[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Some views on Secure RTP

To: "'Craig Southeren'" <craigs@xxxxxxxxxxxxxxxxx>, "'Hannes Tschofenig'" <Hannes.Tschofenig@xxxxxxx>, <ietf-rtpsec@xxxxxxx>
Subject: RE: Some views on Secure RTP
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Tue, 13 Mar 2007 23:26:15 -0700
In-reply-to: <20070313231224.137C.CRAIGS@xxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Acdl2kUaHNFNQvEhSqmM//kDumBV0wAJyVcQ

> If your network needs to have SRTP (or any other capability) 
> signalled, then make sure your clients signal it.  This is a 
> deployment issue, not a standards issue. 
> 
> As explained previously, there is a legitimate reason why clients may
> not want to signal the use of secure RTP. This is where 
> security differs from other signalled capabilities such as payload 
> types or redundancy.

What occurs when two endpoints, belonging to the two different
categories you describe above, talk to each other?

-d


> I agree that in the absence of any such signalling, the network can
> legitimately choose not to carry secure traffic, if it can detect it.
> 
> But this could also occur if the signalling was provided, so (from the
> clients point of view) nothing is gained or lost.
> 
> ..deleted
> 
> > > > Is that adequately captured by the following requirement in
> > > > draft-wing-media-security-requirements:
> > > > 
> > > >    R21:   A solution SHOULD allow establishing SRTP 
> keying between
> > > >           different call signaling protocols (e.g., between 
> > > >           Jabber, SIP, H.323, MGCP)
> > > 
> > > That requirement says that it should be possible - it 
> doesn't say that
> > > it should be easy. :)
> > > 
> > > ZRTP meets the explicit requirement of R21 and it does so in 
> > > a way that
> > > does not require any new work in the signalling path for a 
> > > useful set of
> > > deployments. 
> > > 
> > > I can't see it getting much better than that :)
> > 
> > Can you provide wording for a requirement that you'd like to see?
> 
> Here is a suggestion
> 
> A solution SHOULD allow establishing SRTP keying without requiring any
> network elements in the call signalling path to be aware of 
> the presence
> or absence of secure media. 
> 
>    Craig
> 
> --------------------------------------------------------------
> ---------
>  Craig Southeren          Post Increment - VoIP Consulting 
> and Software
>  craigs@xxxxxxxxxxxxxxxxxxxx                   
> www.postincrement.com.au
> 
>  Phone:  +61 243654666      ICQ: #86852844
>  Fax:    +61 243656905      MSN: craig_southeren@xxxxxxxxxxx
>  Mobile: +61 417231046      Jabber: craigs@xxxxxxxxxx
> 
>  "It takes a man to suffer ignorance and smile.
>   Be yourself, no matter what they say."   Sting

Follow-Ups:
- Re: Some views on Secure RTP
  - From: Craig Southeren

References:
- Re: Some views on Secure RTP
  - From: Craig Southeren

Prev by Date: Certificates for P2P Authentication?
Next by Date: RE: Some views on Secure RTP
Previous by thread: Re: Some views on Secure RTP
Next by thread: Re: Some views on Secure RTP
Index(es):
- Date
- Thread