[Sipping] SIP, SRTP and MIKEY
"Steffen Fries" <steffen.fries@siemens.com> Mon, 03 February 2003 09:13 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA01351 for <sipping-archive@odin.ietf.org>; Mon, 3 Feb 2003 04:13:22 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h139IHO04778 for sipping-archive@odin.ietf.org; Mon, 3 Feb 2003 04:18:17 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h139IGJ04775 for <sipping-web-archive@optimus.ietf.org>; Mon, 3 Feb 2003 04:18:16 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA01348 for <sipping-web-archive@ietf.org>; Mon, 3 Feb 2003 04:12:50 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h139G5J04717; Mon, 3 Feb 2003 04:16:05 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h139ERJ04649 for <sipping@optimus.ietf.org>; Mon, 3 Feb 2003 04:14:27 -0500
Received: from thoth.sbs.de (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA01263 for <sipping@ietf.org>; Mon, 3 Feb 2003 04:09:01 -0500 (EST)
Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by thoth.sbs.de (8.11.6/8.11.6) with ESMTP id h139Cb621458 for <sipping@ietf.org>; Mon, 3 Feb 2003 10:12:37 +0100 (MET)
Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail2.siemens.de (8.11.6/8.11.6) with ESMTP id h139CbR08036 for <sipping@ietf.org>; Mon, 3 Feb 2003 10:12:37 +0100 (MET)
Received: from mail-k.mchp.siemens.de (mail-k.mchp.siemens.de [139.23.202.237]) by mars.cert.siemens.de (8.12.7/8.12.7/$SiemensCERT: mail/cert.mc, v 1.41 2003/01/31 16:25:20 ust Exp $) with ESMTP id h139CbF7055743 for <sipping@ietf.org>; Mon, 3 Feb 2003 10:12:37 +0100 (CET)
Received: from mhpaba5c (mhpaba5c [139.23.204.46]) by mail-k.mchp.siemens.de with ESMTP id h139D4g4026201 for <sipping@ietf.org>; Mon, 3 Feb 2003 10:13:04 +0100 (MET)
From: Steffen Fries <steffen.fries@siemens.com>
Organization: Siemens AG
To: sipping@ietf.org
Date: Mon, 03 Feb 2003 10:12:36 +0100
MIME-Version: 1.0
Reply-to: steffen.fries@siemens.com
Message-ID: <3E3E4094.15559.99A289@localhost>
Priority: normal
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Content-description: Mail message body
Content-Transfer-Encoding: 7bit
Subject: [Sipping] SIP, SRTP and MIKEY
Sender: sipping-admin@ietf.org
Errors-To: sipping-admin@ietf.org
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Id: SIPPING Working Group (applications of SIP) <sipping.ietf.org>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Hi, I'm not quite sure, which working group fits best for this question, thus I'm posting this question here too. I already had a post in the the SIP WG but got only one reply. When SIP and SRTP are used in conjunction, an appropriate key management is necessary for SRTP. Within the MSEC WG MIKEY has been defined, which is thought to be used (also) for SRTP. MIKEY and an related draft (draft-ietf-msec-MIKEY-DHHMAC- 01.txt) offer 4 different key management methods based on: - pre-shared secrets - public key encryption - Diffie Hellman protected with signatures - Diffie Hellman protected with pre-shared secrets When MIKEY and SRTP are to be used in a SIP environment, what would be a suitable choice out of the four options? I'm not sure if the pre-shared secret based methods are suitable, since this would assume, that all users who want to communicate need to exchange a shared secret before. Well, this could be done by puting a shared secret in the SIP message and securing this by S/MIME, but then MIKEY would be protected by symmetric methods, although asymmetric technology was used to secure the shared secret transport, namely S/MIME. One could also use the certificates and private keys to secure MIKEY right from the beginning. There might be scenarios where the symmetric case is appropriate, but I'm not sure if this is a rather general case. Is MIKEY generally considered for key management in SIP or will this rather be done using draft-baugher-mmusic-sdpmediasec- 00.txt secured by S/MIME? The usage of MIKEY and SRTP is especially interesting in conjunction with other multimedia protocols like H.323. Voice encryption and associated key management could be performed across the different signaling protocols. Was there already a discussion related to this question, which I may be missed? Regards Steffen _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] SIP, SRTP and MIKEY Steffen Fries
- RE: [Sipping] SIP, SRTP and MIKEY Fredrik Lindholm (EAB)