Re: [Speechsc] [RAI] RAI review of draft-ietf-speechsc-mrcpv2-19

["Francois Audet" <audet@nortel.com>]

Eric,

I think you need to clarify the context of the following statement you 
made: "The reality is that NO ONE has implemented any security to 
date."

Certainly, SRTP is widely implemented and deployed in many environements
(e.g., Enteprise telephony for example).

I am assuming that your comment was specific to MRCPv2?

> -----Original Message-----
> From: rai-bounces@ietf.org [mailto:rai-bounces@ietf.org] On 
> Behalf Of Eric Burger
> Sent: Thursday, July 09, 2009 13:28
> To: Roni Even
> Cc: Daniel Burnett; speechsc@ietf.org; Saravanan Shanmugham; 
> rai@ietf.org
> Subject: Re: [RAI] RAI review of draft-ietf-speechsc-mrcpv2-19
> 
> The reality is that NO ONE has implemented any security to 
> date. The GENART reviewer raised the same issue, and so far 
> the work group has the same response: MRCPv2 (the speechsc 
> work group) is not planning on figuring out which of the 
> seven key exchange mechanisms to use in SIP.  We are counting 
> on the community publishing something, and people using it.  
> After all, we are the "using SIP for media resource control" 
> work group, not the "media resource control work group using 
> something like SIP for control."
> 
> Does this work for you?
> 
> On Jul 7, 2009, at 3:40 PM, Roni Even wrote:
> 
> > [snip]
> >
> >
> > 18.   In section 12.3 the suggestion is to use SRTP as the 
> mandatory  
> > interoperability mode. If the reason for mandating SRTP is for a 
> > common mode you should also decide on a key exchange mechanism. I 
> > suggest you look 
> > athttp://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory-02
> >  for discussion on media security.
> 
>