Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-04 - Christer's review
Christer Holmberg <christer.holmberg@ericsson.com> Fri, 25 May 2018 13:16 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: sipbrandy@ietfa.amsl.com
Delivered-To: sipbrandy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F317128954 for <sipbrandy@ietfa.amsl.com>; Fri, 25 May 2018 06:16:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OO48xB6goFIe for <sipbrandy@ietfa.amsl.com>; Fri, 25 May 2018 06:16:05 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9B14126CD6 for <sipbrandy@ietf.org>; Fri, 25 May 2018 06:16:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; d=ericsson.com; s=mailgw201801; c=relaxed/simple; q=dns/txt; i=@ericsson.com; t=1527254162; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:CC:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=F1bLDW+wDw8+rRPuL1rJ/x+37z9HExsUXuJ/p5vu7KM=; b=OwDaG22fbd2tjECrYCdXewO+rI17WFaHw9Y1qdjCl3vbkM+4LkEJ9O582Lds5Q1/ UnP/NJ/IE9EevWMqL385VWh6F9Zgfbt9/vHQN2OruVlPofvcMI6/Ys2pSpAb8OOB VxKKO/v6LFiI31XRTveG8upeJKolY7XVRWvi6PNChmw=;
X-AuditID: c1b4fb3a-77c239c00000451c-1b-5b080c925cb1
Received: from ESESSHC007.ericsson.se (Unknown_Domain [153.88.183.39]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 59.C6.17692.29C080B5; Fri, 25 May 2018 15:16:02 +0200 (CEST)
Received: from ESESSMB109.ericsson.se ([169.254.9.29]) by ESESSHC007.ericsson.se ([153.88.183.39]) with mapi id 14.03.0382.000; Fri, 25 May 2018 15:15:45 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Andy Hutton <andyhutton.ietf@gmail.com>
CC: "sipbrandy@ietf.org" <sipbrandy@ietf.org>
Thread-Topic: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-04 - Christer's review
Thread-Index: AQHT2H1MtettfGxkckGZ8W9pjatITaQ+0HeAgAAnchD//+piAIAAJVKA///h1QCAADjngIABO+gAgABFIAA=
Date: Fri, 25 May 2018 13:15:44 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B72F0960E@ESESSMB109.ericsson.se>
References: <D6FF722F.2E7B0%christer.holmberg@ericsson.com> <CAB7PXwTrakvHFaLs8sR_BPGtDcrbvmz3NLw1jOBdA8KOeC=Yqg@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B72F05085@ESESSMB109.ericsson.se> <CAB7PXwQBHvVX_FB+O5TOT_5RM37yhOZOva-P+SePkZvjrf1D2w@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B72F05308@ESESSMB109.ericsson.se> <CAB7PXwSzc2CpzOm3Y9-JmanDLMQ8e3LDR9hCCpR7nZydZ1m4fg@mail.gmail.com> <D72C9473.307DE%christer.holmberg@ericsson.com> <CAB7PXwQ1SFHTrUEL4JA7CpDbEb4=jK5RhQxB2F-sRgy0tqfUZQ@mail.gmail.com>
In-Reply-To: <CAB7PXwQ1SFHTrUEL4JA7CpDbEb4=jK5RhQxB2F-sRgy0tqfUZQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.166]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrNLMWRmVeSWpSXmKPExsUyM2K7uu4kHo5og2knDS0urdvKZLFi3Skm ByaPnbPusnssWfKTKYApissmJTUnsyy1SN8ugStj2qVm1oI5mhXvJu9jaWCcotHFyMkhIWAi sfbLGvYuRi4OIYEjjBJ7b/cyQjiLGSU+P1sF5HBwsAlYSHT/0wZpEBHQlng3ZQcriM0soCtx 5OMMMFtYIEji/LG5bBA1wRKP+k6yQNhJEn8XbWQEsVkEVCX65+5mArF5BXwl+tc9YoHYNZFF 4nTfNbAiToFAiebVS8GGMgqISXw/tYYJYpm4xK0n85kgrhaQWLLnPDOELSrx8vE/VghbSeLo 6UusIDczC2hKrN+lD9GqKDGl+yE7xF5BiZMzn7BMYBSdhWTqLISOWUg6ZiHpWMDIsopRtDi1 uDg33chIL7UoM7m4OD9PLy+1ZBMjMEoObvlttYPx4HPHQ4wCHIxKPLwMj9mjhVgTy4orcw8x SnAwK4nwOnBzRAvxpiRWVqUW5ccXleakFh9ilOZgURLndUqziBISSE8sSc1OTS1ILYLJMnFw SjUwxoluPm+sIKpy4MCpLJNb5ev+bNrcqf5DTohFf5XpokLeiPDPsquOhrs8+/xrb0LY1i2W scv5F905tO7mzTcXK7Y4POTRv6hjF3B1wb1lnM9qXvU+qTVxVta6auRw0/DogYlT/rEd10mb 3S1ZevVl5GdH1cCzSwoZTMzuTbY6uz+FL+ToDaeNS5RYijMSDbWYi4oTAZV+N0SOAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/sipbrandy/LUJrvQT7QN7d1GnxWpP5iQx_dK0>
Subject: Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-04 - Christer's review
X-BeenThere: sipbrandy@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: SIPBRANDY working group discussion list <sipbrandy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sipbrandy/>
List-Post: <mailto:sipbrandy@ietf.org>
List-Help: <mailto:sipbrandy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipbrandy>, <mailto:sipbrandy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 May 2018 13:16:08 -0000
Hi Andy, Below is a suggestion for an "SDP Offer/Answer Considerations" section. Feel free to use, modify or throw in the trash bin :) Regards, Christer --------------- X. SDP Offer/Answer Considerations This section defines the SDP offer/answer considerations for opportunistic security. The procedures are for a specific m- section describing RTP-based media. If an SDP offer or answer contains multiple such m- sections, the procedures are applied to each m- section individually. "Initial OPSRTP offer" refers to the offer in which oportunistic security is offered for an m- section for the first time within an SDP session. X.1. Generating the Initial OPSRTP Offer When an offerer sends an initial offer, in order to offer opportunistic security for a m- section descrbing RTP-based media, the offerer MUST: - indicate the RTP/AVP profile [RFC3551] (or the RTP/AVPF profile [RFCXXXX]) in the proto sub-field of the m- section; and - include the SRTP keying attributes associated with one or more SRTP key managmenebt mechanism in the m- section: -- In case of DTLS-SRTP key agreement [RFC5763], the keying attributes are provided using the SDP Fingerprint attribute. -- In case of SDP Security Descriptions key agreement [RFC4568], the keying attributes are provided using the SDP Crypto attribute. -- In case of ZRTP key agreement [RFC6189], the keying attributes are provided using the SDP zrtp-hash attribute. X.2 Generating the Answer When an answerer generates an answer to an offer which offers opportunistic security for an m- description [Section X.1], if the answerer accepts usage of SRTP and the indicated key management mechanism, the answerer generates an answer and MUST: - indicate one SRTP/AVP profile (or the SRTP/AVPF profile) in the proto sub-field of the corresponding m- section in the answer; and - indicate the SRTP keying attributes associated with the chosen key management mechanism; If the answerer does not accept the offered security for an m- section, but does accept the m- section, the answerer MUST indicate the RTP/AVP profile (or the RTP/AVPF) in the proto sub-field of the corresponding m- section in the answer, using normal procedures for negotiating non-secured RTP media. The answerer MUST NOT include any keying attributes in the m- section. If an m- section of the offer indicates previously negotiated SRTP, if the answerer accepts to continue using SRTP, the answerer will generate the corresponding m- section in the answer using the normal offer/answer procedures for SRTP and the used key management mechanism. If SRTP has previously been negotiated, if a subsequent offer offers opportunistic security, the answerer can choose to continue using SRTP (and generate the answer as described in the first paragraph above), or disable SRTP (and generate the answer as described in the second paragraph above). Once the answerer has sent an answer, in which it indicates usage of SRTP for an m- section, the answerer will trigger normal procedures associated with SRTP and the negotiated key management mechanism. X.3 Offerer Processing the Answer When the offerer receives an answer, if the answerer accepts the usage of SRTP, the answerer will trigger normal procedures associated with SRTP and the negotiated key management mechanism. X.4 Modifying the Session When an offerer sends a subsequent offer, if SRTP has previously been negotiated for an m- section in the offer, the offerer MUST either: - indicate the SRTP/AVP profile (or the SRTP/AVPF profile), indicating that the offerer wants to continue using SRTP; or - re-offer opportunistic security, using the procedures in section X.1. As described in Section X.2, the answerer can choose to continue using SRTP, or switch to non-secure RTP.
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-… Christer Holmberg
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-… Andy Hutton
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-… Christer Holmberg
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-… Andy Hutton
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-… Christer Holmberg
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-… Andy Hutton
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-… Christer Holmberg
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-… Andy Hutton
- Re: [Sipbrandy] WGLC: draft-ietf-sipbrandy-osrtp-… Christer Holmberg