[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Media Security Requirements Draft: New Requirement

To: "Dan Wing" <dwing@xxxxxxxxx>, "Hannes Tschofenig" <Hannes.Tschofenig@xxxxxxx>, <ietf-rtpsec@xxxxxxx>
Subject: RE: Media Security Requirements Draft: New Requirement
From: "Christer Holmberg (JO/LMF)" <christer.holmberg@xxxxxxxxxxxx>
Date: Mon, 25 Jun 2007 23:53:03 +0200
In-reply-to: <018e01c7b4fc$80de5080$78a36b80@xxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
References: <7374777208BDC7449D5620EF9423256705DBF99E@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <018e01c7b4fc$80de5080$78a36b80@xxxxxxxxxxxxxx>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Aceqwn0ZMUIi4xoxQOSjpD12BiMS0QJLmpSQAEKRJ+AAnWoTkA==
Thread-topic: Media Security Requirements Draft: New Requirement


Hi Dan,

First, I don't think this issue is an "IMS thing". I use the word
"gate", but it may also apply to session border controller type of
entities - and those you have any many different types of networks. 

>>>I am not sure whether this requirement is directly related to media 
>>>security (although it impacts it). Would ICE even work if you assume 
>>>such restrictive middleboxes?
>> 
>>You MAY have some problems with ICE also, yes (possibly also with the 
>>protocols Dan listed, but I haven't worked with those, so I can't 
>>tell).
> 
>Cullen mentioned any media arriving before 200 would fail -- 
>including country-specific ringback tones, music played as 
>the ringback tone, and IVRs ("1-800-Fedex", "Wecome to United 
>Airlines, please select the following code describing the 
>reason for your call").
>
>Are those invalid use cases for RTP?  Or is IMS going to 
>change how SIP handles that stuff (forcing a 200?  Redefine 
>the meaning of 200?)

I don't think the cases above would necessarily fail, because the
backward media direction is often opened before 200 OK, in order to
allow announcements and other type of early media.
 
>>>In some sense you seem to say that key management for media security 
>>>has to be done along the signaling path and not along the media path.
>> 
>>I think that option should be considered, yes.
> 
>They were considered, and found to be deficient.  
> 
>If there was an inaccuracy in the analysis
(draft-wing-rtpsec-keying-eval-02.txt) please do point out 
>the inaccuracy.  To my knowledge that analysis is accurate and reached
the conclusion that no existing exclusive 
>signaling-path SRTP keying mechanism met the requirements stated at the
time. 

I am not familiar with that draft (neither am I aware of any other
requirements than the ones currently being worked on in the reqs draft).

Regards,

Christer

Follow-Ups:
- RE: Media Security Requirements Draft: New Requirement
  - From: Dan Wing

References:
- RE: Media Security Requirements Draft: New Requirement
  - From: Christer Holmberg (JO/LMF)
- RE: Media Security Requirements Draft: New Requirement
  - From: Dan Wing

Prev by Date: RE: Media Security Requirements Draft: New Requirement
Next by Date: RE: Media Security Requirements Draft: New Requirement
Previous by thread: RE: Media Security Requirements Draft: New Requirement
Next by thread: RE: Media Security Requirements Draft: New Requirement
Index(es):
- Date
- Thread