[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[AVT] FEC and SRTP, some clarifications

To: "'avt at ietf.org'" <avt at ietf.org>
Subject: [AVT] FEC and SRTP, some clarifications
From: "Elisabetta Carrara (KI/EAB)" <elisabetta.carrara at ericsson.com>
Date: Mon, 26 Apr 2004 18:36:42 +0200
Cc: Mats Näslund (KI/EAB) <mats.naslund at ericsson.com>, "Karl Norrman (KI/EAB)" <karl.norrman at ericsson.com>, "'Mark Baugher' (E-mail)" <mbaugher at cisco.com>, "David A. McGrew (E-mail)" <mcgrew at cisco.com>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/avt>,<mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>,<mailto:avt-request@ietf.org?subject=unsubscribe>
Sender: avt-admin at ietf.org

Hi,
we have lately received some questions about the combined use
of SRTP and FEC. We thought of bringing them to the mailing list.

SRTP only defines the default order of the
combined processing (first FEC, then SRTP, at sender side).

First of all, the SRTP spec misses to specify normative language
about the case when the FEC stream is separated from the original
RTP stream (one possibility in RFC2733) and the latter uses
encryption. 
For this case, the normative language needed is:
the separate FEC stream MUST be encrypted if the original RTP
stream(s) is encrypted.
This text is needed because if the FEC stream (related to a
separate encrypted RTP stream) is sent unencrypted, there is a
security leakage.
RFC2733 discusses the issue and uses a SHOULD. It has to be a
MUST, and should have been present explicitly in SRTP.

Second, there are constraints on the key usage according to
how the "separate stream" is implemented. We were asked on this,
so here is a summary.
SRTP mandates that different RTP sessions must use separate
master keys, and the sharing of the master key within the same
RTP session requires unique SSRC.
RFC2733 is very open in the definition of what the "separate stream"
is. Possible key settings:

C1) if the RTP stream and the FEC stream have different SSRCs, 
and are in the same RTP session, then they MAY share the same 
master key.
Note, in case they share it, the FEC stream and the original RTP 
stream simply use the same session keys.

C2) if the RTP stream and the FEC stream have the same SSRC, 
and are in different RTP sessions, they use different master 
keys.

We hope this has answered some of the questions we got.

Cheers
/the SRTP authors


_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt

Prev by Date: RE: [AVT] Reminder: WG Last Call: draft-ietf-avt-text-red-02.txt
Next by Date: Re: [AVT] FEC and SRTP, some clarifications
Previous by thread: Re: [AVT] Reminder: WG Last Call: draft-ietf-avt-text-red-02.txt
Next by thread: Re: [AVT] FEC and SRTP, some clarifications
Index(es):
- Date
- Thread