[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Plan for moving forward

To: "'Eric Rescorla'" <ekr@xxxxxxxxxxxxxxxxxxxx>
Subject: RE: Plan for moving forward
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Sat, 2 Jun 2007 11:14:37 -0700
Authentication-results: sj-dkim-3; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim3002 verified; );
Cc: "'Cullen Jennings'" <fluffy@xxxxxxxxx>, "'Lakshminath Dondeti'" <ldondeti@xxxxxxxxxxxx>, <ietf-rtpsec@xxxxxxx>, "'Sam Hartman'" <hartmans-ietf@xxxxxxx>, "'Tim Polk'" <tim.polk@xxxxxxxx>, <jon.peterson@xxxxxxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=785; t=1180808083; x=1181672083; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20Plan=20for=20moving=20forward |Sender:=20; bh=8yNoMEDcd6UuPMMgJgqkEh3P/HFe0nY7IklGW2NC8zM=; b=cBxXTF9qBnXHdvC/nWdzR2NfzEX9xTkw+pp/rDgyNnTCOylPRV40uFpbY/kSxef5oRw/V5Bg aOxyuX8fTu+4t6VM38vn5pUb+ug4oYAGE3ZpO0SlNwRH9hBwr8bUXP6G;
In-reply-to: <20070602173623.41C2433C4B@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: AcelPKup4/bR1hxNSe+SPPPkcyzIuAABSyWQ


> > Yes, but in conjunction with SIP-Identity (RFC4474) you get
> > authentication -- if, of course, you trust the entity that 
> > created that RFC4474 signature.  I don't usually think of DTLS-SRTP
> > without SIP-Identity, myself -- without SIP-Identity, you're getting
> > little more than opportunistic encryption (unless you store the
> > certificate you used last time with that same party, and/or read 
> > each other's certificate fingerprints or something akin to that).
> 
> Totally agree. I'm just saying that we ought to think of the 
> authentication as happening in the signalling and being transferred
> into the media. We should try to avoid having authentication 
> mechanisms which authenticate only the media and not the signalling.

I agree.

-d

References:
- Re: Plan for moving forward
  - From: Eric Rescorla

Prev by Date: Re: Plan for moving forward
Next by Date: Re: Plan for moving forward
Previous by thread: Re: Plan for moving forward
Next by thread: Re: Plan for moving forward
Index(es):
- Date
- Thread