[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] SSRC to DTLS-SRTP mapping

To: "'Colin Perkins'" <csp at csperkins.org>
Subject: Re: [AVT] SSRC to DTLS-SRTP mapping
From: "Dan Wing" <dwing at cisco.com>
Date: Tue, 19 Feb 2008 15:03:23 -0800
Authentication-results: sj-dkim-3; header.From=dwing at cisco.com; dkim=pass ( sig from cisco.com/sjdkim3002 verified; );
Cc: magnus.westerlund at ericsson.se, 'Roni Even' <roni.even at polycom.co.il>, 'Tom Taylor' <tom.taylor at rogers.com>, avt at ietf.org
Delivered-to: ietfarch-avt-web-archive at core3.amsl.com
Delivered-to: avt at core3.amsl.com
In-reply-to: <0185D52C-7BDA-4C24-AA13-19BDDCF6322E at csperkins.org>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
References: <20080217174831.DE0785081A at romeo.rtfm.com><056d01c872c9$c3eab130$c4f0200a at cisco.com><20080219151028.DE1DE5081A at romeo.rtfm.com><06d701c8731b$eaaa4e00$c4f0200a at cisco.com> <0185D52C-7BDA-4C24-AA13-19BDDCF6322E at csperkins.org>
Sender: avt-bounces at ietf.org
Thread-index: AchzSabm4g+Mo/AlSkiu/FAa1GC11QAAeBsQ

> On 19 Feb 2008, at 17:21, Dan Wing wrote:
> ...
> > However, I am worried about an attack flooding a device and 
> causing  
> > the device to perform SHA1 operations, when it seems we could  
> > communicate the SSRC in the DTLS exchange (handshake or separate  
> > message), and/or use source address verification to help protect  
> > devices from such an attack.
> >
> > If it's only me that has this concern, I will sit back down in my  
> > chair.
> 
> I see the concern, but I think this has to work in the general case,  
> without signalling support (except the DTLS handshake). I have no  
> problem with there being optimisations possible in those cases where  
> the SSRC to host/port pair mapping can be signalled out of band  
> though, since there will certainly be scenarios where that's possible.

Would dropping a DTLS packet on the floor if its source IP address and 
port are different from the DTLS handshake be acceptable?

-d

_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
http://www.ietf.org/mailman/listinfo/avt

Follow-Ups:
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Colin Perkins

References:
- [AVT] SSRC to DTLS-SRTP mapping
  - From: Eric Rescorla
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Dan Wing
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Eric Rescorla
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Dan Wing
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Colin Perkins

Prev by Date: Re: [AVT] [RTP] payload duration
Next by Date: [AVT] I-D ACTION:draft-ietf-avt-rtp-vorbis-09.txt
Previous by thread: Re: [AVT] SSRC to DTLS-SRTP mapping
Next by thread: Re: [AVT] SSRC to DTLS-SRTP mapping
Index(es):
- Date
- Thread