[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Media Security Requirements Draft: New Requirement

To: "Hannes Tschofenig" <Hannes.Tschofenig@xxxxxxx>, <dwing@xxxxxxxxx>, <ietf-rtpsec@xxxxxxx>
Subject: RE: Media Security Requirements Draft: New Requirement
From: "Christer Holmberg (JO/LMF)" <christer.holmberg@xxxxxxxxxxxx>
Date: Thu, 21 Jun 2007 13:04:58 +0200
In-reply-to: <20070609181749.251110@xxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
References: <465C9C1B.9080601@xxxxxxx> <7374777208BDC7449D5620EF9423256704BCED1A@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20070609181749.251110@xxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Aceqwn0ZMUIi4xoxQOSjpD12BiMS0QJLmpSQ
Thread-topic: Media Security Requirements Draft: New Requirement


Hi Hannes, 

>I am not sure whether this requirement is directly related to 
>media security (although it impacts it). Would ICE even work 
>if you assume such restrictive middleboxes?

You MAY have some problems with ICE also, yes (possibly also with the
protocols Dan listed, but I haven't worked with those, so I can't tell).
 
>In some sense you seem to say that key management for media 
>security has to be done along the signaling path and not 
>along the media path. 

I think that option should be considered, yes.

Regards,

Christer









> -------- Original-Nachricht --------
> Datum: Tue, 5 Jun 2007 08:55:07 +0200
> Von: "Christer Holmberg (JO/LMF)" <christer.holmberg@xxxxxxxxxxxx>
> An: "Hannes Tschofenig" <Hannes.Tschofenig@xxxxxxx>, 
> ietf-rtpsec@xxxxxxx, "Dan Wing" <dwing@xxxxxxxxx>
> Betreff: RE: Media Security Requirements Draft
> 
> > 
> > 
> > Hi,
> > 
> > In a previous thread (RE: Fwd: I-D
> > ACTION:draft-zimmermann-avt-zrtp-03.txt), when we were discussing 
> > middleboxes, Dan proposed a requirement saying something like:
> > 
> > "A solution MUST NOT expect packets to be received on the 
> media path 
> > until 200 OK, because the media path will be blocked by middleboxes 
> > until the 200 OK."
> > 
> > (I proposed to change "will be blocked" to "may be blocked")
> > 
> > However, I can't find this requirement in the latest version of the 
> > reqs draft.
> > 
> > Regards,
> > 
> > Christer
> >  
> > 
> > > -----Original Message-----
> > > From: owner-ietf-rtpsec@xxxxxxxxxxxx 
> > > [mailto:owner-ietf-rtpsec@xxxxxxxxxxxx] On Behalf Of Hannes 
> > > Tschofenig
> > > Sent: 30. toukokuuta 2007 0:33
> > > To: ietf-rtpsec@xxxxxxx
> > > Subject: Media Security Requirements Draft
> > > 
> > > 
> > > Hi all,
> > > 
> > > we have published another version of the requirements draft:
> > > 
> http://tools.ietf.org/id/draft-wing-media-security-requirements-03.t
> > > xt
> > > 
> > > The changes in the draft are focused on the following requirement:
> > > 
> > > R27:   If SRTP keying is performed over the media path, the keying
> > >            packets MUST NOT pass the RTP validity check defined in
> > >            Appendix A.1 of [RFC3550
> > > <http://www.rfc-editor.org/rfc/rfc3550.txt>]
> > > 
> > > It seems that we are getting to an end with the requirements work.
> > > 
> > > Ciao
> > > Hannes
> > > 
> > > 
>

Follow-Ups:
- RE: Media Security Requirements Draft: New Requirement
  - From: Dan Wing

References:
- Media Security Requirements Draft
  - From: Hannes Tschofenig
- RE: Media Security Requirements Draft
  - From: Christer Holmberg (JO/LMF)
- Media Security Requirements Draft: New Requirement
  - From: Hannes Tschofenig

Prev by Date: IVR/CallingCard scenario
Next by Date: RE: Media Security Requirements Draft: New Requirement
Previous by thread: RE: Media Security Requirements Draft: New Requirement
Next by thread: RE: Media Security Requirements Draft: New Requirement
Index(es):
- Date
- Thread