[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] Re: [MMUSIC] RE: Draft -04 of Comedia over TLS submitted.Ready for WGLC?

Hi Jonathan,

Can you please remind where and when the decision was taken to not define TCP/TLS/RTP/AVP? All I find is some loose discussion without conclusion about the topic, but nothing I can interpret as an WG consensus on this.

I am in favor of defining both TCP/TLS/RTP/AVP and TCP/TLS/RTP/AVPF. I would also consider if TCP/TLS/RTP/SAVP is a good idea or not. I would consider TCP/TLS/RTP/SAVP a possibility in cases that requires a secure TCP/TLS connection, for example due to end point authentication, which however is a gateway to an SRTP session. If that is relevant or not is another matter.

I also agree with Lazzaro that with the current IETF lead time the only reasonable way of providing for future use cases the market wants to select it to have it ready. I don't want to be the part blocking actual deployment of security. Thus I think we should consider both TCP/RTP/SAVP and TCP/TLS/RTP/AVP.

As I see it TCP/RTP/SAVP and TCP/TLS/RTP/AVP have somewhat different security properties. TLS provides a secured transport channel with possibility to end-point authentication. The SRTP based solution provides instead group security and can be done without a trusted gateway. So they definitely are applicable in different use cases.

Jonathan Lennox wrote: 
I also noticed that the recent AVT recharter contained the bullet point:

  - to provide a framing mechanism for RTP over TCP and TLS

Was inserting TLS just someone's "this seems like a good idea" as part of
describing draft-ietf-avt-rtp-framing-contrans for the charter, or did was
this decision actually made at some point?

Again doing some searching in the archives I find that this formulation was part of the proposed charter update I sent out 2003-09-02. It is probably something we who wrote it felt was an good idea and reflected our understanding of what was going to happen.

I would interpret such that we are allowed and expected to do what the charter says. However if we do have motivation why we wouldn't, we probably can get away without doing the work.

My conclusion is that we need to discuss this topic again.

Cheers

Magnus Westerlund

Multimedia Technologies, Ericsson Research EAB/TVA/A
----------------------------------------------------------------------
Ericsson AB                | Phone +46 8 4048287
Torshamsgatan 23           | Fax   +46 8 7575550
S-164 80 Stockholm, Sweden | mailto: magnus.westerlund at ericsson.com

_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
https://www1.ietf.org/mailman/listinfo/avt