[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Plan for moving forward

To: "Dan Wing" <dwing@xxxxxxxxx>
Subject: Re: Plan for moving forward
From: Eric Rescorla <ekr@xxxxxxxxxxxxxxxxxxxx>
Date: Sat, 02 Jun 2007 10:36:23 -0700
Cc: "'Eric Rescorla'" <ekr@xxxxxxxxxxxxxxxxxxxx>, "'Cullen Jennings'" <fluffy@xxxxxxxxx>, "'Lakshminath Dondeti'" <ldondeti@xxxxxxxxxxxx>, <ietf-rtpsec@xxxxxxx>, "'Sam Hartman'" <hartmans-ietf@xxxxxxx>, "'Tim Polk'" <tim.polk@xxxxxxxx>, <jon.peterson@xxxxxxxxxxx>
In-reply-to: <0b5c01c7a53b$a3f367c0$10676b80@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
References: <20070602171802.81D1C33C4B@xxxxxxxxxxxxxx> <0b5c01c7a53b$a3f367c0$10676b80@xxxxxxxxxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
User-agent: Wanderlust/2.14.0 (Africa) Emacs/21.3 Mule/5.0 (SAKAKI)

At Sat, 2 Jun 2007 10:29:56 -0700,
Dan Wing wrote:
> 
> 
> > > I don't think flipping who sends the offer is sufficient -- 
> > > DTLS-SRTP,
> > > as the several documents are now, uses a=fingerprint to authenticate
> > > both endpoints.  What Lakshminath is looking for is a way 
> > > for one side
> > > to declare that they don't want their certificate used as the 
> > > authentication mechanism, but rather wants something else used (a
> > > password or something; 'legacy method' encompasses a lot of stuff).
> > 
> > Hmm... I realize we're used to thinking of certificates as a form
> > of authentication, but I think that leads people off track in
> > this case. In DTLS-SRTP, the authentication at the DTLS layer 
> > serves primarily to bind the authentication performed in the
> > signalling plane to the cryptography being done in the media 
> > plane. That's why it's OK for the certs to be self-signed and
> > just authenticated via fingerprint.
> 
> Yes, but in conjunction with SIP-Identity (RFC4474) you get
> authentication -- if, of course, you trust the entity that 
> created that RFC4474 signature.  I don't usually think of DTLS-SRTP
> without SIP-Identity, myself -- without SIP-Identity, you're getting
> little more than opportunistic encryption (unless you store the
> certificate you used last time with that same party, and/or read 
> each other's certificate fingerprints or something akin to that).

Totally agree. I'm just saying that we ought to think of the 
authentication as happening in the signalling and being transferred
into the media. We should try to avoid having authentication 
mechanisms which authenticate only the media and not the signalling.

-Ekr

Follow-Ups:
- Re: Plan for moving forward
  - From: Lakshminath Dondeti
- RE: Plan for moving forward
  - From: Dan Wing

References:
- Re: Plan for moving forward
  - From: Eric Rescorla
- RE: Plan for moving forward
  - From: Dan Wing

Prev by Date: RE: Plan for moving forward
Next by Date: RE: Plan for moving forward
Previous by thread: RE: Plan for moving forward
Next by thread: RE: Plan for moving forward
Index(es):
- Date
- Thread