[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Media Security Requirements Draft: New Requirement

To: "'Christer Holmberg \(JO/LMF\)'" <christer.holmberg@xxxxxxxxxxxx>, "'Hannes Tschofenig'" <Hannes.Tschofenig@xxxxxxx>, <ietf-rtpsec@xxxxxxx>
Subject: RE: Media Security Requirements Draft: New Requirement
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Mon, 25 Jun 2007 17:22:55 -0700
Authentication-results: sj-dkim-4; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim4002 verified; );
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=2328; t=1182817379; x=1183681379; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20Media=20Security=20Requirements=20Draft=3A=20New=20Re quirement |Sender:=20; bh=gTgZslPpn7FAtp/nFLefJCVsVzqURdscYmfR6JCHUJ4=; b=S53ySRynxKwBOkiU6iwnW7Sp/UL5CMvYt2IUfeaIL8JWYiq1VEeZlTtsBvaSLJ1THqDzVzMl djFuJ5mnKCtYSF0RaWpN6a98VlxIBnCN4gmKRa2O4jHYr8fA/rrZuQ+S;
In-reply-to: <7374777208BDC7449D5620EF94232567060A8C58@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Aceqwn0ZMUIi4xoxQOSjpD12BiMS0QJLmpSQAEKRJ+AAnWoTkAAFwVJw

> Hi Dan,
> 
> First, I don't think this issue is an "IMS thing". I use the word
> "gate", but it may also apply to session border controller type of
> entities - and those you have any many different types of networks. 
> 
> >>>I am not sure whether this requirement is directly related 
> >>>to media 
> >>>security (although it impacts it). Would ICE even work if 
> >>>you assume 
> >>>such restrictive middleboxes?
> >> 
> >>You MAY have some problems with ICE also, yes (possibly 
> also with the 
> >>protocols Dan listed, but I haven't worked with those, so I can't 
> >>tell).
> > 
> >Cullen mentioned any media arriving before 200 would fail -- 
> >including country-specific ringback tones, music played as 
> >the ringback tone, and IVRs ("1-800-Fedex", "Wecome to United 
> >Airlines, please select the following code describing the 
> >reason for your call").
> >
> >Are those invalid use cases for RTP?  Or is IMS going to 
> >change how SIP handles that stuff (forcing a 200?  Redefine 
> >the meaning of 200?)
> 
> I don't think the cases above would necessarily fail, because the
> backward media direction is often opened before 200 OK, in order to
> allow announcements and other type of early media.

And DTMF tones, which are transmitted to interact with IVRs, is 
carried via INFO or NOTIFY or RFC2833?

> >>>In some sense you seem to say that key management for 
> media security 
> >>>has to be done along the signaling path and not along the 
> media path.
> >> 
> >>I think that option should be considered, yes.
> > 
> >They were considered, and found to be deficient.  
> > 
> >If there was an inaccuracy in the analysis
> (draft-wing-rtpsec-keying-eval-02.txt) please do point out 
> >the inaccuracy.  To my knowledge that analysis is accurate 
> and reached
> the conclusion that no existing exclusive 
> >signaling-path SRTP keying mechanism met the requirements 
> stated at the
> time. 
> 
> I am not familiar with that draft (neither am I aware of any other
> requirements than the ones currently being worked on in the 
> reqs draft).

draft-wing-rtpsec-keying-eval-02.txt was the basis for my
presentation at the first RAI open area meeting a couple of
years back, and the basis for my presentation at the first 
RTPSEC BoF.

-d

Follow-Ups:
- RE: Media Security Requirements Draft: New Requirement
  - From: Christer Holmberg (JO/LMF)

References:
- RE: Media Security Requirements Draft: New Requirement
  - From: Christer Holmberg (JO/LMF)

Prev by Date: RE: Media Security Requirements Draft: New Requirement
Next by Date: RE: Media Security Requirements Draft: New Requirement
Previous by thread: RE: Media Security Requirements Draft: New Requirement
Next by thread: RE: Media Security Requirements Draft: New Requirement
Index(es):
- Date
- Thread