Solution 3: MIKEYv2, a re-design(1/3) Media-path transport seems like an obvious first step See the SIP-path vs. Media-path transport RTPsec presentation Some choices to consider ... Is DH necessary? Seems like it, if PFS is at least an optional feature to support Should GSA establishment be supported? Yes, better start with that rather than add it later Should we re-use MIKEY payloads? Yes, makes sense; they support SRTP policy negotiation Need an authenticated key management (AKM) protocol using nonces for replay protection |