Re: [Speechsc] [RAI] RAI review of draft-ietf-speechsc-mrcpv2-19

[Eric Burger <eburger@standardstrack.com>]

Correct: no one doing MRCPv2, not no one at all.

On Jul 9, 2009, at 4:48 PM, Francois Audet wrote:

> Eric,
>
> I think you need to clarify the context of the following statement you
> made: "The reality is that NO ONE has implemented any security to
> date."
>
> Certainly, SRTP is widely implemented and deployed in many  
> environements
> (e.g., Enteprise telephony for example).
>
> I am assuming that your comment was specific to MRCPv2?
>
>> -----Original Message-----
>> From: rai-bounces@ietf.org [mailto:rai-bounces@ietf.org] On
>> Behalf Of Eric Burger
>> Sent: Thursday, July 09, 2009 13:28
>> To: Roni Even
>> Cc: Daniel Burnett; speechsc@ietf.org; Saravanan Shanmugham;
>> rai@ietf.org
>> Subject: Re: [RAI] RAI review of draft-ietf-speechsc-mrcpv2-19
>>
>> The reality is that NO ONE has implemented any security to
>> date. The GENART reviewer raised the same issue, and so far
>> the work group has the same response: MRCPv2 (the speechsc
>> work group) is not planning on figuring out which of the
>> seven key exchange mechanisms to use in SIP.  We are counting
>> on the community publishing something, and people using it.
>> After all, we are the "using SIP for media resource control"
>> work group, not the "media resource control work group using
>> something like SIP for control."
>>
>> Does this work for you?
>>
>> On Jul 7, 2009, at 3:40 PM, Roni Even wrote:
>>
>>> [snip]
>>>
>>>
>>> 18.   In section 12.3 the suggestion is to use SRTP as the
>> mandatory
>>> interoperability mode. If the reason for mandating SRTP is for a
>>> common mode you should also decide on a key exchange mechanism. I
>>> suggest you look
>>> athttp://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory-02
>>> for discussion on media security.
>>
>>