[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] a comment about SRTP & NATs

To: philippe.gentric@philips.com
Subject: Re: [AVT] a comment about SRTP & NATs
From: Mark Baugher <mbaugher@cisco.com>
Date: Fri, 07 Jun 2002 06:39:37 -0700
Cc: avt@ietf.org, mshore@cisco.com
In-Reply-To: <OF7F80AFD3.53E3C281-ONC1256BD1.003552A6@diamond.philips.com>
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
Sender: avt-admin@ietf.org

hi Phillipe
   We don't deal with mixers and translators in
http://www.ietf.org/internet-drafts/draft-ietf-avt-srtp-04.txt
except to say that they break end-to-end security
(viz. section 7.4).  Note that
http://www.ietf.org/internet-drafts/draft-ietf-avt-rtp-new-11.txt
identify firewalls as a problem for RTP-level translators/mixers.
I think we should defer work on SRTP intermediate systems until
we have more experience with SRTP and until the firewall traversal
protocols are mature.  We'd be wrong IMHO to reference STUN in
a protocol (SRTP) that's being considered as a Proposed
Standard when STUN is not yet a Proposed Standard.

Mark


At 02:09 PM 6/7/2002 +0200, philippe.gentric@philips.com wrote:

>The SRTP specs (draft-ietf-avt-srtp-04.txt) says (section 3.1.3)
>
>"
>A cryptographic context SHALL be uniquely identified by the triplet
>    context identifier:
>
>    context id = <SSRC, destination network address, destination
>    transport port number>
>
>    where the destination network address and the destination transport
>    port are the ones in the current RTP packet (for the sender) or SRTP
>    packet (for the receiver). It is assumed that, when presented with
>    this information, the key management returns a context with the
>    information as described in Section 3.1.
>"
>
>But this is not absolutely clear  in case of NAT(s) en route.
>
>I think it would be better to say that the SRTP cryptographic context is 
>SSRC and
>  destination address/port *as sent from the sender*
>
>(since it can be changed en route by  NATs)
>
>one then has to  assume that the receiver is aware of *this*
>"sender-side" address/port (via STUN for example)
>since it is a sine-qua-non condition for RTP anyway
>and then the receiver can use this info with the key management
>to retreive the correct context.
>
>Regards,
>
>Philippe Gentric
>Software Architect
>Philips MP4Net
>philippe.gentric@philips.com
>http://www.mpeg-4.philips.com
>
>
>_______________________________________________
>Audio/Video Transport Working Group
>avt@ietf.org
>https://www1.ietf.org/mailman/listinfo/avt


_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt

References:
- [AVT] a comment about SRTP & NATs
  - From: philippe . gentric

Prev by Date: [AVT] a comment about SRTP & NATs
Next by Date: Re: [AVT] a comment about SRTP & NATs
Previous by thread: [AVT] a comment about SRTP & NATs
Next by thread: Re: [AVT] a comment about SRTP & NATs
Index(es):
- Date
- Thread