[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] SSRC to DTLS-SRTP mapping

To: "'Eric Rescorla'" <ekr at networkresonance.com>, "'Colin Perkins'" <csp at csperkins.org>
Subject: Re: [AVT] SSRC to DTLS-SRTP mapping
From: "Dan Wing" <dwing at cisco.com>
Date: Thu, 21 Feb 2008 09:35:56 -0800
Authentication-results: sj-dkim-2; header.From=dwing at cisco.com; dkim=pass ( sig from cisco.com/sjdkim2002 verified; );
Cc: magnus.westerlund at ericsson.se, 'Roni Even' <roni.even at polycom.co.il>, 'Tom Taylor' <tom.taylor at rogers.com>, avt at ietf.org
Delivered-to: ietfarch-avt-web-archive at core3.amsl.com
Delivered-to: avt at core3.amsl.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; l=1182; t=1203615357; x=1204479357; c=relaxed/simple; s=sjdkim2002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=dwing at cisco.com; z=From:=20=22Dan=20Wing=22=20<dwing at cisco.com> |Subject:=20RE=3A=20[AVT]=20SSRC=20to=20DTLS-SRTP=20mapping |Sender:=20; bh=KUeUFQmniULe+xntZfcyWM1li1bgOoGV2dAv/OvTE64=; b=t/lsIMhK2XSIm/loEVh8prMqnDL6FQHtdU4mh5Anaup0s6hMa3XUonUDcN U0VFqV9F4uy/0rNz16ixRV57kJ38+jif5N/I38YuPVsf3J2MOOAKCkOpfVwS zrwvwsY1Zy;
In-reply-to: <20080221162424.21C2F5081A at romeo.rtfm.com>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
References: <20080217174831.DE0785081A at romeo.rtfm.com><056d01c872c9$c3eab130$c4f0200a at cisco.com><20080219151028.DE1DE5081A at romeo.rtfm.com><06d701c8731b$eaaa4e00$c4f0200a at cisco.com><0185D52C-7BDA-4C24-AA13-19BDDCF6322E at csperkins.org><08df01c8734b$a1603f40$c4f0200a at cisco.com><67A26C28-97A6-4B49-AC74-8C393CB37C18 at csperkins.org> <20080221162424.21C2F5081A at romeo.rtfm.com>
Sender: avt-bounces at ietf.org
Thread-index: Ach0pgItWPLnscEYR06qdkDfkAf6KwACbL1g

> > > Would dropping a DTLS packet on the floor if its source 
> IP address and
> > > port are different from the DTLS handshake be acceptable?
> > 
> > 
> > Yes, I think so. Why do you think it might not be?
> 
> Dan, do you really mean "DTLS packet" or do you mean "SRTP Packet"?

Thanks for catching that.

Yes, I meant:  would it be acceptable to drop an SRTP packet on the 
floor if its source IP address and port are different from the 
DTLS handshake.

> Because I think the answer is different for DTLS is "yes" but
> SRTP is "no"--again, unless I've badly misunderstood RTP,
> which is totally possible.

What I am trying to understand if a single DTLS-SRTP handshake
between two hosts is really supposed to be able to provide the key 
for any ol' SRTP packet that might happen to arrive on that host's
IP address and port.  I agree RTP works that way.

I find it risky to have SRTP work that way, because no other
security protocol has the receiver run a MAC without first 
doing a simple comparison on some other field (IPsec SPI, source
address of the packet, TCP sequence number, etc....).  

It is a new risk for SRTP to do this.

-d

_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
http://www.ietf.org/mailman/listinfo/avt

References:
- [AVT] SSRC to DTLS-SRTP mapping
  - From: Eric Rescorla
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Dan Wing
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Eric Rescorla
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Dan Wing
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Colin Perkins
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Dan Wing
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Colin Perkins
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Eric Rescorla

Prev by Date: Re: [AVT] SSRC to DTLS-SRTP mapping
Next by Date: [AVT] unsubscribe
Previous by thread: Re: [AVT] SSRC to DTLS-SRTP mapping
Next by thread: [AVT] unsubscribe
Index(es):
- Date
- Thread