[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [AVT] a comment about SRTP & NATs
Phillipe,
Pardon my delay in responding.
At 07:18 PM 6/7/2002 +0200, philippe.gentric@philips.com wrote:
>OK,
>
>That it will work I was suspecting, I am fully satisfied now.
Good.
>I also agree it does not need to reference STUN,
>nor any detailed consideration on FW/NAT traversal;
>still:
> is not the sentence weirdly formulated ?
>
>again:
>
><quote>
>"A cryptographic context SHALL be uniquely identified by the triplet
>context identifier:
>context id = <SSRC, destination network address, destination transport
>port number>
>where the destination network address and the destination
>transport port are the ones in the current RTP packet (for the sender)"
></quote>
I think this can be a problem for key management
not for SRTP.
>Not only does it *not* say that the client and the server may need to
>maintain a *different* one
>(triplet) *and* identify that they correspond to each other
>but it says "uniquely" at a distance of approximately 4 ASCII characters
>from a
>RFC2119 capitalized key word ...
"unique" is the offending word?
>so IMHO the sentence is either too elusive or too precise !
>(or is it my english playing tricks on me again ;?)
I don't see the problem with the SRTP definition. Here is
the rtp-new definition of a session:
"
RTP session: The association among a set of participants communicating with
RTP. For each participant, the session is defined by a particular pair of
destination transport addresses (one network address plus a port pair for
RTP and RTCP). The destination transport address pair may be common for all
participants, as in the case of IP multicast, or may be different for each,
as in the case of individual unicast network addresses and port pairs. In a
multimedia session, each medium is carried in a separate RTP session with
its own RTCP packets. The multiple RTP sessions are distinguished by
different port number pairs and/or different multicast addresses.
"
An SRTP session is an RTP session with an SSRC.
thanks, Mark
>...
>
>Unless of course you accept the idea that you would end up with the need
>to later redefine that "uniquely" -in the context of SRTP-
>actually signifies that every IP device on the planet has its own ?-)
>
>
>regards,
>
>
>Philippe Gentric
>Software Architect
>Philips MP4Net
>philippe.gentric@philips.com
>http://www.mpeg-4.philips.com
>
>
>
>
> Mark
> Baugher
>
> <mbaugher@cisco. To: Jonathan
> Rosenberg <jdrosen@dynamicsoft.com>
> com> cc: Philippe
> Gentric/MP4-SUR/CE/PHILIPS@EMEA1
> avt@ietf.org
>
> 07/06/2002 17:39 Subject: Re: [AVT] a
> comment about SRTP & NATs
>
>
> Classification:
>
>
>
>
>
>
>
>
>
>At 11:02 AM 6/7/2002 -0400, Jonathan Rosenberg wrote:
>
>
>
>
> >Yes. Let me be more clear. The destination address and port are not
> >present in the packet anywhere else but in the destination address and
> >port fields (for example, within the body of the RTP packet or something).
> >If the addresses were placed elsehwere, or used as inputs to a hash, we
> >would have problems. However, it does not seem to be the case.
>
>You're right. SRTP does not put addresses in RTP packets
>and does not use IP addresses nor ports in its message
>authentication hash.
>
>Mark
>
>
> >-Jonathan R.
> >
> >
> >
> >--
> >Jonathan D. Rosenberg, Ph.D. 72 Eagle Rock Avenue
> >Chief Scientist First Floor
> >dynamicsoft East Hanover, NJ 07936
> >jdrosen@dynamicsoft.com FAX: (973) 952-5050
> >http://www.jdrosen.net PH: (973) 952-5000
> >http://www.dynamicsoft.com
> >
> >
> >_______________________________________________
> >Audio/Video Transport Working Group
> >avt@ietf.org
> >https://www1.ietf.org/mailman/listinfo/avt
_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt