[AVT] RTP: Confidentiality mechanisms

[Stephen Casner <casner@acm.org>]

In Section 9.1 of the RTP spec on Confidentiality, I added "redrawn
for each unit" to clarify that RTCP packets can't use just one random
number for all packets.  In addition, I've added two statements
requested by the IESG.

                                                        -- Steve

OLD:
   For RTCP, a 32-bit random number MUST be
   prepended to the unit before encryption to deter known plaintext
   attacks. For RTP, no prefix is required because the sequence number
   and timestamp fields are initialized with random offsets.

NEW:
   For RTCP, a 32-bit random number redrawn for
   each unit MUST be prepended to the unit before encryption to deter
   known plaintext attacks.  For RTP, no prefix is required because the
   sequence number and timestamp fields are initialized with random
   offsets.  This is considered to be a weak initialization vector (IV),
   because of poor randomness properties.  In addition, if the
   subsequent field, the SSRC, can be manipulated by an enemy, there is
   further weakness of the encryption method.



OLD:
   Other encryption algorithms MAY be
   specified dynamically for a session by non-RTP means.  It is
   RECOMMENDED that stronger encryption algorithms such as Triple-DES be
   used in place of the default algorithm.
NEW ADDITION:
   In particular, an AES
   profile taking into account known plaintext and CBC plaintext
   manipulation concerns will be the correct choice in future.

_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt