[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gatewaydeadlock

To: "Dean Willis" <dean.willis at softarmor.com>, <sip at ietf.org>, "Eric Rescorla" <ekr at rtfm.com>, "Jason Fischl" <jason at counterpath.com>
Subject: Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gatewaydeadlock
From: "Fischer, Kai" <kai.fischer at siemens.com>
Date: Wed, 25 Jun 2008 10:05:59 +0200
Cc: Cullen Jennings <fluffy at cisco.com>, Keith Drage <drage at alcatel-lucent.com>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <7C76092F-6FD4-4951-9166-935CC9001ACD@softarmor.com>
List-archive: <https://www.ietf.org/mailman/private/sip>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <7C76092F-6FD4-4951-9166-935CC9001ACD@softarmor.com>
Sender: sip-bounces at ietf.org
Thread-index: AcjWHtwte7dPhd5lT0KGLuVKo++pzQAesldA
Thread-topic: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gatewaydeadlock

If it is the goal to proceed with the DTLS-SRTP framework timely and to
reach the milestone, that's the only reasonable approach. However, I
hope there will be support to fix RFC 4474 and we can address the
backwards compatibility issues.

Kai


> -----Original Message-----
> From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org] On 
> Behalf Of Dean Willis
> Sent: Dienstag, 24. Juni 2008 19:22
> To: sip at ietf.org; Eric Rescorla; Jason Fischl
> Cc: Cullen Jennings; Keith Drage
> Subject: [Sip] A proposal for breaking the DTLS-SRTP vs 
> RFC4474 gatewaydeadlock
> 
> 
> We've gotten stuck on a fine point in DTLS-SRTP.
> 
> The current draft-ietf-sip-dtls-srtp-framework-01 uses an RFC 4474  
> Identity header to preserve the integrity of the media key's  
> fingerprint, thereby detecting a certain class of MITM attack.
> 
> However, RFC 4474 Identity headers are of questionable validity when  
> used with protocol gateways or B2BUAs.  More or less, they're 
> capable  
> of asserting the identity of the gateway, not the identity of the  
> calling party. But the recipient has no real way to figure out which  
> is which.
> 
> We've debated at some length, and with no good result, about whether  
> we should try and fix RFC 4474. We've had some suggestions that may  
> work for B2BUAs, and some other suggestions that may work for  
> gateways, but we certainly don't have a consensus.
> 
> That leaves our chartered deliverable of DTLS-SRTP hanging, and the  
> milestone has gone past months ago.
> 
> Here's a proposal:
> 
> We add a caveat about the limitation of RFC 4474 to draft-ietf-sip- 
> dtls-srtp-framework and go ahead and advance that specification. If  
> somebody later decides to fix RFC 4474, they can do so, and if  
> necessary update DTLS-SRTP if needed.
> 
> 
> Does that work for everybody?
> 
> If we agree to it, I suggest that we move the date for WGLC of draft- 
> ietf-sip-dtls-srtp-framework to July 2008, and move the 
> milestone for  
> delivery of that doc to the IESG into September.
> 
> --
> Dean
> _______________________________________________
> Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors at cs.columbia.edu for questions on current sip
> Use sipping at ietf.org for new developments on the application of sip
> 
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474gatewaydeadlock
  - From: Tschofenig, Hannes (NSN - FI/Espoo)

References:
- [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gateway deadlock
  - From: Dean Willis

Prev by Date: Re: [Sip] Toward the Evolution of SIP and Related Working Groups
Next by Date: Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474gatewaydeadlock
Previous by thread: Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gatewaydeadlock
Next by thread: Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474gatewaydeadlock
Index(es):
- Date
- Thread