[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS

To: dilkiel at dilkie.com
Subject: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
From: Colin Perkins <csp at csperkins.org>
Date: Sun, 15 Aug 2004 13:49:24 +0100
Cc: Mark Baugher <mbaugher at cisco.com>, IETF AVT WG <avt at ietf.org>
In-reply-to: <411CD2CA.50206@dilkie.com>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
References: <2EF43AE4-ECB0-11D8-AE70-000A957FC5F2@csperkins.org> <5423F412-ECBA-11D8-A2A0-000A95DC10F2@cisco.com> <411CD2CA.50206@dilkie.com>
Sender: avt-bounces at ietf.org

Lee,

On 13 Aug 2004, at 15:40, Lee Dilkie wrote:

Mark Baugher wrote:
I don't think avt needs to be concerned with yet another way to authenticate/encrypt RTP packets in addition to SRTP and IPsec. I don't know what the advantages are of using TLS over IPsec. If security at the internetwork layer is not the right place, then we have SRTP. The only Datagram TLS application that is mentioned is SIP. I don't know why since DTLS does nothing to address SIP's real security problems, which are middle-to-middle as much as end-to-end. But this can be properly deferred to one of the SIP WGs IMHO.
Perhaps this isn't the right place for this discussion but I for one was pleased to read the paper.

This is an appropriate place for discussion of how DTLS relates to, and might possibly be used with, RTP.

And seeing that SRTP requires external mechanism's for key exchange, this solution seems to be somewhat relevant to the participants of this forum. IPsec has deployment difficulities, TLS is dependant on TCP. This proposal seems to me to address the problem space (secure UDP-based transport) nicely.


Can you elaborate on where you think this could be useful?

Not all of us are using SIP for session establishment of RTP streams.

Sure. One of the reasons I forwarded the message was because I thought this might be useful for an RTSP server: use RTSP/TLS to provide secure control, and the RTP/DLTS for secure media. Without being a security expert, I would expect this might simplify a certain class of implementation compared to IPsec and/or SRTP?

--
Colin Perkins
http://csperkins.org/


_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
https://www1.ietf.org/mailman/listinfo/avt

References:
- [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
  - From: Colin Perkins
- Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
  - From: Mark Baugher
- Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
  - From: Lee Dilkie

Prev by Date: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Next by Date: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Previous by thread: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Next by thread: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Index(es):
- Date
- Thread