[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pre-established key mode as additional requirement?

To: Dan Wing <dwing@xxxxxxxxx>
Subject: Re: pre-established key mode as additional requirement?
From: Mark Baugher <mbaugher@xxxxxxxxx>
Date: Tue, 20 Feb 2007 12:58:02 -0800
Authentication-results: sj-dkim-3; header.From=mbaugher@xxxxxxxxx; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Cc: "'David R Oran'" <oran@xxxxxxxxx>, <ietf-rtpsec@xxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1009; t=1172005091; x=1172869091; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=mbaugher@xxxxxxxxx; z=From:=20Mark=20Baugher=20<mbaugher@xxxxxxxxx> |Subject:=20Re=3A=20pre-established=20key=20mode=20as=20additional=20requ irement? |Sender:=20; bh=Y0O93L5WpduxwHEphM1jfZjyLBaMaub88Ql95/BlDKo=; b=tcVZF228g8xpHQ5Eflnpwdp5YKJKn/P7TA60LsWKlvxrMkSDSAeAZvaRiWgObDxWyEB+t4WP ygFq5v6iWjLQwh5dcgepfWb3RY90XpEj45bIO3c4F4fFX305unKXRbTN;
In-reply-to: <032101c7551a$d9776660$c2f0200a@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
References: <032101c7551a$d9776660$c2f0200a@xxxxxxxxxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx


Since the biggest requirement is for Internet operation, I would
say a MAY.  There will be only one MUST I would expect, and
that would be the default authentication mode for the Internet.
That's what we're after, isn't it?

Mark
On Feb 20, 2007, at 10:13 AM, Dan Wing wrote:

It seems eminently reasonable to support key management schemes for
rtpsec that can leverage cached/stored keying material from prior
sessions to derive new keys for the current session without
requiring expensive cryptographic authentication operations.

Are you thinking of this as a MAY, a SHOULD, or a MUST?

It feels like a MAY or SHOULD, because it is 'merely' anoptimization, and

requires a trade-off of state storage (how long do you keep this
information) versus computational effort.

I would like to hear others expectations.

Would you consider the TLS "session restart" machinery as qualifying
to meet this requirement?


Yes, I expect so.

-d

References:
- RE: pre-established key mode as additional requirement?
  - From: Dan Wing

Prev by Date: RE: [Sip] connected-identity before 200 Ok
Next by Date: draft-wing-sipping-srtp-key-00.txt
Previous by thread: RE: pre-established key mode as additional requirement?
Next by thread: RE: [Sip] RE: connected-identity before 200 Ok
Index(es):
- Date
- Thread