[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Rephrasing my sdescriptions query... Re: Security for RTP connections - some thoughts
1 - You need TLS anyways. TLS's main purpose in life is no to secure
keys in SDP. That's
just a side effect.
2 - There are environments where you do NOT want (in fact may not be
allowed) to use
end-to-end encryption of media stream, and where SDESCRIPTION is the
In fact, that would be very common in Enterprise environments.
So, we tell them to do both if they want to sell in both markets, or
pick the one that
corresponds to their target market.
[mailto:owner-ietf-rtpsec@xxxxxxxxxxxx] On Behalf Of dan_york@xxxxxxxxx
Sent: Friday, March 09, 2007 11:48
To: Alan Johnston
Subject: Re: Rephrasing my sdescriptions query... Re: Security
for RTP connections - some thoughts
Yes, I'm well aware of that document and provided Dan W.
feedback on his
original version. What I am still NOT clear on is where
TLS-encrypted SIP falls down with regard to these requirements.
> Signaling channel key agreement approaches such as SDES do not
> with common SIP features such as forking and early media -
> security is not the only reason we are standardizing a media
Okay, this is a good argument. That's that type of thing I'm
understand - if we all wind up agreeing that ZRTP or DTLS are
way to go... what do we as an industry say to those people out
implementing TLS/SIP/sdescriptions? Why should they move to
protocol we decide to use?
And if they don't see a reason to move, it means we as vendors
to factor in sdescriptions as a possible SRTP key exchange
we encounter customers with existing TLS/SIP/sdescriptions
That's where I'm going with all of this,