RE: [AVT] <From, To> and MKI, FRC 3711

["Sylvain Latulippe" <slatulippe at m5t.com>]

Hi,

My understanding is the following:

Both mechanisms can be used whitin the same session. When using MKI, <From, To> mechanism can be used by the sender side for synchronizing key transitions (re-keying).

For example:

A session is started and 2 keys (KEY_1 and KEY_2) are given to the session.

Session parameters:
KEY      FROM    TO        MKI
KEY_1    0       10        1 
KEY_2    11      x         2

The sender uses KEY_1 to encrypt packets with index 0 to 10. MKI = 1 is also appended to packets 0 to 10. When building packet with index 11, the sender switches to KEY_2 and appends MKI = 2 to the packet.

On the receiver side, <From, To> is not required in this scenario. MKI is extracted from the received packet and used to retrieve the right key.

Sylvain




-----Original Message-----
From: avt-admin@ietf.org [mailto:avt-admin@ietf.org]On Behalf Of Ofer Goren
Sent: 11 mai, 2004 07:35
To: avt@ietf.org; srtp-users@lists.sourceforge.net
Subject: [AVT] <From, To> and MKI, FRC 3711


Hi.

In RFC 3711, section 8.1.1, it says that "using the MKI does not exclude using <From, To> key
   lifetime simultaneously".

As I understand it, both mechanisms can be used for the same session simultaneously. However, does the <From, To> mechanism is MANDATORY to be used every time (whether <From, To> is used or not), or can I omit it if I'm using MKI?

Thanks,

Ofer.

_______________________________________________
Audio/Video Transport Working Group
avt@ietf.org
https://www1.ietf.org/mailman/listinfo/avt