[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gateway deadlock

To: Dean Willis <dean.willis at softarmor.com>, sip at ietf.org, Eric Rescorla <ekr at rtfm.com>, Jason Fischl <jason at counterpath.com>
Subject: Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gateway deadlock
From: "Elwell, John" <john.elwell at siemens.com>
Date: Wed, 25 Jun 2008 09:34:42 +0100
Cc: Cullen Jennings <fluffy at cisco.com>, Keith Drage <drage at alcatel-lucent.com>
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <7C76092F-6FD4-4951-9166-935CC9001ACD@softarmor.com>
List-archive: <https://www.ietf.org/mailman/private/sip>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <7C76092F-6FD4-4951-9166-935CC9001ACD@softarmor.com>
Sender: sip-bounces at ietf.org
Thread-index: AcjWHuNivmQ/+08LTuOZUVjY4a7RmQAerSsA
Thread-topic: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gateway deadlock

Dean,

Yes, that would work for me, given an intent to push ahead with trying
to fix the RFC 4474 issues, e.g., through your proposed RETIRE WG.

John


> -----Original Message-----
> From: sip-bounces at ietf.org [mailto:sip-bounces at ietf.org] On 
> Behalf Of Dean Willis
> Sent: 24 June 2008 18:22
> To: sip at ietf.org; Eric Rescorla; Jason Fischl
> Cc: Cullen Jennings; Keith Drage
> Subject: [Sip] A proposal for breaking the DTLS-SRTP vs 
> RFC4474 gateway deadlock
> 
> 
> We've gotten stuck on a fine point in DTLS-SRTP.
> 
> The current draft-ietf-sip-dtls-srtp-framework-01 uses an RFC 4474  
> Identity header to preserve the integrity of the media key's  
> fingerprint, thereby detecting a certain class of MITM attack.
> 
> However, RFC 4474 Identity headers are of questionable validity when  
> used with protocol gateways or B2BUAs.  More or less, they're 
> capable  
> of asserting the identity of the gateway, not the identity of the  
> calling party. But the recipient has no real way to figure out which  
> is which.
> 
> We've debated at some length, and with no good result, about whether  
> we should try and fix RFC 4474. We've had some suggestions that may  
> work for B2BUAs, and some other suggestions that may work for  
> gateways, but we certainly don't have a consensus.
> 
> That leaves our chartered deliverable of DTLS-SRTP hanging, and the  
> milestone has gone past months ago.
> 
> Here's a proposal:
> 
> We add a caveat about the limitation of RFC 4474 to draft-ietf-sip- 
> dtls-srtp-framework and go ahead and advance that specification. If  
> somebody later decides to fix RFC 4474, they can do so, and if  
> necessary update DTLS-SRTP if needed.
> 
> 
> Does that work for everybody?
> 
> If we agree to it, I suggest that we move the date for WGLC of draft- 
> ietf-sip-dtls-srtp-framework to July 2008, and move the 
> milestone for  
> delivery of that doc to the IESG into September.
> 
> --
> Dean
> _______________________________________________
> Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
> This list is for NEW development of the core SIP Protocol
> Use sip-implementors at cs.columbia.edu for questions on current sip
> Use sipping at ietf.org for new developments on the application of sip
> 
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

References:
- [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474 gateway deadlock
  - From: Dean Willis

Prev by Date: Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474gatewaydeadlock
Next by Date: Re: [Sip] Progress draft-holmberg-sip-keep
Previous by thread: Re: [Sip] A proposal for breaking the DTLS-SRTP vs RFC4474gatewaydeadlock
Next by thread: [Sip] Let's talk about a Dublin agenda
Index(es):
- Date
- Thread