[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] RFC 4474 and SBC traversal

To: "sip at ietf.org List" <sip at ietf.org>
Subject: Re: [Sip] RFC 4474 and SBC traversal
From: Dean Willis <dean.willis at softarmor.com>
Date: Tue, 8 Apr 2008 02:50:16 -0500
Cc: John Elwell <john.elwell at siemens.com>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <20080407224312.EB4D45081A at romeo.rtfm.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <0D5F89FAC29E2C41B98A6A762007F5D09160BC at GBNTHT12009MSX.gb002.siemens.net> <47F5EBED.60104 at gmx.net> <20080407224312.EB4D45081A at romeo.rtfm.com>
Sender: sip-bounces at ietf.org

On Apr 7, 2008, at 5:43 PM, Eric Rescorla wrote:
> At Fri, 04 Apr 2008 11:50:53 +0300,
> Hannes Tschofenig wrote:
>>
>> This issue is totally independent from E.164
>>
>> I don't like the idea of requiring DTLS-SRTP to provide proof of
>> possession of the keying material.
>
> To be honest, I'm not even sure what this means. DTLS-SRTP inherently
> provides a proof that the peer you're encrypting to has keying
> material that matches whatever was in the fingerprint. That's
> a distinct question from whether the fingerprint is cryptographically
> bound to the message.

Right. The only dependency between DTLS-SRTP and RFC 4474 is integrity  
protection of the key's fingerprint, not the actual key itself. The  
fingerprint is shipped in the SDP, and the key is negotiated in the  
media channel itself using a partial-key combination approach (aka D-H).

The fingerprint is used to relate signaling to media. This works even  
without RFC 4474. What RFC 4474 does is reduce the opportunity for  
somebody on the signaling AND media paths to replace the key, and use  
this to tap the media flow without being noticed by endpoints. It is  
somewhat arguable as to how useful this integrity protection is.

Of course, given that the usual implementation of RFC 4474 is for the  
authentication service that puts in the RFC 4474 Identity header to be  
a proxy that's on the signaling path, this would make it fairly easy  
for that proxy to collude in tapping the call. But if RFC 4474 is used  
end-to-end with client keys, the it provides fairly comprehensive  
protection.

--
Dean
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] RFC 4474 and SBC traversal
  - From: Elwell, John
- Re: [Sip] RFC 4474 and SBC traversal
  - From: Hannes Tschofenig
- Re: [Sip] RFC 4474 and SBC traversal
  - From: Eric Rescorla

Prev by Date: Re: [Sip] RFC 4474 and PSTN
Next by Date: Re: [Sip] Comparison of retargeting proposals
Previous by thread: Re: [Sip] RFC 4474 and SBC traversal
Next by thread: [Sip] Server for testing
Index(es):
- Date
- Thread