyzivat
- RE: [Sip] media-security-requirements and lawful … Elwell, John
- Re: [Sip] media-security-requirements and lawful … Joel M. Halpern
- Re: [Sip] media-security-requirements and lawful … Ted Hardie
- Re: [Sip] media-security-requirements and lawful … Paul Kyzivat
- RE: [Sip] media-security-requirements and lawful … Dan Wing
- RE: [Sip] media-security-requirements and lawful … Dan Wing
- RE: [Sip] media-security-requirements and lawful … Dan Wing
- Re: [Sip] media-security-requirements and lawful … Dean Willis
- Re: [Sip] media-security-requirements and lawful … Paul Kyzivat
- RE: [Sip] media-security-requirements and lawful … Ted Hardie
- Re: [Sip] media-security-requirements and lawful … Dean Willis
- RE: [Sip] media-security-requirements and lawful … Peterson, Jon
- RE: [Sip] media-security-requirements and lawful … Elwell, John
- Re: [Sip] media-security-requirements and lawful … Paul Kyzivat
- RE: [Sip] media-security-requirements and lawful … Brian Stucker
- RE: [Sip] media-security-requirements and lawful … Brian Stucker
- Re: [Sip] media-security-requirements and lawful … Paul Kyzivat
- RE: [Sip] media-security-requirements and lawful … Brian Stucker
- Re: [Sip] media-security-requirements and lawful … Paul Kyzivat
- Re: [Sip] media-security-requirements and lawful … Paul Kyzivat
- RE: [Sip] media-security-requirements and lawful … Brian Stucker
- RE: [Sip] media-security-requirements and lawful … Dan Wing
- Re: [Sip] media-security-requirements and lawful … Dean Willis
- Re: [Sip] media-security-requirements and lawful … Dean Willis
- RE: [Sip] media-security-requirements and lawful … Elwell, John
- Re: [Sip] media-security-requirements and lawful … Paul Kyzivat
- RE: [Sip] media-security-requirements and lawful … Ted Hardie
- Re: [Sip] media-security-requirements and lawful … Dean Willis
- Re: [Sip] media-security-requirements and lawful … Jonathan Rosenberg
- RE: [Sip] media-security-requirements and lawful … Frank W. Miller
- Re: [Sip] media-security-requirements and lawful … Ted Hardie
- Re: [Sip] media-security-requirements and lawful … Dean Willis
- RE: [Sip] media-security-requirements and lawful … Henry Sinnreich
- Re: [Sip] media-security-requirements and lawful … Joel M. Halpern
- RE: [Sip] media-security-requirements and lawful … DRAGE, Keith (Keith)
- RE: [Sip] media-security-requirements and lawful … Frank W. Miller
- RE: [Sip] media-security-requirements and lawful … Dan Wing
- RE: [Sip] media-security-requirements and lawful … Dan Wing
- RE: [Sip] media-security-requirements and lawful … Dwight, Timothy M (Tim)
- RE: [Sip] media-security-requirements and lawful … Fries, Steffen
- Re: [Sip] media-security-requirements and lawful … Eric Rescorla
- RE: [Sip] media-security-requirements and lawful … Fries, Steffen
- Re: [Sip] media-security-requirements and lawful … Richard Barnes
- Re: [Sip] media-security-requirements and lawful … Dean Willis
- Re: [Sip] media-security-requirements and lawful … Adam Roach
- RE: [Sip] media-security-requirements and lawful … Christer Holmberg
- Re: [Sip] media-security-requirements and lawful … Adam Roach
- [Sip] What is SIP ? (was RE: [Sip] media-security… Erkki.Koivusalo
- RE: [Sip] media-security-requirements and lawful … Christer Holmberg