[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS

To: Mark Baugher <mbaugher at cisco.com>
Subject: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
From: philippe.gentric at philips.com
Date: Mon, 16 Aug 2004 11:04:46 +0200
Cc: IETF AVT WG <avt at ietf.org>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
Sender: avt-bounces at ietf.org

Mark you wrote:

>I think that IPsec and/or SRTP can adequately protect
>almost any real-time RTP session between peers or between clients and
>server.

Mark, this is true... they "can" ...
but they are not used for streaming services !

a) 3GPP is defining "annex K" of PSS, which is a variant of SRTP
for streaming services using RTSP (see 3GPP TS 26.234 V 0.5.0) ...
because SRTP has a cryptographic context per session, which means
you cannot "encrypt once distribute many times"...

b) I know several proprietary technologies and at least one industry
consortium
that went to the trouble of defining something different too, I am sure the
rationale
for these was not totally decorrelated from the lack of a "good "
solution...

> I can't think of anything DTLS will do for AVT protocols
>beyond adding an unneeded alternative - and the accompanying confusion
>- to the mix.

 the situation *is* already confused !-) there are much more than 2
solutions !

>For our purposes, I'd like to understand what
>advantages DTLS has over IPsec and SRTP for RTP traffic.

Yes ! And the drawbacks too!

As I mentionned above one key feature for scalable streaming
is "encrypt once distribute many times",

* you cannot do that with SRTP

* I dont think you can do it with DTLS either, right ?

* What about IPSEC, I dont think in the way it is "usable" today, IPSEC can
do it either ?
(except maybe is some specific network topologies ?)

Colin wrote:

>> Not all of us are using SIP for session establishment of RTP streams.
>
>Sure. One of the reasons I forwarded the message was because I thought
>this might be useful for an RTSP server: use RTSP/TLS to provide secure
>control, and the RTP/DLTS for secure media. Without being a security
>expert, I would expect this might simplify a certain class of
>implementation compared to IPsec and/or SRTP?

Exactly!

Can we say that the advantage of DTLS over IPsec is that it builds upon
UDP,
i.e. is easier to implement & market ?

Could it be true that the advantage of DTLS over SRTP would be that
once you have implemented TLS the delta to get DTLS is small ?

regards,

Philippe Gentric
Chief Architect
Philips Software
philippe.gentric at philips.com
http://www.software.philips.com

_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
https://www1.ietf.org/mailman/listinfo/avt

Prev by Date: [AVT] Unsuitable formulation in H.264 payload format
Next by Date: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Previous by thread: Re: [AVT] Fwd: [Tsvwg] Looking for feedback on DTLS
Next by thread: RE: [AVT] Post WG last call edits on the H.264 payload format: Technical change
Index(es):
- Date
- Thread