[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
- To: Mark Baugher <mbaugher at cisco.com>
- Subject: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
- From: Eric Rescorla <ekr at rtfm.com>
- Date: Sat, 14 Aug 2004 10:01:06 -0700
- Cc: "Steven M. Bellovin" <smb at research.att.com>, Mats Näslund <mats.naslund at ericsson.com>, dilkiel at dilkie.com, nagendra at cs.stanford.edu, housley at vigilsec.com, Colin Perkins <csp at csperkins.org>, IETF AVT WG <avt at ietf.org>
- In-reply-to: Your message of "Sat, 14 Aug 2004 09:05:34 PDT." <C63157E6-EE0B-11D8-9248-000A95DC10F2@cisco.com>
- List-help: <mailto:avt-request@ietf.org?subject=help>
- List-id: Audio/Video Transport Working Group <avt.ietf.org>
- List-post: <mailto:avt@ietf.org>
- List-subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
- List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
- Sender: avt-bounces at ietf.org
Mark Baugher <mbaugher at cisco.com> wrote:
> Hi Mats
> Your point is well taken about decoupling SRTP from key
> management, which varies from pairwise key management using (say)
> IKE or MIKEY to broadcast key management using subset difference.
> I don't think DTLS has much relevance to AVT protocols and am
> copying the authors and security ADs to check my reasoning.
> SSL/TLS has been successfully deployed for a class of
> client/server applications. That is outstanding. It has some
> vulnerabilities, however, that have been exploited by phishing
> attacks, which is bad.
Phishing is a social attack, not an attack on anything specific
to SSL. It would work just as well against, say, HTTP over IPsec.
> But regardless of the pros and cons of
> SSL/TLS vs. IPsec, RTP has many peer-to-peer applications. I
> think that IPsec and/or SRTP can adequately protect almost any
> real-time RTP session between peers or between clients and server.
> I can't think of anything DTLS will do for AVT protocols beyond
> adding an unneeded alternative - and the accompanying confusion -
> to the mix.
>
> http://www.ietf.org/internet-drafts/draft-rescorla-dtls-01.txt
> should probably specifically state that it is not appropriate for
> the RTP family of protocols.
I don't understand the argument here. Unless there's some technical
reason why DTLS won't work for these applications, I don't understand
why the existence of alternative mechnisms requires a statement
that DTLS is inappropriate...
-Ekr
_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
https://www1.ietf.org/mailman/listinfo/avt