[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Media Security Requirements Draft: New Requirement

To: "'Christer Holmberg \(JO/LMF\)'" <christer.holmberg@xxxxxxxxxxxx>, "'Hannes Tschofenig'" <Hannes.Tschofenig@xxxxxxx>, <ietf-rtpsec@xxxxxxx>
Subject: RE: Media Security Requirements Draft: New Requirement
From: "Dan Wing" <dwing@xxxxxxxxx>
Date: Wed, 27 Jun 2007 12:19:25 -0700
Authentication-results: sj-dkim-4; header.From=dwing@xxxxxxxxx; dkim=pass (s ig from cisco.com/sjdkim4002 verified; );
Dkim-signature: v=0.5; a=rsa-sha256; q=dns/txt; l=1746; t=1182971968; x=1183835968; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing@xxxxxxxxx; z=From:=20=22Dan=20Wing=22=20<dwing@xxxxxxxxx> |Subject:=20RE=3A=20Media=20Security=20Requirements=20Draft=3A=20New=20Re quirement |Sender:=20; bh=qf/DbLYoAuK9LwH/6blqQpzWNVoJmpdLxFlysuehlc8=; b=B11G3H9vWbdKkiwOFJvgVMgouwx2NtoiIXJOf37bK+lPg0eGdpYJrDWTPDRBMDj42Ys429sA URccMHpNqPgz+r6ZxQR+hj+ks5ulOCg0bPu36/6/cci0Zw8Fyy3Uayta;
In-reply-to: <7374777208BDC7449D5620EF94232567064FC64E@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-rtpsec/mail-archive/>
List-id: <ietf-rtpsec.imc.org>
List-unsubscribe: <mailto:ietf-rtpsec-request@imc.org?body=unsubscribe>
Sender: owner-ietf-rtpsec@xxxxxxxxxxxx
Thread-index: Aceqwn0ZMUIi4xoxQOSjpD12BiMS0QJLmpSQAEKRJ+AAnWoTkAAFwVJwACP3XCAACxFjMAAbvyWwAA8qWzA=

 

> -----Original Message-----
> From: Christer Holmberg (JO/LMF) 
> [mailto:christer.holmberg@xxxxxxxxxxxx] 
> Sent: Wednesday, June 27, 2007 5:08 AM
> To: Dan Wing; Hannes Tschofenig; ietf-rtpsec@xxxxxxx
> Subject: RE: Media Security Requirements Draft: New Requirement
> 
> 
> Hi, 
> 
> >>>draft-wing-rtpsec-keying-eval-02.txt was the basis for my
> presentation 
> >>>at the first RAI open area meeting a couple of years back, and the 
> >>>basis for my presentation at the first RTPSEC BoF.
> >> 
> >>Ok. So, does that draft take the issues currently discussed into 
> >>consideration?
> > 
> >No, we haven't revised that document since you brought up 
> >these requirements.  But the requirements you have mentioned 
> >break how SIP functions pre-200 (irrespective of SRTP).
> 
> I guess that could be discussed, but this is not the place.
>
> The main point is that I am telling how many networks (again, it's not
> IMS specific) work today. 

I agree the problems are not specific to RTPSEC.  SIP doesn't
consider this stuff, neither does AVT.  IETF doesn't give much
thought to firewalls or anything that blocks packets.

> But, if we don't want to take that into consideration I would suggest
> that we clearly state, in order to avoiding having similar discussions
> in the future, that the mechanism we are working on may not be
> applicable to networks where these kind of functions exist.

As this isn't specific to RTPSEC (this isn't the place to discuss
it), why burden only RTPSEC with this?  It implies that only RTPSEC
keying will break, when in reality other SIP things will break.


It seems we need a "blocking the media path before 200 OK 
considered harmful" document.

-d

Follow-Ups:
- RE: Media Security Requirements Draft: New Requirement
  - From: Christer Holmberg (JO/LMF)

References:
- RE: Media Security Requirements Draft: New Requirement
  - From: Christer Holmberg (JO/LMF)

Prev by Date: Re: Media Security Requirements Draft: New Requirement
Next by Date: RE: Media Security Requirements Draft: New Requirement
Previous by thread: RE: Media Security Requirements Draft: New Requirement
Next by thread: RE: Media Security Requirements Draft: New Requirement
Index(es):
- Date
- Thread