[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Optional SRTP with SDES?
I think Mark's comments were more aimed at your parenthetical ("in
principle anyway"). Sdescriptions has syntax (e.g. "unencrypted_srtp")
to alter a crypto suite so that authentication is still enabled while
encryption is disabled, so it accomodates establishment of unencrypted
SRTP ( oxymoronic as that sounds :) ).
Back to syntax, I think "a=security: <optional|mandatory>" is better
than "a=encryption: <optional|mandatory>", due to the ability to
negotiate unencrypted SRTP.
Regards,
Wayne
> >>>
> >>> 2) Add an encryption attribute (e.g.
> >>> "a=encryption=<optional|mandatory>").
> >>
> >> I agree that adding something explicit like this would be good.
> >> But I have a nit here: we probably want to choose a term
> other than
> >> "encryption", since SRTP can provide authentication and not
> >> encryption (in principle anyway - the sdesc spec doesn't
> include any
> >> cryptosuites that do authentication but not encryption, IIRC).
> >
> > Any sdescriptions crypto suite can signal
> "unencrypted_srtp", which is
> > effectively SRTP null encryption.
> >
> > Mark
>
> Sure, but SRTP with NULL encryption is not equivalent to RTP
> - turning off encryption is not the same as not doing SRTP.
> If I understand Rick correctly, this is why he's suggesting
> the additional "a=encryption" attribute.
>
> David
>
>
> >> Maybe "a=secure" would be better.
> >>
> >>>