[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] draft-zimmermann-avt-zrtp-00.txt

To: "Even, Roni" <roni.even at polycom.co.il>
Subject: Re: [AVT] draft-zimmermann-avt-zrtp-00.txt
From: Alan Johnston <alan at sipstation.com>
Date: Tue, 28 Feb 2006 08:26:11 -0600
Cc: avt at ietf.org, Philip Zimmermann <prz at mit.edu>
In-reply-to: <144ED8561CE90C41A3E5908EDECE315C0342905C@IsrExch01.israel.polycom.com>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
References: <144ED8561CE90C41A3E5908EDECE315C0342905C@IsrExch01.israel.polycom.com>
User-agent: Mozilla Thunderbird 1.0.7 (Macintosh/20050923)

Hi Roni,

Thanks for your comments - see mine below.

Thanks,
Alan

Even, Roni wrote:

Hi,
I read the draft and find it interesting I have some questions.
1. The key exchange is done after the RTP connection is established, this means that until the end of key exchange both sides will send non-encrypted information.

Correct.

I think that the document should address the issue. One way is to recommend using no-op packets until the system will start to encrypt and indicating this to the user.

This is an excellent idea to use no-op packets. The Zfone implementation uses a GUI and tones to indicate the status of the call to the user (insecure, securing, or secure).

2. It is not clear to me how does the receiver know which is the first
packet that is encrypted.

The first packet that is encrypted is the Confirm1 message. It has a known plain text string in the SRTP payload so that the endpoint can verify that decryption has been successful. The other side then sends a Confirm2 message to confirm the encryption on the other side. After the Conf2ACK, the key agreement is over and normal SRTP packets with media can then be exchanged.

3. In section 10 you have "If both UAs support ZRTP, they will first try
ZRTP before attempting SRTP". I assume that it means that even though
the sides already have a shared secret they should not start SRTP and do
ZRTP exchange first.

Correct.

What is the reason for that. Based on my first comment it will make sense to start SRTP when starting to send media and maybe use re-key based on ZRTP.

We were trying to avoid doing a double encryption, where the media was first encrypted as SRTP using a master key and salt from the signaling, then encrypting again with ZRTP using DH. Instead, it would be better to exchange a master key and salt in the signaling, then mix this secret in with the DH shared secret. If for some reason, ZRTP fails, then the two UAs should do SRTP using the exchanged master keys and salt.

4. In section 3.1 "If none of these are supported, an RTP packet
containing
  comfort noise can be generated to carry a ZRTP message." I understand
that ZRTP is not only for audio so comfort noise is not a video or
application payload. The common mode is no-op which was defined to all
media types.

Yes - we had forgotten about the no-op - it is the correct choice.

Thank Roni Even

-----Original Message----- From: Alan Johnston [mailto:alan at sipstation.com] Sent: Monday, February 27, 2006 3:57 PM To: avt at ietf.org Cc: Philip Zimmermann Subject: [AVT] draft-zimmermann-avt-zrtp-00.txt
All,
We have just submitted a new Internet-Draft draft-zimmermann-avt-zrtp-00.txt. Until it becomes available in the archives, you can get a copy at:
  http://www.philzimmermann.com/zfone/draft-zimmermann-avt-zrtp-00.txt
  http://www.philzimmermann.com/zfone/draft-zimmermann-avt-zrtp-00.html
We will request a slot in AVT in Dallas to discuss. Discussion about the RTP extensions and mechanism are best held on the AVT list while discussions about key management for SRTP are best held on the MMUSIC list, with some cross posting as needed.
Thanks,
Alan
- - -
ZRTP: Extensions to RTP for Diffie-Hellman Key Agreement for SRTP
                  draft-zimmermann-avt-zrtp-00
Abstract
This document defines ZRTP, RTP (Real-time Transport Protocol) header
extensions for a Diffie-Hellman exchange to agree on a session key
and parameters for establishing Secure RTP (SRTP) sessions.  The ZRTP
protocol is completely self-contained in RTP and does not require
support in the signaling protocol or assume a Public Key
Infrastructure (PKI) infrastructure.  For the media session, ZRTP
provides confidentiality and, in cases where a secret is available
from the signaling protocol, authentication.
_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
https://www1.ietf.org/mailman/listinfo/avt

_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
https://www1.ietf.org/mailman/listinfo/avt

References:
- RE: [AVT] draft-zimmermann-avt-zrtp-00.txt
  - From: Even, Roni

Prev by Date: [AVT] Working group management changes
Next by Date: RE: [AVT] draft-zimmermann-avt-zrtp-00.txt
Previous by thread: RE: [AVT] draft-zimmermann-avt-zrtp-00.txt
Next by thread: RE: [AVT] draft-zimmermann-avt-zrtp-00.txt
Index(es):
- Date
- Thread