[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Posting in support for Protcol X, Y, or Z

To: "'Christer Holmberg $JO/LMF$'" <christer.holmberg@xxxxxxxxxxxx>, <ietf-rtpsec@xxxxxxx>
Subject: RE: Posting in support for Protcol X, Y, or Z
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Thu, 15 Mar 2007 11:53:40 -0700
Authentication-results: sj-dkim-5; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim5002 verified; );
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1785; t=1173984820; x=1174848820; c=relaxed/simple; s=sjdkim5002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20Posting=20in=20support=20for=20Protcol=20X,=20Y,=20or =20Z |Sender:=20; bh=5nixIcASTkgKViiG/YxtB4zUNra5OS7dtS6Dzz09CYw=; b=S3rzKd7poLtxujUHNOxEDDPm1YAzcv9GHJ6+Z2nev6l7Ia42ORFeXr/VEKIOBQcc4SJMiKC3 G/dB7+xzLbZnjEROgZR0EBNSJZjupo673M0/v6Q4rdmJopzHjmwfKIjk;
In-reply-to: <02f301c76731$ea684970$43686b80@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Acdm0bBPGpCUcLCBT/+N3IoNt0TT6AAELjXAABMOE9AAAFD1gAAAaCLgAABYuEA=

> > >>I also strongly think that we need to support middleboxes in the 
> > >>network, which may need to decrypt the media. The usage of 
> > >>a solution 
> > >>which supports ONLY end-to-end is going to be very limited.
> > > 
> > >We have that captured in requirement R22 of
> > >draft-wing-media-security-requirements-01.txt:
> > > 
> > >    "R22:   A solution SHOULD support media recording."
> > > 
> > >Does draft-wing-sipping-srtp-key-00.txt meet that requirement, from
> > >your perspective?
> > 
> > Does that requirement cover transcoders, media mixers and 
> > SBCs, which
> > may terminate the media, meaning that the media will be 
> > de-encrypted,
> > and forwarded possibly using another format/codec?
> 
> Somewhat; it would depend on how each end authenticates it is talking
> to the correct device.  For example, if I was using RFC4474 and using
> DTLS-SRTP, a transcoder under the control of my enterprise could be
> invoked _before the RFC4474 signature was created_, and my enterprise
> would attest the call is coming from me (which it is, through their
> transcoder).  I expect ZRTP would fail SAS validation in this similar
> situation.  I don't know what MIKEYv2 would do.

I misspoke -- that is but one way to do it.

With draft-wing-media-security-requirements, the endpoint could 
(somehow) get a transcoder to do the transcoding, and then give the
transcoder the keys necessary to transcode.  I say "somehow" because
I don't know how the endpoint would do that -- perhaps using a media
control protocol of some flavor (mediactrl working group's output?
H.248/MEGACO?).

-d



> Can you write up the specific requirement so it can be included in 
> the update to draft-wing-media-security-requirements?
> 
> -d

References:
- RE: Posting in support for Protcol X, Y, or Z
  - From: Dan Wing

Prev by Date: RE: Posting in support for Protcol X, Y, or Z
Previous by thread: RE: Posting in support for Protcol X, Y, or Z
Next by thread: Re: Posting in support for Protcol X, Y, or Z
Index(es):
- Date
- Thread