[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gateway deadlock

To: Dean Willis <dean.willis at softarmor.com>
Subject: Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gateway deadlock
From: Eric Rescorla <ekr at networkresonance.com>
Date: Tue, 24 Jun 2008 12:48:20 -0700
Cc: sip at ietf.org, Cullen Jennings <fluffy at cisco.com>, Eric Rescorla <ekr at rtfm.com>, Keith Drage <drage at alcatel-lucent.com>
Delivered-to: ietfarch-sip-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <7C76092F-6FD4-4951-9166-935CC9001ACD@softarmor.com>
List-archive: <https://www.ietf.org/mailman/private/sip>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <7C76092F-6FD4-4951-9166-935CC9001ACD@softarmor.com>
Sender: sip-bounces at ietf.org
User-agent: Wanderlust/2.15.5 (Almost Unreal) Emacs/22.1 Mule/5.0 (SAKAKI)

Dean,

This sounds like an excellent way to proceed. I'll generate some candidate text
and send it to the list in the next few days.

-Ekr

On Tue, Jun 24, 2008 at 10:21 AM, Dean Willis <dean.willis at softarmor.com> wrote:
>
> We've gotten stuck on a fine point in DTLS-SRTP.
>
> The current draft-ietf-sip-dtls-srtp-framework-01 uses an RFC 4474 Identity
> header to preserve the integrity of the media key's fingerprint, thereby
> detecting a certain class of MITM attack.
>
> However, RFC 4474 Identity headers are of questionable validity when used
> with protocol gateways or B2BUAs.  More or less, they're capable of
> asserting the identity of the gateway, not the identity of the calling
> party. But the recipient has no real way to figure out which is which.
>
> We've debated at some length, and with no good result, about whether we
> should try and fix RFC 4474. We've had some suggestions that may work for
> B2BUAs, and some other suggestions that may work for gateways, but we
> certainly don't have a consensus.
>
> That leaves our chartered deliverable of DTLS-SRTP hanging, and the
> milestone has gone past months ago.
>
> Here's a proposal:
>
> We add a caveat about the limitation of RFC 4474 to
> draft-ietf-sip-dtls-srtp-framework and go ahead and advance that
> specification. If somebody later decides to fix RFC 4474, they can do so,
> and if necessary update DTLS-SRTP if needed.
>
>
> Does that work for everybody?
>
> If we agree to it, I suggest that we move the date for WGLC of
> draft-ietf-sip-dtls-srtp-framework to July 2008, and move the milestone for
> delivery of that doc to the IESG into September.
>
> --
> Dean
>

_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gateway deadlock
  - From: Eric Rescorla

References:
- [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gateway deadlock
  - From: Dean Willis

Prev by Date: Re: [Sip] Let's talk about a Dublin agenda
Next by Date: Re: [Sip] Let's talk about a Dublin agenda
Previous by thread: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gateway deadlock
Next by thread: Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gateway deadlock
Index(es):
- Date
- Thread