[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Media Security Requirements Draft: New Requirement

To: "'Christer Holmberg \(JO/LMF\)'" <christer.holmberg@xxxxxxxxxxxx>, "'Hannes Tschofenig'" <Hannes.Tschofenig@xxxxxxx>, <ietf-rtpsec@xxxxxxx>
Subject: RE: Media Security Requirements Draft: New Requirement
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Fri, 22 Jun 2007 11:38:13 -0700
Authentication-results: sj-dkim-1; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim1004 verified; );
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1330; t=1182537499; x=1183401499; c=relaxed/simple; s=sjdkim1004; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20Media=20Security=20Requirements=20Draft=3A=20New=20Re quirement |Sender:=20; bh=BXsGn2Wu2RdgXV0z1JYtYYu/XDkajW1YXbsbJrYi8ss=; b=eTlO7CDLpXHDlPkm9cMW45UNe5EiV7VG1qqsaetyTQYrLVfgQkjqY440H2Ha+ZUXNzXIdHR6 WpatXyCkOHnkb8gEgjS2KVEL32ToqSeFtYV2P35G/c9ILWktbVgDWzZOm42ywwoN8AFb5wwhzp 4Z7ndEfzV7UaiIKu2NX7rrXQY=;
In-reply-to: <7374777208BDC7449D5620EF9423256705DBF99E@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Aceqwn0ZMUIi4xoxQOSjpD12BiMS0QJLmpSQAEKRJ+A=

> >I am not sure whether this requirement is directly related to 
> >media security (although it impacts it). Would ICE even work 
> >if you assume such restrictive middleboxes?
> 
> You MAY have some problems with ICE also, yes (possibly also with the
> protocols Dan listed, but I haven't worked with those, so I 
> can't tell).

Cullen mentioned any media arriving before 200 would fail -- 
including country-specific ringback tones, music played as the 
ringback tone, and IVRs ("1-800-Fedex", "Wecome to United 
Airlines, please select the following code describing the 
reason for your call").

Are those invalid use cases for RTP?  Or is IMS going to change
how SIP handles that stuff (forcing a 200?  Redefine the meaning
of 200?)

> >In some sense you seem to say that key management for media 
> >security has to be done along the signaling path and not 
> >along the media path. 
> 
> I think that option should be considered, yes.

They were considered, and found to be deficient.  

If there was an inaccuracy in the analysis 
(draft-wing-rtpsec-keying-eval-02.txt) please do point out
the inaccuracy.  To my knowledge that analysis is accurate
and reached the conclusion that no existing exclusive 
signaling-path SRTP keying mechanism met the requirements
stated at the time. 

-d

Follow-Ups:
- RE: Media Security Requirements Draft: New Requirement
  - From: Christer Holmberg (JO/LMF)

References:
- RE: Media Security Requirements Draft: New Requirement
  - From: Christer Holmberg (JO/LMF)

Prev by Date: RE: Media Security Requirements Draft: New Requirement
Next by Date: RE: Media Security Requirements Draft: New Requirement
Previous by thread: RE: Media Security Requirements Draft: New Requirement
Next by thread: RE: Media Security Requirements Draft: New Requirement
Index(es):
- Date
- Thread