[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS

To: dilkiel at dilkie.com
Subject: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
From: Mark Baugher <mbaugher at cisco.com>
Date: Fri, 13 Aug 2004 09:18:23 -0700
Cc: Colin Perkins <csp at csperkins.org>, IETF AVT WG <avt at ietf.org>
In-reply-to: <411CD2CA.50206@dilkie.com>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
References: <2EF43AE4-ECB0-11D8-AE70-000A957FC5F2@csperkins.org> <5423F412-ECBA-11D8-A2A0-000A95DC10F2@cisco.com> <411CD2CA.50206@dilkie.com>
Sender: avt-bounces at ietf.org

Hi

On Aug 13, 2004, at 7:40 AM, Lee Dilkie wrote:

Mark Baugher wrote:
I don't think avt needs to be concerned with yet another way to authenticate/encrypt RTP packets in addition to SRTP and IPsec. I don't know what the advantages are of using TLS over IPsec. If security at the internetwork layer is not the right place, then we have SRTP. The only Datagram TLS application that is mentioned is SIP. I don't know why since DTLS does nothing to address SIP's real security problems, which are middle-to-middle as much as end-to-end. But this can be properly deferred to one of the SIP WGs IMHO.

Perhaps this isn't the right place for this discussion but I for one was pleased to read the paper. And seeing that SRTP requires external mechanism's for key exchange, this solution seems to be somewhat relevant to the participants of this forum.

If you're saying that DTLS key establishment can be used for SRTP sessions, then I'd like to understand how this is done.

IPsec has deployment difficulities, TLS is dependant on TCP. This proposal seems to me to address the problem space (secure UDP-based transport) nicely.

The deployment issues of IPsec are not relevant to AVT, nor are the TLS VPN deployment issues that are encountered when trying to replace IPsec with TLS. This is an interesting and important topic, and I think there is much more to it than what's in the DTLS paper. But this is not the right forum. For our purposes, I'd like to understand what advantages DTLS has over IPsec and SRTP for RTP traffic. What does this group need to do, if anything, or be aware of, if anything, with respect to DTLS?

Not all of us are using SIP for session establishment of RTP streams.

I mentioned SIP because the document mentions SIP as the application that needs DTLS. There's no mention of RTP or real-time applications, just SIP. If you have a well thought-out use for DTLS and RTP, I would like to hear it.

Mark


regards,

Lee Dilkie

Mitel

_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
https://www1.ietf.org/mailman/listinfo/avt

_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
https://www1.ietf.org/mailman/listinfo/avt

Follow-Ups:
- Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
  - From: Colin Perkins

References:
- [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
  - From: Colin Perkins
- Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
  - From: Mark Baugher
- Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
  - From: Lee Dilkie

Prev by Date: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Next by Date: RE: Media Types in 3GPP Timed text draft (was: RE: [AVT] RTP andMedia Types)
Previous by thread: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Next by thread: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Index(es):
- Date
- Thread