[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Plan for moving forward

To: "'Cullen Jennings'" <fluffy@xxxxxxxxx>, "'Lakshminath Dondeti'" <ldondeti@xxxxxxxxxxxx>
Subject: RE: Plan for moving forward
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Sat, 2 Jun 2007 09:57:28 -0700
Authentication-results: sj-dkim-2; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim2002 verified; );
Cc: <ietf-rtpsec@xxxxxxx>, "'Sam Hartman'" <hartmans-ietf@xxxxxxx>, "'Tim Polk'" <tim.polk@xxxxxxxx>, <jon.peterson@xxxxxxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1015; t=1180803454; x=1181667454; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20Plan=20for=20moving=20forward |Sender:=20; bh=tarDQBxnoiHiAQGzyFjiAadVYOQfCLIoUEajyksnxsM=; b=ul1duUOVd83Fj6kVDGH7UWwYpyturS748zHyXblSmVdUNwOkhB0cZ6X00yc3O6V1XVQpOg9V 6J/l1Ei+0j0X6wiCe2mmCAA6pHG/CmW0lbjgPq4Np0erpOdge/Lh5WjV;
In-reply-to: <88A80F1A-CB79-4A06-860D-BD77DA30A9B8@xxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: AcelK13Y0h6VxudRQ8qFl+/4CkdKPgAC0JEw

> > One of the applications I recently 
> > came across  
> > has the Caller having the Callee authenticate first and within the  
> > resulting secure channel use a legacy method to authenticate itself.
> 
> Well, before the Montreal BOF would have been the place and time to  
> bring up that requirement. Luckily, I think you are pretty safe in  
> that this requirement is supported by the solution we are on. SIP  
> allows an INVITE to have and offer and also allows INVITES 
> without an  
> offer where the UAS sends the offer. I think this will meet your  
> requirement.

I don't think flipping who sends the offer is sufficient -- DTLS-SRTP,
as the several documents are now, uses a=fingerprint to authenticate
both endpoints.  What Lakshminath is looking for is a way for one side
to declare that they don't want their certificate used as the 
authentication mechanism, but rather wants something else used (a
password or something; 'legacy method' encompasses a lot of stuff).

-d

Follow-Ups:
- Re: Plan for moving forward
  - From: Eric Rescorla

References:
- Re: Plan for moving forward
  - From: Cullen Jennings

Prev by Date: Re: Plan for moving forward
Next by Date: RE: Media Security Requirements Draft
Previous by thread: Re: Plan for moving forward
Next by thread: Re: Plan for moving forward
Index(es):
- Date
- Thread