[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Doc we need to have draft-ietf-sip-dtls-srtp-framework-01 on the -71 agenda?

To: Eric Rescorla <ekr at networkresonance.com>, Jonathan Rosenberg <jdrosen at cisco.com>
Subject: Re: [Sip] Doc we need to have draft-ietf-sip-dtls-srtp-framework-01 on the -71 agenda?
From: "Elwell, John" <john.elwell at siemens.com>
Date: Thu, 28 Feb 2008 20:14:00 +0000
Cc: sip at ietf.org, Dean Willis <dean.willis at softarmor.com>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <20080228193046.9E4EF5081A at romeo.rtfm.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <47C6F876.4060809 at softarmor.com> <47C70906.8000802 at cisco.com> <20080228193046.9E4EF5081A at romeo.rtfm.com>
Sender: sip-bounces at ietf.org
Thread-index: Ach6Qd2zUll3EdAjQR2CNW3PNXlM/AAAufwQ
Thread-topic: [Sip] Doc we need to have draft-ietf-sip-dtls-srtp-framework-01 on the -71 agenda?

Without a means of binding the secure media to the identity of the
remote party, DTLS-SRTP is not a complete solution. I don't think we can
say the framework is finished until we have that complete solution. In
particular, the framework uses RFC 4474 as part of the mechanism - if
the solution to the RFC 4474 problem turns out to be something different
from RFC 4474, the framework would be wrong.

John

> -----Original Message-----
> From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org] On 
> Behalf Of Eric Rescorla
> Sent: 28 February 2008 19:31
> To: Jonathan Rosenberg
> Cc: sip at ietf.org; Dean Willis
> Subject: Re: [Sip] Doc we need to have 
> draft-ietf-sip-dtls-srtp-framework-01 on the -71 agenda?
> 
> At Thu, 28 Feb 2008 14:18:30 -0500,
> Jonathan Rosenberg wrote:
> > 
> > 
> > 
> > Dean Willis wrote:
> > > Is there any need for discussion of the DTLS framework
> > > (draft-ietf-sip-dtls-srtp-framework-01) during our meeting?
> > > 
> > > The authors think that it is pretty much ready for WGLC 
> and that all
> > > known issues have been resolved.
> > 
> > I do not agree.
> > 
> > One of the points I raise in my rfc4474-concerns draft is 
> that dtls-srtp 
> > is basing integrity of the fingerprint on 4474, and that 
> 4474 does not 
> > provide integrity against intermediary modifications of the 
> number, and 
> > even for user at domain names this can happen.
> > 
> > I think this needs to be called out in the draft. The security 
> > considerations section does not discuss this.
> 
> Because it's not a DTLS-SRTP issue. It's a SIP/4474 issue.
> 
> The fingerprint in the SIP messaging does *not* tie the DTLS-SRTP
> handshake to the phone number or to the domain name. Rather, it ties
> the media to the SIP signalling. Period. It allows whatever guarantees
> you are prepared to assert about the signalling to be extended to
> media. If those guarantees allow you to make assertions about the
> caller (or callee) identity, then great.  If not, then DTLS-SRTP
> doesn't help, nor is it intended to.
> 
> Look at it this way:
> When the phone rings (or your UA shows you that the other side has
> answered), it can show you some meta-information about who you're
> talking to. The objections you have to RFC 4474 (and I'm not saying I
> agree with them) already apply at this point, before a single RTP
> packet has traversed the wire. This is not a DTLS-SRTP issue.
> 
> -Ekr
> _______________________________________________
> Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors at cs.columbia.edu for questions on current sip
> Use sipping at ietf.org for new developments on the application of sip
> 
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] Doc we need to have draft-ietf-sip-dtls-srtp-framework-01 on the -71 agenda?
  - From: Dean Willis
- Re: [Sip] Doc we need to have draft-ietf-sip-dtls-srtp-framework-01 on the -71 agenda?
  - From: Jonathan Rosenberg
- Re: [Sip] Doc we need to have draft-ietf-sip-dtls-srtp-framework-01 on the -71 agenda?
  - From: Eric Rescorla

Prev by Date: Re: [Sip] comments on draft-kupwade-sip-iba-00
Next by Date: Re: [Sip] Comments to the TOTE draft
Previous by thread: Re: [Sip] Doc we need to have draft-ietf-sip-dtls-srtp-framework-01 on the -71 agenda?
Next by thread: Re: [Sip] Doc we need to have draft-ietf-sip-dtls-srtp-framework-01 on the -71 agenda?
Index(es):
- Date
- Thread