[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Plan for moving forward

To: Cullen Jennings <fluffy@xxxxxxxxx>
Subject: Re: Plan for moving forward
From: Lakshminath Dondeti <ldondeti@xxxxxxxxxxxx>
Date: Fri, 01 Jun 2007 23:29:51 -0700
Cc: ietf-rtpsec@xxxxxxx, Sam Hartman <hartmans-ietf@xxxxxxx>, Tim Polk <tim.polk@xxxxxxxx>, jon.peterson@xxxxxxxxxxx
In-reply-to: <5368A2F7-8C6B-4839-B2AE-8F3FA6AFA782@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
References: <5368A2F7-8C6B-4839-B2AE-8F3FA6AFA782@xxxxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.0 (Windows/20070326)


On 5/11/2007 10:42 AM, Cullen Jennings wrote:

Hi All,
I have talked to the RAI and SEC ADs and here is the rough plan for howI would like to move forward with this. I would like to split the workoff into the following working groups.
TLS
Make any modifications that may be required to DTLS to allow DTLS togenerate the keys for SRTP.

I haven't followed the TLS working group closely over the years, but Idon't recall DTLS being a TLS WG product. In any event, DTLS is notpart of the TLS charter. Are we talking about rechartering that groupto include this item? When will that happen? For the record, this workis not high priority on my list, but I am curious about the timeline. Iwould like to be not surprised by a suddenly hurried up process (e.g.,the "decision making" at the Prague meeting).

One of the things I would like to see done is to make the protocol trulypeer-to-peer, or put another way, either side can initiate and moreimportantly allow requesting the other side to authenticate first. Oneof the applications I recently came across has the Caller having theCallee authenticate first and within the resulting secure channel use alegacy method to authenticate itself.

AVT
Describe how DTLS is used to key SRTP and how SRTP is used incombination with DTLS. This includes the issues of multiplexing DTLS andSRTP on one port. draft-mcgrew-tls-srtp will be the starting draft forthis.

My take is that draft-mcgrew-tls-srtp specifies a DTLS extension forSRTP and thus belongs in a security area WG, and not in AVT. Of course,this kind of thing is up to the AD. But I wonder if you are willing toshare your thought process in arriving at this conclusion.Specifically, why do you think that the AVT WG is a better place to getthe necessary reviews for this work?


thanks,
Lakshminath

MMUSIC
Provide a scheme for transporting DTLS fingerprints in SDP offer/answer(suspect this is already done but it not, MMUSIC does it). Provide ascheme that allow an offer to say it is willing to do SRTP or RTP butwould prefer SRTP. The ongoing draft-ietf-mmusic-sdp-media-capabilitieswork should meet this need.
RAI/SEC
Write overview document on how SIP UA can secure media using combinationof DTLS/SRTP, SDP Fingerprint, Identity, Outbound, and Digest and TLSfor SIP. This document will not describe new mechanisms, it justprovides the roadmap of how they all fit together. Jon Peterson has thetoken to start this.
Cullen <with my AD hat on>

Follow-Ups:
- Re: Plan for moving forward
  - From: Sam Hartman
- Re: Plan for moving forward
  - From: Cullen Jennings

References:
- Plan for moving forward
  - From: Cullen Jennings

Prev by Date: Re: Media Security Requirements Draft
Next by Date: Re: Plan for moving forward
Previous by thread: Plan for moving forward
Next by thread: Re: Plan for moving forward
Index(es):
- Date
- Thread