[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] SRTP store-and-forward

To: Rolf Blom <rolf.j.blom at ericsson.com>
Subject: Re: [AVT] SRTP store-and-forward
From: Randell Jesup <rjesup at wgate.com>
Date: Tue, 31 Mar 2009 11:39:31 -0400
Cc: AVT <avt at ietf.org>
Delivered-to: avt at core3.amsl.com
In-reply-to: <49D0E097.3000902 at ericsson.com> (Rolf Blom's message of "Mon, 30 Mar 2009 17:09:11 +0200")
List-archive: <http://www.ietf.org/mail-archive/web/avt>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
References: <49D0E097.3000902 at ericsson.com>
Reply-to: Randell Jesup <rjesup at wgate.com>
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/21.3 (gnu/linux)

Rolf Blom <rolf.j.blom at ericsson.com> writes:
>To be able to handle an audio and a video stream using one security context
>it is necessary to introduce a mechanism to give them separate
>protection. We did that with the introduction of the SSS, the SRTP SaF
>Source. It s also necessary to be able to indicate which e2e security
>context that the media is using and thus a CCI, Crypto Context Identifier
>is needed. So we believe that what we have presented is general enough but
>still is a very thin design providing not more than what is really needed.
>
>Cullen gave an example in which it was essential that what is forwarded is
>the complete message that was received by the SaF middlebox (do not launch
>the missile!). Even if I believe that such a message wouldn't be left on an
>answering machine - it probably should be delivered directly to eliminate
>the risk for mistakes - it points at a possible threat. This threat might
>perhaps be countered by some RTCP signaling messages e2e. However, in the
>current draft-naslund-saf-00 we do not provide e2e integrity protected
>RTCP. Is this a problem? Should it be added? Or are there other application
>layer mechanisms that should be applied? Note that with an e2e integrity
>transform and letting PUV be a counter, it is possible to detect replays
>and re-orderings at the application layer. However, it will not guarantee
>that all packets are forwarded. Note that the threat discussed is outside
>the trust model assumed for SRTP store-and-forward, which assumes a honest
>but curious SaF middlebox.

You need to at least include RTCP as well, or synchronization between
streams (audio and video) cannot be done.  Protecting it would be smart,
though probably not strictly necessary.  (If not protected, someone could
mess with the stream sync, possibly tickling bugs in the player or causing
one stream or the other to never play, to jump around, or to be
unintelligible.)

-- 
Randell Jesup, Worldgate (developers of the Ojo videophone), ex-Amiga OS team
rjesup at wgate.com
"The fetters imposed on liberty at home have ever been forged out of the weapons
provided for defence against real, pretended, or imaginary dangers from abroad."
		- James Madison, 4th US president (1751-1836)

Follow-Ups:
- Re: [AVT] SRTP store-and-forward
  - From: John Mattsson
- Re: [AVT] SRTP store-and-forward
  - From: John Mattsson

References:
- [AVT] SRTP store-and-forward
  - From: Rolf Blom

Prev by Date: Re: [AVT] Fwd: I-D Action:draft-perkins-avt-rapid-rtp-sync-03.txt
Next by Date: Re: [AVT] Revised text of the proposal for describing the functionality of Rate Adaptation
Previous by thread: Re: [AVT] SRTP store-and-forward
Next by thread: Re: [AVT] SRTP store-and-forward
Index(es):
- Date
- Thread