Re: [AVT] SRTP Question

[Mats Näslund <mats.naslund at ericsson.com>]

Hi

Just to make sure we mean the same thing:

Steffen Fries wrote:

> Hi Mark,
>
> thanks for your comments.
>
> Yes, you are right, it might not hit us soon, it was more a
> question of completeness. Nevertheless, there might be scenarios
> were one of the participants chooses just a small intervall
> <From, To> and uses video and audio, this condition may occur.

Note: setting a very small <From, To> interval but "forgetting"
to re-key as the interval expires is *not* a problem from security
point of view. Sure, sender/receiver may loose synch, but security
isn't compromised.

The only bound relating to security is the absloute 2^48 packets
upper bound. Note also that this is in terms of number of packets.
Thus, even if the 48-bit index should wrap modulo 2^48 (e.g.
due to initially not starting from zero) this is still fine as
long as you maintain/enforce the 2^48 packer limit.

Best,

/Mats
> Anyway, your answer suggest exactly what I was thinking.
>
> Ciao
>         Steffen
>  
>
> Date sent:              Sat, 17 Jul 2004 12:29:59 -0700
> To:                     steffen.fries at siemens.com
> From:                   Mark Baugher <mbaugher at cisco.com>
> Subject:                Re: [AVT] SRTP Question
> Copies to:              avt at ietf.org
>
>  > At 08:05 AM 7/16/2004, Steffen Fries wrote:
>  > >Hi,
>  > >
>  > >I've got another question to SRTP ;-)
>  > >
>  > >Within RFC3711 it is mentioned in section 3.3.1:
>  > >"...  After that number of SRTP packets have been sent
>  > >with a given (master or session) key, the sender MUST NOT send
>  > >any more packets with that key. ..."
>  > >
>  > >Further, section 8.1.1 reads:
>  > >"... The default values for the <From, To> are "from the first
>  > >observed packet" and "until further notice".  However, the
>  > >maximum limit of SRTP/SRTCP packets that are sent under each
>  > >given master/session key (Section 9.2) MUST NOT be exceeded...."
>  > >
>  > >Does this mean, that both sender and receiver have to ensure,
>  > >that the maximum number of packets encrypted with the same key
>  > >is not exceeded? If yes, is the recommendation, that the
>  > >receiver discards the packets that are received after the key
>  > >usage has reached the maximum limit?
>  >
>  > This probably should have been spelled out in RFC 3711 because there
>  > are number of alternative actions such as discard the packets, stop
>  > receiving the stream in the case of multicast, leave the session
>  > regardless of how many senders are securely sending when one sender
>  > violates the key lifetime.
>  >
>  > I would say that the session is no longer secure and the receiver
>  > should leave the session and log the condition.
>  >
>  > Thankfully, this is a very unlikely event in the forseeable future.
>  >
>  > Mark
>  >
>  >
>  > >Ciao
>  > >         Steffen
>  > >


_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
https://www1.ietf.org/mailman/listinfo/avt