[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [MMUSIC] Thinking about best-effort encryption

To: "'EKR'" <ekr@xxxxxxxxxxxxxxxxxxxx>, <mmusic@xxxxxxxx>, <ietf-rtpsec@xxxxxxxxxxxx>
Subject: RE: [MMUSIC] Thinking about best-effort encryption
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Thu, 2 Nov 2006 14:17:50 -0800
Authentication-results: sj-dkim-5.cisco.com; header.From=dwing@xxxxxxxxx; dkim=pass ( sig from cisco.com verified; );
Dkim-signature: a=rsa-sha1; q=dns; l=1754; t=1162505879; x=1163369879; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:RE=3A=20[MMUSIC]=20Thinking=20about=20best-effort=20encryption; X=v=3Dcisco.com=3B=20h=3DWGIyV7uSUVLvXb1IjeG/bkgxyWk=3D; b=eDDEVMnBJ513TCgXdUKkTfs/ENkxoL33nwj5FTY0w4PzQzKT7+So4LWpNfzTvhMKe4dEHm33 aWxZKgjfqJOPjP6ko+dWmt1JEw0N5+kuayGX0N1n0WexHe5TgLbBHNtu;
In-reply-to: <20061102194830.868251CC22@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Acb+uKfXbfL2dI7gR1q3U/Lt+5ZESwAEVzoQ

> Regardless of which key management protocol we ultimately
> choose, we need to sort the fundamental architectural issue of:
> 
>    Does the signalling (SDP) have to reflect RTP/SAVP?

This isn't just a question applicable to security -- this question is
also applicable to all other RTP profiles with offer/answer, such as
sending an offer where you want the RTP feedback profile (RTP/AVPF) if
the answerer supports it, otherwise you will accept RTP without
feedback (RTP/AVP).

Applicable to security, I expect RTP/AVPFCC
(draft-ietf-avt-tfrc-profile-06.txt) will also need an RTP/SAVPFCC
profile (it handwaves at such a thing in its section 3.  Eventually
there will be a profile for running RTP directly over DCCP, too
(without UDP, as is done by draft-ietf-avt-tfrc-profile-06).

We desperately need one solution for RTP profiles to be 
negotiated in SDP.

-d

> If the answer to this question is "Yes", then we either need to:
> 
> 1. Have some convenient way to offer multiple profiles (Flemming's
>    draft surveys the space of options here).
> 2. Do an UPDATE with RTP/SAVP for every secure connection. I get
>    the impression people find this distasteful.
> 
> If the answer is "No", then you can simplify the offer/answer exchange
> by having the signal that you will do security in an a-line, 
> but at the
> cost of having the profile no longer reflect what's on the wire.
> 
> In either case, it seems like deciding this architectural issue is
> something we need to do before we spend a lot of time discussing
> the details of mechanisms.
> 
> -Ekr
> 
> _______________________________________________
> mmusic mailing list
> mmusic@xxxxxxxx
> https://www1.ietf.org/mailman/listinfo/mmusic

References:
- Thinking about best-effort encryption
  - From: EKR

Prev by Date: Re: [MMUSIC] RE: alternate RTP profiles in SDP offer/answer
Next by Date: RE: [MMUSIC] RE: alternate RTP profiles in SDP offer/answer
Previous by thread: Re: [MMUSIC] Thinking about best-effort encryption
Next by thread: RE: [MMUSIC] Thinking about best-effort encryption
Index(es):
- Date
- Thread