[Sipping] RE: DTLS-SRTP / ICE and gating/latching policy controls
"Fischer, Kai" <kai.fischer@siemens.com> Mon, 12 November 2007 10:30 UTC
Return-path: <sipping-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1IrWZC-0003MN-6F; Mon, 12 Nov 2007 05:30:54 -0500
Received: from sipping by megatron.ietf.org with local (Exim 4.43) id 1IrWZA-0003MI-A9 for sipping-confirm+ok@megatron.ietf.org; Mon, 12 Nov 2007 05:30:52 -0500
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1IrWZA-0003MA-0E for sipping@ietf.org; Mon, 12 Nov 2007 05:30:52 -0500
Received: from goliath.siemens.de ([192.35.17.28]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1IrWZ5-0004PP-7X for sipping@ietf.org; Mon, 12 Nov 2007 05:30:51 -0500
Received: from mail2.siemens.de (localhost [127.0.0.1]) by goliath.siemens.de (8.12.6/8.12.6) with ESMTP id lACAUiQp027142; Mon, 12 Nov 2007 11:30:44 +0100
Received: from mchp771a.ww002.siemens.net (mchp771a.ww002.siemens.net [139.25.131.189]) by mail2.siemens.de (8.12.6/8.12.6) with ESMTP id lACAUiH7006998; Mon, 12 Nov 2007 11:30:44 +0100
Received: from MCHP7RDA.ww002.siemens.net ([139.25.131.171]) by mchp771a.ww002.siemens.net with Microsoft SMTPSVC(6.0.3790.3959); Mon, 12 Nov 2007 11:30:43 +0100
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Mon, 12 Nov 2007 11:30:42 +0100
Message-ID: <198A10EC585EC74687BCA414E2A5971801E47DD7@MCHP7RDA.ww002.siemens.net>
In-Reply-To: <1ECE0EB50388174790F9694F77522CCF131C83C0@zrc2hxm0.corp.nortel.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: DTLS-SRTP / ICE and gating/latching policy controls
Thread-Index: Acgk8hxJ07RtozbQRBiMA0W/t30WugAIOoXw
References: <1ECE0EB50388174790F9694F77522CCF131C83C0@zrc2hxm0.corp.nortel.com>
From: "Fischer, Kai" <kai.fischer@siemens.com>
To: Brian Stucker <bstucker@nortel.com>, Eric Rescorla <ekr@networkresonance.com>, Hannes Tschofenig <Hannes.Tschofenig@gmx.net>, Dan Wing <dwing@cisco.com>, Francois Audet <audet@nortel.com>, "Fries, Steffen" <steffen.fries@siemens.com>, Mary Barnes <mary.barnes@nortel.com>, "Elwell, John" <john.elwell@siemens.com>
X-OriginalArrivalTime: 12 Nov 2007 10:30:43.0846 (UTC) FILETIME=[147FE260:01C82517]
X-Spam-Score: -4.0 (----)
X-Scan-Signature: 0ddefe323dd869ab027dbfff7eff0465
Cc: sipping@ietf.org
Subject: [Sipping] RE: DTLS-SRTP / ICE and gating/latching policy controls
X-BeenThere: sipping@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "SIPPING Working Group \(applications of SIP\)" <sipping.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:sipping@ietf.org>
List-Help: <mailto:sipping-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/sipping>, <mailto:sipping-request@ietf.org?subject=subscribe>
Errors-To: sipping-bounces@ietf.org
Hi Brian, thanks for discussing this problem in your draft. By reading the text I have missed some discussions about the problems and requirements to the signaling channel part of media based key management resp. DTLS-SRTP. Draft-fischl-sipping-media-dtls-03 proposes to transport the certificate fingerprint as attribute in SDP to identify the key that will be presented during the DTLS handshake. Integrity protection of the signaling channel is achieved by RFC 4474, i.e. a signature is formed about some SIP header fields and the complete body. Since middle boxes acting as NAT entities manipulate the m and c lines within SDP, a signature created on the path before the middle box will be broken. Consequently, this would lead to the requirement, that the middle box acting as outbound proxy is capable to act as Authentication Service a la RFC 4474. In Figure 4 Step 4 I think that the port in the m-line should be 50000 since the inbound port in the relay is also 50000. Kai > -----Original Message----- > From: Brian Stucker [mailto:bstucker@nortel.com] > Sent: Montag, 12. November 2007 07:06 > To: Eric Rescorla; Hannes Tschofenig; Dan Wing; Francois > Audet; Fries, Steffen; Mary Barnes; Fischer, Kai; Elwell, John > Cc: sipping@ietf.org > Subject: DTLS-SRTP / ICE and gating/latching policy controls > > There was some discussion about this over on the SIP list, > but since this is going to be submitted to SIPPING I'll start > the discussion over here. > > The draft explains a couple of mechanisms (gating/latching) > that can complicate establishing an end-to-end media path, > and hence has interactions with media path signaling > protocols like ICE or DTLS-SRTP. It further goes into giving > examples of such complications and gives a few preliminary > recommendations to dealing with these interactions. > > If you're following the DTLS-SRTP threads, you'll want to > give this a look. > > http://www.ietf.org/internet-drafts/draft-sipping-stucker-medi a-path-middleboxes-00.txt <http://www.ietf.org/internet-> drafts/draft-sipping-stucker-media-path-middleboxes-00.txt> > > Regards, > Brian > > _______________________________________________ Sipping mailing list https://www1.ietf.org/mailman/listinfo/sipping This list is for NEW development of the application of SIP Use sip-implementors@cs.columbia.edu for questions on current sip Use sip@ietf.org for new developments of core SIP
- [Sipping] DTLS-SRTP / ICE and gating/latching pol… Brian Stucker
- [Sipping] RE: DTLS-SRTP / ICE and gating/latching… Fischer, Kai
- RE: [Sipping] DTLS-SRTP / ICE and gating/latching… Christer Holmberg
- [Sipping] RE: DTLS-SRTP / ICE and gating/latching… Brian Stucker
- RE: [Sipping] DTLS-SRTP / ICE and gating/latching… Christer Holmberg
- RE: [Sipping] DTLS-SRTP / ICE and gating/latching… Christer Holmberg
- RE: [Sipping] DTLS-SRTP / ICE and gating/latching… Brian Stucker
- RE: [Sipping] DTLS-SRTP / ICE and gating/latching… Dan Wing
- RE: [Sipping] DTLS-SRTP / ICE and gating/latching… Hadriel Kaplan
- RE: [Sipping] DTLS-SRTP / ICE and gating/latching… Dan Wing