[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03

To: "ext Dean Willis" <dean.willis at softarmor.com>
Subject: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
From: "Schneider, Peter (NSN - DE/Munich)" <peter.schneider at nsn.com>
Date: Thu, 25 Sep 2008 21:51:18 +0200
Cc: sip at ietf.org
Delivered-to: ietfarch-sip-web-archive at core3.amsl.com
Delivered-to: sip at core3.amsl.com
In-reply-to: <3250A22A-B2B3-4504-8A2D-DED9382E5D53 at softarmor.com>
List-help: <mailto:sip-request@ietf.org?subject=help>
List-id: Session Initiation Protocol <sip.ietf.org>
List-post: <mailto:sip@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/sip>, <mailto:sip-request@ietf.org?subject=unsubscribe>
References: <085BE88FD18EE94085EB8960172CA35901005A00 at DEMUEXC006.nsn-intra.net> <C4FEC5F0.886C%hsinnrei at adobe.com> <085BE88FD18EE94085EB8960172CA35901005B9C at DEMUEXC006.nsn-intra.net> <48DB272C.2010802 at softarmor.com> <085BE88FD18EE94085EB8960172CA35901005EA6 at DEMUEXC006.nsn-intra.net> <3250A22A-B2B3-4504-8A2D-DED9382E5D53 at softarmor.com>
Sender: sip-bounces at ietf.org
Thread-index: AckfRYOgLKz9kFFMQgy6B0B8KyF9agAALrCg
Thread-topic: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03

See inline

Peter

> -----Ursprüngliche Nachricht-----
> Von: ext Dean Willis [mailto:dean.willis at softarmor.com] 
> Gesendet: Donnerstag, 25. September 2008 21:32
> An: Schneider, Peter (NSN - DE/Munich)
> Cc: sip at ietf.org
> Betreff: Re: [Sip] Pub request for 
> draft-ietf-sip-dtls-srtp-framework-03
> 
> 
> On Sep 25, 2008, at 2:50 AM, Schneider, Peter (NSN - DE/Munich) wrote:
> >
> > Dean, I assume that you refer to the proposal to use SDES that is  
> > discussed in 3GPP. However, 3GPP does not focus on that approach.  
> > Other signaling path solutions are discussed in 3GPP that exclude  
> > all intermediaries from access to the key. Clearly, 
> allowing lawful  
> > interception is a requirement for 3GPP, as is preventing "unlawful  
> > interception".
> 
> The two forms of interception cannot be technically differentiated.  
> Anything that allows one allows the other.
> 
Allowing lawful interception does not imply allowing anyone to intercept the communication. You must have access control for the facilities that allow lawful interception. Compare this with the authentication service described in RFC4474 (SIP identity). Who controls that service, can mount a man in the middle attack that cannot be detected by the means provided by DTLS-SRTP.

> The USA has recently shown that it is possible to convert unlawful  
> intercept into lawful intercept retroactively, despite a  
> constitutional bar on ex post facto laws. If you're going to 
> break one  
> law, you might as well break 'em all, right?
> 
> > The middlebox issue is NOT a pretense for allowing only weak  
> > solutions for 3GPP.
> 
> I believe you.
> 
> > My proposals concerning the framework draft wouldn't make 
> DTLS-SRTP  
> > any weaker, right?
> 
> I'm not sure. Security is such a frail thing, and it is easy for  
> unintended consequences to occur. You may well be right, but I'm a  
> little slow to commit.  Further study is required.
> 
> > And making DTLS-SRTP more adequate for 3GPP/TISPAN scenarios would  
> > be a good thing, wouldn't it?
> 
> It might, it might not. It depends on what your definition of  
> "adequate" entails and which scenarios you are talking about. The  
> requirements rejected by the IETF during the Media Security  
> Requirements drafting arguably provide a proof case against this  
> assertion.
> 
Well, making DTLS-SRTP more adequate for 3GPP/TISPAN scenarios (excluding lawful interception) without making it weaker would be a good thing - better now?

> --
> Dean
> 
_______________________________________________
Sip mailing list  https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use sip-implementors at cs.columbia.edu for questions on current sip
Use sipping at ietf.org for new developments on the application of sip

Follow-Ups:
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Dean Willis
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Henry Sinnreich
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Eric Burger

References:
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Henry Sinnreich
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Dean Willis
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Schneider, Peter (NSN - DE/Munich)
- Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
  - From: Dean Willis

Prev by Date: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
Next by Date: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
Previous by thread: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
Next by thread: Re: [Sip] Pub request for draft-ietf-sip-dtls-srtp-framework-03
Index(es):
- Date
- Thread