[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [AVT] Question regarding RFC 3711

To: IETF AVT WG <avt at ietf.org>
Subject: Re: [AVT] Question regarding RFC 3711
From: Tom Taylor <tom.taylor at rogers.com>
Date: Wed, 08 Jul 2009 11:22:17 -0400
Cc: Ilan Doron <Ilan.Doron at audiocodes.com>
Delivered-to: avt at core3.amsl.com
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=rogers.com; h=Received:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:Content-Type:Content-Transfer-Encoding; b=cKLHRd9X1lX27ORHBD40kGwC8SFe4eVvDZGD/+kCpCUfWi1EZi2wH5CjteWF0DyRL93U5QfIGnyzaFwhmQrQ1JeZOXOaooVEG0F3iMejYNa4+XdiYyNgidko/18uHD2F8boQtVckLnuE7sUOQc6R7hvWcYatVECQT7NsE5dlbZM= ;
List-archive: <http://www.ietf.org/mail-archive/web/avt>
List-help: <mailto:avt-request@ietf.org?subject=help>
List-id: Audio/Video Transport Working Group <avt.ietf.org>
List-post: <mailto:avt@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
User-agent: Thunderbird 2.0.0.22 (Windows/20090605)

I'm forwarding this message to the list. It seems to have been sent toavt-bounces at ietf.org (which route to us list administrators) rather than toavt at ietf.org.


Tom T

Subject:
RE: Question regarding RFC 3711
From:
Ilan Doron <Ilan.Doron at audiocodes.com>
Date:
Wed, 8 Jul 2009 11:08:46 +0300
To:
"avt-bounces at ietf.org" <avt-bounces at ietf.org>, "Wyss, Felix" <Felix.Wyss at inin.com>

Hi

In our case the new keys are received from a re invite session done by the SIP(or any control protocol).

No multiple keys so I believe MKI is not relevant.
It seems state is ambiguous:
If considered as re-keying ROC should be kept. Otherwise ROC should be zeroed.

Am I getting this right?

From: avt-bounces at ietf.org [mailto:avt-bounces at ietf.org] On Behalf Of Wyss, Felix
Sent: Monday, July 06, 2009 8:28 PM
To: Ilan Doron; 'avt at ietf.org'
Subject: Re: [AVT] Question regarding RFC 3711

[inline]

From: avt-bounces at ietf.org [mailto:avt-bounces at ietf.org] On Behalf Of Ilan Doron
Sent: Monday, July 06, 2009 10:23
To: 'avt at ietf.org'
Subject: [AVT] Question regarding RFC 3711

I have a few questions regarding rfc 3711:

>From the RFC, section 3.3.1:
After a re-keying occurs (changing to a new master key), the rollover
   counter always maintains its sequence of values, i.e., it MUST NOT be
   reset to zero.

1.       Does re-keying include reinvite session where new keys are allocated?

[Wyss, Felix] Not necessarily. If multiple master keys were supplied as part ofthe key distribution, the sender can switch between them arbitrarily andindicate which one is used for that packet by means of the MKI.

2. If ROC is maintained, can I assume full SRTP session is maintained,i.e. RTP sequence + replay lists + SSRC?[Wyss, Felix] As SRTP is just a bump in the stack, changes of the SSRC are notunder the SRTP sender's control. For a particular SSRC, the SRTP sender needsto maintain the appropriate state for a cryptographic context, including theROC. How many contexts the SRTP sender maintains depends on the application(e.g. how many concurrent streams may have to be processed).


Regarding SSRC change during SRTP session:

1. If a new SSRC arrives should the packet be authenticated with a zeroROC or with the current ROC value?[Wyss, Felix] Each context starts at a ROC of zero. If you might be joiningstreams late, you can of course try authenticating a couple of ROCs for addedrobustness (but potentially increased denial of service risk).

2. Assuming authentication succeeds, SRTP session will be reset to zero(Sequence, replay lists ROC etc.)?[Wyss, Felix] A new SSRC gets a new crypto context. You will want to maintainat least as many contexts as there may be concurrent streams being processedplus a couple of spares to deal with periods of overlapping streams when youswitch between devices.


Ilan Doron
Media application Team Leader
Tel:         +972-3-9764354
Fax:        +972-3-9764223
Mobile:   +972-54-6262-775
Email:     iland at audiocodes.com<mailto:iland at audiocodes.com>

<mailto:Golan.Buznak at audiocodes.comWeb>Web:www.audiocodes.com<http://www.audiocodes.com/>


[cid:image001.jpg@01C9FFBC.665375D0]<http://www.audiocodes.com/solutions/hdvoip>

Click to Sign Up for our emailupdates<http://www.mymarketing.co.il/Subscribe.htm?_u=f3j2a8>



________________________________

This email and any files transmitted with it are confidential material. They areintended solely for the use of the designated individual or entity to whom theyare addressed. If the reader of this message is not the intended recipient, youare hereby notified that any dissemination, use, distribution or copying of thiscommunication is strictly prohibited and may be unlawful.

If you have received this email in error please immediately notify the senderand delete or destroy any copy of this message


________________________________

If you have received this email in error please immediately notify the senderand delete or destroy any copy of this message

Prev by Date: Re: [AVT] Request for feedback on draft-valin-celt-rtp-profile-01.txt
Next by Date: Re: [AVT] Question regarding RFC 3711
Previous by thread: Re: [AVT] Question regarding RFC 3711
Next by thread: [AVT] I-D Action:draft-ietf-avt-srtp-big-aes-01.txt
Index(es):
- Date
- Thread