Correct: no one doing MRCPv2, not no one at all. On Jul 9, 2009, at 4:48 PM, Francois Audet wrote:
Eric, I think you need to clarify the context of the following statement you made: "The reality is that NO ONE has implemented any security to date."Certainly, SRTP is widely implemented and deployed in many environements(e.g., Enteprise telephony for example). I am assuming that your comment was specific to MRCPv2?-----Original Message----- From: rai-bounces at ietf.org [mailto:rai-bounces at ietf.org] On Behalf Of Eric Burger Sent: Thursday, July 09, 2009 13:28 To: Roni Even Cc: Daniel Burnett; speechsc at ietf.org; Saravanan Shanmugham; rai at ietf.org Subject: Re: [RAI] RAI review of draft-ietf-speechsc-mrcpv2-19 The reality is that NO ONE has implemented any security to date. The GENART reviewer raised the same issue, and so far the work group has the same response: MRCPv2 (the speechsc work group) is not planning on figuring out which of the seven key exchange mechanisms to use in SIP. We are counting on the community publishing something, and people using it. After all, we are the "using SIP for media resource control" work group, not the "media resource control work group using something like SIP for control." Does this work for you? On Jul 7, 2009, at 3:40 PM, Roni Even wrote:[snip] 18. In section 12.3 the suggestion is to use SRTP as themandatoryinteroperability mode. If the reason for mandating SRTP is for a common mode you should also decide on a key exchange mechanism. I suggest you look athttp://tools.ietf.org/html/draft-ietf-avt-srtp-not-mandatory-02 for discussion on media security.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature