[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: pre-established key mode as additional requirement?

To: "'David R Oran'" <oran@xxxxxxxxx>
Subject: RE: pre-established key mode as additional requirement?
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Tue, 20 Feb 2007 10:13:40 -0800
Authentication-results: sj-dkim-4; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim4002 verified; );
Cc: <ietf-rtpsec@xxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=700; t=1171995221; x=1172859221; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20pre-established=20key=20mode=20as=20additional=20requ irement? |Sender:=20; bh=4a03Fm7usqw6TnTXdKWQj8Kc4ZCOiifFImAhDgg9C9A=; b=HMlcoNs7Sdv1vNLUnYrLpJzoIcAnqc0SHsJr/hGMWJR51ngs/dn+Lcjs0xm+Nbt7RvLLJxkQ E3xkwvfsic1+WvPAzAIoIlycL+Hx+p1UONEVP5Sn3C6D/TiCLvOzpWrq;
In-reply-to: <655642D3-2366-4D65-8280-43441EE01195@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: AcdU7SlJ6cJUZnb2SXahEqrTWpVd2wALLnmg

> It seems eminently reasonable to support key management schemes for  
> rtpsec that can leverage cached/stored keying material from prior  
> sessions to derive new keys for the current session without 
> requiring expensive cryptographic authentication operations.
> 
> Are you thinking of this as a MAY, a SHOULD, or a MUST?

It feels like a MAY or SHOULD, because it is 'merely' an optimization, and
requires a trade-off of state storage (how long do you keep this
information) versus computational effort. 

I would like to hear others expectations.

> Would you consider the TLS "session restart" machinery as qualifying  
> to meet this requirement?

Yes, I expect so.

-d

Follow-Ups:
- Re: pre-established key mode as additional requirement?
  - From: Mark Baugher

References:
- Re: pre-established key mode as additional requirement?
  - From: David R Oran

Prev by Date: RE: [Sip] RE: connected-identity before 200 Ok
Next by Date: RE: [Sip] connected-identity before 200 Ok
Previous by thread: Re: pre-established key mode as additional requirement?
Next by thread: Re: pre-established key mode as additional requirement?
Index(es):
- Date
- Thread