[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pre-established key mode as additional requirement?
- To: <ietf-rtpsec@xxxxxxx>
- Subject: pre-established key mode as additional requirement?
- From: "Dan Wing" <dwing@xxxxxxxxx>
- Date: Mon, 19 Feb 2007 18:07:45 -0800
- Authentication-results: sj-dkim-1; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim1004 verified; );
- Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1192; t=1171937269; x=1172801269; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20pre-established=20key=20mode=20as=20additional=20requirement? |Sender:=20; bh=7BvsyDDaa04DrpzSchtB5eNwN3kvQd88ZkjxYadzsj8=; b=M3piJKwwzg7ajrvl6HF3elpuioz4lq16c1KhoE/9+i9wS+qgBKHU8Z8wLNDU/svfk4KbdgRP 4fdTmTR79feT/slYJ0TlaWKbzoBc2MW4tIzWGN0wDP/d5XkH0XDLfNTMgD6b9GhyfZTO0dWN8x vMjQjAhmzDanEkdHBc2O4PoLk=;
- List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
- List-id: <ietf-rtpsec.imc.org>
- List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
- Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
- Thread-index: AcdUk+kTf2QUBJ8hQcyU+zXHsYs1ig==
I would like to see if there is consensus for a new requirement for RTPSEC.
Specialized devices may need to avoid public key operations or
Diffie-Hellman operations because of the computational cost or because of
the additional call setup delay. For example, it can take a second or two
to perform a Diffie-Hellman operation in certain devices. Examples of these
specialized devices would include some handsets, intelligent SIMs, PSTN
gateways, and SBCs. For the typical case because a phone call hasn't yet
been established, ancillary processing cycles can be utilized to perform the
PK or DH operation; for example, in a PSTN gateway the DSP (which isn't yet
involved with typical DSP operations) could be used to perform the
calculation, so as to avoid having the central host processor perform the
calculation. Some devices, such as SBCs, handsets, and intelligent SIMs do
not have such ancillary processing capability.
Thus, it seems a useful optimization to securely set up a call the first
time with a remote endpoint, and thereafter, when communicating with the
same remote endpoint, to leverage the DH or PK that was performed
previously.
Thoughts?
-d