[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Plan for moving forward

To: "'Lakshminath Dondeti'" <ldondeti@xxxxxxxxxxxx>, "'Eric Rescorla'" <ekr@xxxxxxxxxxxxxxxxxxxx>
Subject: RE: Plan for moving forward
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Tue, 12 Jun 2007 13:26:19 -0700
Authentication-results: sj-dkim-3; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim3002 verified; );
Cc: "'Matt Lepinski'" <mlepinski@xxxxxxx>, <ietf-rtpsec@xxxxxxx>
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2556; t=1181679980; x=1182543980; c=relaxed/simple; s=sjdkim3002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20Plan=20for=20moving=20forward |Sender:=20; bh=keilTxy/R353G96ga/5Lyva/TWw6x3r63SXLbgxHioM=; b=oE14PTC5lX+bRfcIZ9oiq8+6ilOUe9dGUXtC4KNqiHN6XJxbGkSKeRQ4zBp6lgpED9+w9Hnc +2OMTMHQ54uJ9SkpmJqbyOvRP370nHzjq/geadmlkn8ZTe7FiKlm6ig/;
In-reply-to: <466EF872.20409@xxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: AcetK0B1mFYxTJ+7TiS9KPmB8N4vYwABFCRg

I don't understand your reference to PKI.

As was explained at length -- I thought -- in Prague, DTLS-SRTP does not
require (nor recommend) that the endpoint's certificate (used for DTLS-SRTP)
be made available in any kind of certificate store ("PKI"), anywhere, by
anybody.  Taken to an extreme, One Might Say that a new certificate could be
created by the endpoints for every DTLS-SRTP call, if the endpoint was
interested in doing such a thing.

-d

> -----Original Message-----
> From: owner-ietf-rtpsec@xxxxxxxxxxxx 
> [mailto:owner-ietf-rtpsec@xxxxxxxxxxxx] On Behalf Of 
> Lakshminath Dondeti
> Sent: Tuesday, June 12, 2007 12:48 PM
> To: Eric Rescorla
> Cc: Matt Lepinski; ietf-rtpsec@xxxxxxx
> Subject: Re: Plan for moving forward
> 
> 
> Eric,
> 
> I have double checked with people about where things are in 3GPP and 
> 3GPP2 and since you care to know the details, it is a 
> somewhat complex 
> story (actually not that complex).  If DRM is involved, there 
> are client 
> certs, PKI and everything (although in case of broadcast TV, 
> the story 
> is different, the mobile operators may be trying to do away 
> with PKIs in 
> that context).  But, clearly there is someone to pay for it 
> so to speak; 
> content business is a value-add.
> 
> For other purposes, people tell me that there were attempts 
> in the past 
> and they went no where (I haven't seen them and so I don't know the 
> story for sure).  Someone could try to make a proposal and build 
> consensus now; the burden then is on the merits of the proposal.  It 
> doesn't hurt too much is not an incentive.
> 
> There are folks on this list who also contribute to PP and 
> PP2.  If you 
> disagree with my notes above, please do let us know.
> 
> regards,
> Lakshminath
> 
> On 6/7/2007 12:04 PM, Eric Rescorla wrote:
> > At Thu, 07 Jun 2007 11:26:44 -0700,
> > Lakshminath Dondeti wrote:
> >>
> >> Thanks Matt.  I know of cases where skipping the 
> self-signed cert on the 
> >> UAC side would be considered necessary.  Broadly speaking whereas 
> >> verifying server-side certs as in case of https is 
> alright, client-side 
> >> certs, self-signed or not, are not really viable at the moment.
> > 
> > Can you provide more support for this claim?
> > 
> > The problems with client auth in HTTPS are almost entirely due
> > to user interface, but in the of DTLS-SRTP, they client auth
> > is hidden under the covers of the implementation and so this
> > is not an issue.
> > 
> > -Ekr
> > 
> >

Follow-Ups:
- Re: Plan for moving forward
  - From: Lakshminath Dondeti

References:
- Re: Plan for moving forward
  - From: Lakshminath Dondeti

Prev by Date: Re: Plan for moving forward
Next by Date: Re: Plan for moving forward
Previous by thread: Re: Plan for moving forward
Next by thread: Re: Plan for moving forward
Index(es):
- Date
- Thread