[Sipping] SIP, SRTP and MIKEY
"Steffen Fries" <steffen.fries@siemens.com> Mon, 03 February 2003 09:13 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA01351 for <sipping-archive@odin.ietf.org>; Mon, 3 Feb 2003 04:13:22 -0500 (EST)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h139IHO04778 for sipping-archive@odin.ietf.org; Mon, 3 Feb 2003 04:18:17 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h139IGJ04775 for <sipping-web-archive@optimus.ietf.org>; Mon, 3 Feb 2003 04:18:16 -0500
Received: from www1.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA01348 for <sipping-web-archive@ietf.org>; Mon, 3 Feb 2003 04:12:50 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h139G5J04717; Mon, 3 Feb 2003 04:16:05 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h139ERJ04649 for <sipping@optimus.ietf.org>; Mon, 3 Feb 2003 04:14:27 -0500
Received: from thoth.sbs.de (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA01263 for <sipping@ietf.org>; Mon, 3 Feb 2003 04:09:01 -0500 (EST)
Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by thoth.sbs.de (8.11.6/8.11.6) with ESMTP id h139Cb621458 for <sipping@ietf.org>; Mon, 3 Feb 2003 10:12:37 +0100 (MET)
Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail2.siemens.de (8.11.6/8.11.6) with ESMTP id h139CbR08036 for <sipping@ietf.org>; Mon, 3 Feb 2003 10:12:37 +0100 (MET)
Received: from mail-k.mchp.siemens.de (mail-k.mchp.siemens.de [139.23.202.237]) by mars.cert.siemens.de (8.12.7/8.12.7/$SiemensCERT: mail/cert.mc, v 1.41 2003/01/31 16:25:20 ust Exp $) with ESMTP id h139CbF7055743 for <sipping@ietf.org>; Mon, 3 Feb 2003 10:12:37 +0100 (CET)
Received: from mhpaba5c (mhpaba5c [139.23.204.46]) by mail-k.mchp.siemens.de with ESMTP id h139D4g4026201 for <sipping@ietf.org>; Mon, 3 Feb 2003 10:13:04 +0100 (MET)
From: Steffen Fries <steffen.fries@siemens.com>
Organization: Siemens AG
To: sipping@ietf.org
Date: Mon, 03 Feb 2003 10:12:36 +0100
MIME-Version: 1.0
Reply-to: steffen.fries@siemens.com
Message-ID: <3E3E4094.15559.99A289@localhost>
Priority: normal
X-mailer: Pegasus Mail for Windows (v4.02a)
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Content-description: Mail message body
Content-Transfer-Encoding: 7bit
Subject: [Sipping] SIP, SRTP and MIKEY
Sender: sipping-admin@ietf.org
Errors-To: sipping-admin@ietf.org
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Id: SIPPING Working Group (applications of SIP) <sipping.ietf.org>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Hi,
I'm not quite sure, which working group fits best for this
question, thus I'm posting this question here too. I already
had a post in the the SIP WG but got only one reply.
When SIP and SRTP are used in conjunction, an appropriate
key management is necessary for SRTP. Within the MSEC WG
MIKEY has been defined, which is thought to be used (also)
for SRTP.
MIKEY and an related draft (draft-ietf-msec-MIKEY-DHHMAC-
01.txt) offer 4 different key management methods based on:
- pre-shared secrets
- public key encryption
- Diffie Hellman protected with signatures
- Diffie Hellman protected with pre-shared secrets
When MIKEY and SRTP are to be used in a SIP environment,
what would be a suitable choice out of the four options?
I'm not sure if the pre-shared secret based methods are
suitable, since this would assume, that all users who want to
communicate need to exchange a shared secret before. Well, this
could be done by puting a shared secret in the SIP message and
securing this by S/MIME, but then MIKEY would be protected by
symmetric methods, although asymmetric technology was used to
secure the shared secret transport, namely S/MIME. One could
also use the certificates and private keys to secure MIKEY
right from the beginning.
There might be scenarios where the symmetric case is
appropriate, but I'm not sure if this is a rather general case.
Is MIKEY generally considered for key management in SIP or will
this rather be done using draft-baugher-mmusic-sdpmediasec-
00.txt secured by S/MIME?
The usage of MIKEY and SRTP is especially interesting in
conjunction with other multimedia protocols like H.323. Voice
encryption and associated key management could be performed
across the different signaling protocols.
Was there already a discussion related to this question, which
I may be missed?
Regards
Steffen
_______________________________________________
Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping
This list is for NEW development of the application of SIP
Use sip-implementors@cs.columbia.edu for questions on current sip
Use sip@ietf.org for new developments of core SIP
- [Sipping] SIP, SRTP and MIKEY Steffen Fries
- RE: [Sipping] SIP, SRTP and MIKEY Fredrik Lindholm (EAB)