[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[AVT] unsubscribe

To: <avt at ietf.org>
Subject: [AVT] unsubscribe
From: "Bino George" <gbino at kodiaknetworks.com>
Date: Fri, 22 Feb 2008 09:14:13 +0530
Delivered-to: ietfarch-avt-web-archive at core3.amsl.com
Delivered-to: avt at core3.amsl.com
In-reply-to: <20080221162424.21C2F5081A at romeo.rtfm.com>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <http://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <http://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
Sender: avt-bounces at ietf.org
Thread-index: Ach0pgkoW+R/s7GCQPuw41Psq9S1cQAXx3Qw
Thread-topic: unsubscribe


-----Original Message-----
From: avt-bounces at ietf.org [mailto:avt-bounces at ietf.org] On Behalf Of
Eric Rescorla
Sent: Thursday, February 21, 2008 9:54 PM
To: Colin Perkins
Cc: magnus.westerlund at ericsson.se; 'Roni Even'; 'Tom Taylor'; Dan Wing;
avt at ietf.org
Subject: Re: [AVT] SSRC to DTLS-SRTP mapping

At Thu, 21 Feb 2008 15:44:40 +0000,
Colin Perkins wrote:
> 
> On 19 Feb 2008, at 23:03, Dan Wing wrote:
> >> On 19 Feb 2008, at 17:21, Dan Wing wrote:
> >> ...
> >>> However, I am worried about an attack flooding a device and
causing
> >>> the device to perform SHA1 operations, when it seems we could
> >>> communicate the SSRC in the DTLS exchange (handshake or separate
> >>> message), and/or use source address verification to help protect
> >>> devices from such an attack.
> >>>
> >>> If it's only me that has this concern, I will sit back down in my
> >>> chair.
> >>
> >> I see the concern, but I think this has to work in the general
case,
> >> without signalling support (except the DTLS handshake). I have no
> >> problem with there being optimisations possible in those cases
where
> >> the SSRC to host/port pair mapping can be signalled out of band
> >> though, since there will certainly be scenarios where that's  
> >> possible.
> >
> > Would dropping a DTLS packet on the floor if its source IP address
and
> > port are different from the DTLS handshake be acceptable?
> 
> 
> Yes, I think so. Why do you think it might not be?

Dan, do you really mean "DTLS packet" or do you mean "SRTP Packet"?

Because I think the answer is different for DTLS is "yes" but
SRTP is "no"--again, unless I've badly misunderstood RTP,
which is totally possible.

-Ekr
_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
http://www.ietf.org/mailman/listinfo/avt

_______________________________________________
Audio/Video Transport Working Group
avt at ietf.org
http://www.ietf.org/mailman/listinfo/avt

References:
- Re: [AVT] SSRC to DTLS-SRTP mapping
  - From: Eric Rescorla

Prev by Date: Re: [AVT] SSRC to DTLS-SRTP mapping
Next by Date: [AVT] New payload format to consider adopting - G.711.1
Previous by thread: Re: [AVT] SSRC to DTLS-SRTP mapping
Next by thread: Re: [AVT] SSRC to DTLS-SRTP mapping
Index(es):
- Date
- Thread