[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] a comment about SRTP & NATs

To: philippe.gentric@philips.com
Subject: Re: [AVT] a comment about SRTP & NATs
From: Jonathan Rosenberg <jdrosen@dynamicsoft.com>
Date: Fri, 07 Jun 2002 10:38:33 -0400
CC: avt@ietf.org
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
Organization: dynamicsoft
References: <OF7F80AFD3.53E3C281-ONC1256BD1.003552A6@diamond.philips.com>
Sender: avt-admin@ietf.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523

inline.

philippe.gentric@philips.com wrote:
> The SRTP specs (draft-ietf-avt-srtp-04.txt) says (section 3.1.3)
> 
> "
> A cryptographic context SHALL be uniquely identified by the triplet
>    context identifier:
> 
>    context id = <SSRC, destination network address, destination
>    transport port number>
> 
>    where the destination network address and the destination transport
>    port are the ones in the current RTP packet (for the sender) or SRTP
>    packet (for the receiver). It is assumed that, when presented with
>    this information, the key management returns a context with the
>    information as described in Section 3.1.
> "
> 
> But this is not absolutely clear  in case of NAT(s) en route.

I could be wrong (not being intimately familiar with SRTP), but it is my 
understanding that the context ID is never placed into the message or 
used as an input to any hash or encryption algorithms; its merely an 
index at the sender and receive to retrieve the context. If that is the 
case, it really doesn't matter that the sender and receiver have 
different values for the context ID because of nat, so long as the 
values don't change during the session, and that they have a 1-1 
relationship.

As an example, if A sends to B, and A sends to 10.0.1.1:8864, and when B 
receives it, the destination address:port is 1.2.3.4:6554, A will use 
10.0.1.1:8864 for the context ID, and B uses 1.2.3.4:6554 for the 
context ID. So long as A always sends to 10.0.1.1:8864, and this is 
consistently received at B as 1.2.3.4:6554, things should work fine; 
both sides will consistently retrieve the appropriate cryptographic context.

-Jonathan R.

-- 
Jonathan D. Rosenberg, Ph.D.            72 Eagle Rock Avenue
Chief Scientist                         First Floor
dynamicsoft                             East Hanover, NJ 07936
jdrosen@dynamicsoft.com                 FAX: (973) 952-5050
http://www.jdrosen.net                  PH:  (973) 952-5000
http://www.dynamicsoft.com

_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt

Follow-Ups:
- Re: [AVT] a comment about SRTP & NATs
  - From: Mark Baugher

References:
- [AVT] a comment about SRTP & NATs
  - From: philippe . gentric

Prev by Date: Re: [AVT] a comment about SRTP & NATs
Next by Date: Re: [AVT] a comment about SRTP & NATs
Previous by thread: Re: [AVT] a comment about SRTP & NATs
Next by thread: Re: [AVT] a comment about SRTP & NATs
Index(es):
- Date
- Thread