[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MMUSIC] Thinking about best-effort encryption

To: "Dan Wing" <dwing@xxxxxxxxx>
Subject: Re: [MMUSIC] Thinking about best-effort encryption
From: Randell Jesup <rjesup@xxxxxxxxx>
Date: Sat, 04 Nov 2006 09:31:26 -0500
Cc: "'Francois Audet'" <audet@xxxxxxxxxx>, "'Paul Kyzivat'" <pkyzivat@xxxxxxxxx>, "'EKR'" <ekr@xxxxxxxxxxxxxxxxxxxx>, ietf-rtpsec@xxxxxxxxxxxx, mmusic@xxxxxxxx
In-reply-to: <06bf01c6ff7a$56b8c340$c5f0200a@xxxxxxxxxxxxxx> (Dan Wing's message of "Fri, 3 Nov 2006 11:00:32 -0800")
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
References: <06bf01c6ff7a$56b8c340$c5f0200a@xxxxxxxxxxxxxx>
Reply-to: Randell Jesup <rjesup@xxxxxxxxx>
Reply-to: Randell Jesup <rjesup@xxxxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

"Dan Wing" <dwing@xxxxxxxxx> writes:
>> You'll get very significant pushback from nework operators because 
>> of increase demand on proxies.
>>
>> It also means that it's unsecure at answer time.
>
>Er, I don't think so.  If you offer RTP/SAVP, and it's rejected by the
>answerer (called party), the called party's phone won't ring at all.

Even worse, if they have two phones (fork), the one that supports SAVP
will ring, and the other one won't, even if the caller would have been
willing to have an unencrypted conversation with that phone.

>> It's a valid mechanism, but I don't think it's  the best we can do.
>
>Due to HERFP, I consider re-inviting a mechanism that cannot work.  Unless
>we fix HERFP or deprecate forking.  

Reinvite is a real problem, agreed.

I'm a strong proponent of best-effort, since when making a call you don't
usually know if the final destination will support SAVP (and you really
can't know reliably).  It also will actually be deployable since it will
work with all the existing devices (without SRTP of course), like PSTN
gateways, without requiring (problematic) re-INVITE.

It's also pretty easy to implement.

-- 
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup@xxxxxxxxx
"The fetters imposed on liberty at home have ever been forged out of the weapons
provided for defence against real, pretended, or imaginary dangers from abroad."
		- James Madison, 4th US president (1751-1836)

References:
- RE: [MMUSIC] Thinking about best-effort encryption
  - From: Dan Wing

Prev by Date: RE: [MMUSIC] RE: alternate RTP profiles in SDP offer/answer
Previous by thread: RE: [MMUSIC] Thinking about best-effort encryption
Index(es):
- Date
- Thread