[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] SSRC to DTLS-SRTP mapping

To: Dan Wing <dwing at cisco.com>
Subject: Re: [AVT] SSRC to DTLS-SRTP mapping
From: Colin Perkins <csp at csperkins.org>
Date: Thu, 21 Feb 2008 15:44:40 +0000
Cc: magnus.westerlund at ericsson.se, 'Roni Even' <roni.even at polycom.co.il>, 'Tom Taylor' <tom.taylor at rogers.com>, avt at ietf.org
Delivered-to: ietfarch-avt-web-archive at core3.amsl.com
Delivered-to: avt at core3.amsl.com
In-reply-to: <08df01c8734b$a1603f40$c4f0200a at cisco.com>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
References: <20080217174831.DE0785081A at romeo.rtfm.com><056d01c872c9$c3eab130$c4f0200a at cisco.com><20080219151028.DE1DE5081A at romeo.rtfm.com><06d701c8731b$eaaa4e00$c4f0200a at cisco.com> <0185D52C-7BDA-4C24-AA13-19BDDCF6322E at csperkins.org> <08df01c8734b$a1603f40$c4f0200a at cisco.com>
Sender: avt-bounces at ietf.org

On 19 Feb 2008, at 23:03, Dan Wing wrote:
>> On 19 Feb 2008, at 17:21, Dan Wing wrote:
>> ...
>>> However, I am worried about an attack flooding a device and causing
>>> the device to perform SHA1 operations, when it seems we could
>>> communicate the SSRC in the DTLS exchange (handshake or separate
>>> message), and/or use source address verification to help protect
>>> devices from such an attack.
>>>
>>> If it's only me that has this concern, I will sit back down in my
>>> chair.
>>
>> I see the concern, but I think this has to work in the general case,
>> without signalling support (except the DTLS handshake). I have no
>> problem with there being optimisations possible in those cases where
>> the SSRC to host/port pair mapping can be signalled out of band
>> though, since there will certainly be scenarios where that's  
>> possible.
>
> Would dropping a DTLS packet on the floor if its source IP address and
> port are different from the DTLS handshake be acceptable?


Yes, I think so. Why do you think it might not be?

-- 
Colin Perkins
http://csperkins.org/


_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
http://www.ietf.org/mailman/listinfo/avt

Follow-Ups:
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Dan Wing
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Eric Rescorla

References:
- [AVT] SSRC to DTLS-SRTP mapping
  - From: Eric Rescorla
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Dan Wing
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Eric Rescorla
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Dan Wing
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Colin Perkins
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Dan Wing

Prev by Date: Re: [AVT] Fwd: Retransmission and fast channel change with usage ofRTP/RTCP
Next by Date: Re: [AVT] SSRC to DTLS-SRTP mapping
Previous by thread: Re: [AVT] SSRC to DTLS-SRTP mapping
Next by thread: Re: [AVT] SSRC to DTLS-SRTP mapping
Index(es):
- Date
- Thread