[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [saag] The use of AES-192 and AES-256 in Secure RTP

From: David McGrew <mcgrew at cisco.com>
To: Rick Porter <rporter at covergence.com>
Cc: saag at mit.edu, ietf-rtpsec at imc.org, AVT <avt at ietf.org>
Date: Thu, 4 May 2006 06:35:06 -0700
In-reply-to: <0D1719326D64BD4E9F92A0C120237678CEEE6F at eserv.covergence.com>
References: <0D1719326D64BD4E9F92A0C120237678CEEE6F at eserv.covergence.com>

Hi Rick,

On May 3, 2006, at 7:18 PM, Rick Porter wrote:


I was surprised to see Suite B appear on someone's radar...

IMO, most aspects of SRTP would not meet the standards for Suite B

certification. The key exchange seems to be the most blatantlylacking,

but there are other aspects.

you are right that there is probably no standardized way to providekeys to SRTP that would meet the Suite B guidelines. But thisdoesn't imply that we shouldn't specify a Suite B conformant profilefor SRTP (since we don't want to create a chicken-or-egg-first?situation). Also, some of the proposed key management methods doincorporate or admit FIPS-140/Suite B approved key establishmentmethods (for example, DTLS-SRTP could be used with one of the ECCmethods currently being drafted for TLS).

Let me point out that the Suite B link does
not even mention which mode(s) of AES are acceptable (e.g. counter,cbc,
ecb, wrap).

You're right that Suite B is underspecified, and it would bereassuring to get more details about it. (I prefer "underspecified"to "overly narrow" though :-)

I do not have a strong opinion about whether or not to specify longer
AES key lengths. However, I would not specify longer key lengthsjust to
comply with the Suite B standards--NSA is probably going to require
deviation from the IETF standard(s) anyway. NSA has its own set of
requirements (and reasons for them), and they also have a number of
government contractors who develop products to meet thoserequirements.

True, but I would rather work with Suite B and try to promote broaderinteroperability. I think that the big value of Suite B is that itwill enable interoperability between the high-assuranceimplementations that you mention and commercial standards-basedimplementations. This is an obvious gain for the high-assurancecommunity, and it could also benefit the commercial community. ButI'm getting off topic here; Suite B is worth discussing, but the useof elliptic curve crypto is the most important topic there, not SRTPkey sizes ;-)


David



Cheers,
Rick

References:
- Re: [saag] The use of AES-192 and AES-256 in Secure RTP
  - From: Rick Porter

Prev by Date: Re: [saag] The use of AES-192 and AES-256 in Secure RTP
Next by Date: Re: [saag] The use of AES-192 and AES-256 in Secure RTP
Previous by thread: Re: [saag] The use of AES-192 and AES-256 in Secure RTP
Next by thread: [saag] The use of AES-192 and AES-256 in Secure RTP
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.