idnits 2.17.1 draft-ietf-avt-srtp-not-mandatory-16.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 85: '... "we MUST implement strong security ...' Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (January 16, 2014) is 3724 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-40) exists of draft-ietf-mmusic-rfc2326bis-38 == Outdated reference: A later version (-20) exists of draft-ietf-rtcweb-security-arch-07 -- Obsolete informational reference (is this intentional?): RFC 793 (Obsoleted by RFC 9293) -- Obsolete informational reference (is this intentional?): RFC 4614 (Obsoleted by RFC 7414) Summary: 1 error (**), 0 flaws (~~), 3 warnings (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group C. Perkins 3 Internet-Draft University of Glasgow 4 Intended status: Informational M. Westerlund 5 Expires: July 20, 2014 Ericsson 6 January 16, 2014 8 Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single 9 Media Security Solution 10 draft-ietf-avt-srtp-not-mandatory-16.txt 12 Abstract 14 This memo discusses the problem of securing real-time multimedia 15 sessions, and explains why the Real-time Transport Protocol (RTP), 16 and the associated RTP Control Protocol (RTCP), do not mandate a 17 single media security mechanism. This is relevant for designers and 18 reviewers of future RTP extensions, to ensure that appropriate 19 security mechanisms are mandated, and that any such mechanisms are 20 specified in a manner that conforms with the RTP architecture. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on July 20, 2014. 39 Copyright Notice 41 Copyright (c) 2014 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 Table of Contents 56 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 57 2. RTP Applications and Deployment Scenarios . . . . . . . . . . 3 58 3. RTP Media Security . . . . . . . . . . . . . . . . . . . . . 4 59 4. RTP Session Establishment and Key Management . . . . . . . . 4 60 5. On the Requirement for Strong Security in Framework protocols 5 61 6. Securing the RTP Protocol Framework . . . . . . . . . . . . . 6 62 7. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 7 63 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 64 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 65 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 66 11. Informative References . . . . . . . . . . . . . . . . . . . 8 67 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 69 1. Introduction 71 The Real-time Transport Protocol (RTP) [RFC3550] is widely used for 72 voice over IP, Internet television, video conferencing, and other 73 real-time and streaming media applications. Despite this use, the 74 basic RTP specification provides only limited options for media 75 security, and defines no standard key exchange mechanism. Rather, a 76 number of extensions are defined that can provide confidentiality and 77 authentication of RTP media streams and RTP Control Protocol (RTCP) 78 messages. Other mechanisms define key exchange protocols. This memo 79 outlines why it is appropriate that multiple extension mechanisms are 80 defined rather than mandating a single security and keying mechanism 81 for all users of RTP. 83 The IETF policy on Strong Security Requirements for IETF Standard 84 Protocols [RFC3365] (the so-called "Danvers Doctrine") states that 85 "we MUST implement strong security in all protocols to provide for 86 the all too frequent day when the protocol comes into widespread use 87 in the global Internet". The security mechanisms defined for use 88 with RTP allow these requirements to be met. However, since RTP is a 89 protocol framework that is suitable for a wide variety of use cases, 90 there is no single security mechanism that is suitable for every 91 scenario. This memo outlines why this is the case, and discusses how 92 users of RTP can meet the requirement for strong security. 94 This document provides high level guidance on how to handle security 95 issues for the various type of components within the RTP framework as 96 well as the role of the service or application using RTP to ensure 97 strong security is implemented. This document does not provide the 98 guidance that an individual implementer, or even specifier of a RTP 99 application, really can use to determine what security mechanism they 100 need to use; that is not intended with this document. 102 A non-exhaustive list of the RTP security options available at the 103 time of this writing is outlined in 104 [I-D.ietf-avtcore-rtp-security-options]. This document gives an 105 overview of the available RTP solutions, and provides guidance on 106 their applicability for different application domains. It also 107 attempts to provide indication of actual and intended usage at time 108 of writing as additional input to help with considerations such as 109 interoperability, availability of implementations etc. 111 2. RTP Applications and Deployment Scenarios 113 The range of application and deployment scenarios where RTP has been 114 used includes, but is not limited to, the following: 116 o Point-to-point voice telephony; 118 o Point-to-point video conferencing and telepresence; 120 o Centralised group video conferencing and telepresence, using a 121 Multipoint Conference Unit (MCU) or similar central middlebox; 123 o Any Source Multicast (ASM) video conferencing using the light- 124 weight sessions model (e.g., the Mbone conferencing tools); 126 o Point-to-point streaming audio and/or video (e.g., on-demand TV or 127 movie streaming); 129 o Source-Specific Multicast (SSM) streaming to large receiver groups 130 (e.g., IPTV streaming by residential ISPs, or the 3GPP Multimedia 131 Broadcast Multicast Service [MBMS]); 133 o Replicated unicast streaming to a group of receivers; 135 o Interconnecting components in music production studios and video 136 editing suites; 138 o Interconnecting components of distributed simulation systems; and 140 o Streaming real-time sensor data (e.g., e-VLBI radio astronomy). 142 As can be seen, these scenarios vary from point-to-point sessions to 143 very large multicast groups, from interactive to non-interactive, and 144 from low bandwidth (kilobits per second) telephony to high bandwidth 145 (multiple gigabits per second) video and data streaming. While most 146 of these applications run over UDP [RFC0768], some use TCP [RFC0793], 147 [RFC4614] or DCCP [RFC4340] as their underlying transport. Some run 148 on highly reliable optical networks, others use low rate unreliable 149 wireless networks. Some applications of RTP operate entirely within 150 a single trust domain, others run inter-domain, with untrusted (and, 151 in some cases, potentially unknown) users. The range of scenarios is 152 wide, and growing both in number and in heterogeneity. 154 3. RTP Media Security 156 The wide range of application scenarios where RTP is used has led to 157 the development of multiple solutions for securing RTP media streams 158 and RTCP control messages, considering different requirements. 160 Perhaps the most widely applicable of these security options is the 161 Secure RTP (SRTP) framework [RFC3711]. This is an application-level 162 media security solution, encrypting the media payload data (but not 163 the RTP headers) to provide confidentiality, and supporting source 164 origin authentication as an option. SRTP was carefully designed to 165 be low overhead, including operating on links subject to RTP header 166 compression, and to support the group communication and third-party 167 performance monitoring features of RTP, across a range of networks. 169 SRTP is not the only media security solution for RTP, however, and 170 alternatives can be more appropriate in some scenarios, perhaps due 171 to ease of integration with other parts of the complete system. In 172 addition, SRTP does not address all possible security requirements, 173 and other solutions are needed in cases where SRTP is not suitable. 174 For example, ISMAcryp payload-level confidentiality [ISMACrypt2] is 175 appropriate for some types of streaming video application, but is not 176 suitable for voice telephony, and uses features that are not provided 177 by SRTP. 179 The range of available RTP security options, and their applicability 180 to different scenarios, is outlined in 181 [I-D.ietf-avtcore-rtp-security-options]. At the time of this 182 writing, there is no media security protocol that is appropriate for 183 all the environments where RTP is used. Multiple RTP media security 184 protocols are expected to remain in wide use for the foreseeable 185 future. 187 4. RTP Session Establishment and Key Management 189 A range of different protocols for RTP session establishment and key 190 exchange exist, matching the diverse range of use cases for the RTP 191 framework. These mechanisms can be split into two categories: those 192 that operate in-band on the media path, and those that are out-of- 193 band and operate as part of the session establishment signalling 194 channel. The requirements for these two classes of solution are 195 different, and a wide range of solutions have been developed in this 196 space. 198 A more detailed survey of requirements for media security management 199 protocols can be found in [RFC5479]. As can be seen from that memo, 200 the range of use cases is wide, and there is no single key management 201 protocol that is appropriate for all scenarios. The solutions have 202 been further diversified by the existence of infrastructure elements, 203 such as authentication systems, that are tied to the key management. 204 The most important and widely used keying options for RTP sessions at 205 the time of this writing are described in 206 [I-D.ietf-avtcore-rtp-security-options]. 208 5. On the Requirement for Strong Security in Framework protocols 210 The IETF requires that all protocols provide a strong, mandatory to 211 implement, security solution [RFC3365]. This is essential for the 212 overall security of the Internet, to ensure that all implementations 213 of a protocol can interoperate in a secure way. Framework protocols 214 offer a challenge for this mandate, however, since they are designed 215 to be used by different classes of applications, in a wide range of 216 different environments. The different use cases for the framework 217 have different security requirements, and implementations designed 218 for different environments are generally not expected to interwork. 220 RTP is an example of a framework protocol with wide applicability. 221 The wide range of scenarios described in Section 2 show the issues 222 that arise in mandating a single security mechanism for this type of 223 framework. It would be desirable if a single media security 224 solution, and a single key management solution, could be developed, 225 suitable for applications across this range of use scenarios. The 226 authors are not aware of any such solution, however, and believe it 227 is unlikely that any such solution will be developed. In part, this 228 is because applications in the different domains are not intended to 229 interwork, so there is no incentive to develop a single mechanism. 230 More importantly, though, the security requirements for the different 231 usage scenarios vary widely, and an appropriate security mechanism in 232 one scenario simply does not work for some other scenarios. 234 For a framework protocol, it appears that the only sensible solution 235 to the strong security requirement of [RFC3365] is to develop and use 236 building blocks for the basic security services of confidentiality, 237 integrity protection, authorisation, authentication, and so on. When 238 new uses for the framework protocol arise, they need to be studied to 239 determine if the existing security building blocks can satisfy the 240 requirements, or if new building blocks need to be developed. 242 Therefore, when considering the strong and mandatory to implement 243 security mechanism for a specific class of applications, one has to 244 consider what security building blocks need to be integrated, or if 245 any new mechanisms need to be defined to address specific issues 246 relating to this new class of application. To maximize 247 interoperability it is important that common media security and key 248 management mechanisms are defined for classes of application with 249 similar requirements. The IETF needs to participate in this 250 selection of security building blocks for each class of applications 251 that use the protocol framework and are expected to interoperate, in 252 cases where the IETF has the appropriate knowledge of the class of 253 applications. 255 6. Securing the RTP Protocol Framework 257 The IETF requires that protocols specify mandatory to implement (MTI) 258 strong security [RFC3365]. This applies to the specification of each 259 interoperable class of application that makes use of RTP. However, 260 RTP is a framework protocol, so the arguments made in Section 5 also 261 apply. Given the variability of the classes of application that use 262 RTP, and the variety of the currently available security mechanisms 263 described in [I-D.ietf-avtcore-rtp-security-options], no one set of 264 MTI security options can realistically be specified that apply to all 265 classes of RTP applications. 267 Documents that define an interoperable class of applications using 268 RTP are subject to [RFC3365], and so need to specify MTI security 269 mechanisms. This is because such specifications do fully specify 270 interoperable applications that use RTP. Examples of such documents 271 under development in the IETF at the time of this writing are the 272 RTCWEB Security Architecture [I-D.ietf-rtcweb-security-arch] and the 273 Real Time Streaming Protocol 2.0 (RTSP) [I-D.ietf-mmusic-rfc2326bis]. 274 It is also expected that a similar document will be produced for 275 voice-over-IP applications using SIP and RTP. 277 The RTP framework includes several extension points. Some extensions 278 can significantly change the behaviour of the protocol, to the extent 279 that applications using the extension form a separate interoperable 280 class of applications to those that have not been extended. Other 281 extension points are defined in such a manner that they can be used 282 (largely) independently of the class of applications using RTP. Two 283 important extension points that are independent of the class of 284 applications are RTP Payload Formats and RTP Profiles. 286 An RTP Payload Format defines how the output of a media codec can be 287 used with RTP. At the time of this writing, there are over 70 RTP 288 Payload Formats defined in published RFCs, with more in development. 289 It is appropriate for an RTP Payload Format to discuss the specific 290 security implications of using that media codec with RTP. However, 291 an RTP Payload Format does not specify an interoperable class of 292 applications that use RTP since, in the vast majority of cases, a 293 media codec and its associated RTP Payload Format can be used with 294 many different classes of application. As such, an RTP Payload 295 Format is neither secure in itself, nor something to which [RFC3365] 296 applies. Future RTP Payload Format specifications need to explicitly 297 state this, and include a reference to this memo for explanation. It 298 is not appropriate for an RTP Payload Format to mandate the use of 299 SRTP [RFC3711], or any other security building blocks, since that RTP 300 Payload Format might be used by different classes of application that 301 use RTP, and that have different security requirements. 303 RTP Profiles are larger extensions that adapt the RTP framework for 304 use with particular classes of application. In some cases, those 305 classes of application might share common security requirements so 306 that it could make sense for an RTP Profile to mandate particular 307 security options and building blocks (the RTP/SAVP profile [RFC3711] 308 is an example of this type of RTP Profile). In other cases, though, 309 an RTP profile is applicable to such a wide range of applications 310 that it would not make sense for that profile to mandate particular 311 security building blocks be used (the RTP/AVPF profile [RFC4585] is 312 an example of this type of RTP Profile, since it provides building 313 blocks that can be used in different styles of application). A new 314 RTP Profile specification needs to discuss whether, or not, it makes 315 sense to mandate particular security building blocks that need to be 316 used with all implementations of that profile; however, there is no 317 expectation that all RTP Profiles will mandate particular security 318 solutions. RTP Profiles that do not specify an interoperable usage 319 for a particular class of RTP applications are neither secure in 320 themselves, nor something to which [RFC3365] applies; any future RTP 321 Profiles in this category need to explicitly state this with 322 justification, and include a reference to this memo. 324 7. Conclusions 326 The RTP framework is used in a wide range of different scenarios, 327 with no common security requirements. Accordingly, neither SRTP 328 [RFC3711], nor any other single media security solution or keying 329 mechanism, can be mandated for all uses of RTP. In the absence of a 330 single common security solution, it is important to consider what 331 mechanisms can be used to provide strong and interoperable security 332 for each different scenario where RTP applications are used. This 333 will require analysis of each class of application to determine the 334 security requirements for the scenarios in which they are to be used, 335 followed by the selection of a mandatory to implement security 336 building blocks for that class of application, including the desired 337 RTP traffic protection and key-management. A non-exhaustive list of 338 the RTP security options available at the time of this writing is 339 outlined in [I-D.ietf-avtcore-rtp-security-options]. It is expected 340 that each class of application will be supported by a memo describing 341 what security options are mandatory to implement for that usage 342 scenario. 344 8. Security Considerations 346 This entire memo is about mandatory to implement security. 348 9. IANA Considerations 350 None. 352 10. Acknowledgements 354 Thanks to Ralph Blom, Hannes Tschofenig, Dan York, Alfred Hoenes, 355 Martin Ellis, Ali Begen, Keith Drage, Ray van Brandenburg, Stephen 356 Farrell, Sean Turner, John Mattsson, and Benoit Claise for their 357 feedback. 359 11. Informative References 361 [I-D.ietf-avtcore-rtp-security-options] 362 Westerlund, M. and C. Perkins, "Options for Securing RTP 363 Sessions", draft-ietf-avtcore-rtp-security-options-10 364 (work in progress), January 2014. 366 [I-D.ietf-mmusic-rfc2326bis] 367 Schulzrinne, H., Rao, A., Lanphier, R., Westerlund, M., 368 and M. Stiemerling, "Real Time Streaming Protocol 2.0 369 (RTSP)", draft-ietf-mmusic-rfc2326bis-38 (work in 370 progress), October 2013. 372 [I-D.ietf-rtcweb-security-arch] 373 Rescorla, E., "WebRTC Security Architecture", draft-ietf- 374 rtcweb-security-arch-07 (work in progress), July 2013. 376 [ISMACrypt2] 377 Internet Streaming Media Alliance (ISMA), , "ISMA 378 Encryption and Authentication, Version 2.0 release 379 version", November 2007. 381 [MBMS] 3GPP, , "Multimedia Broadcast/Multicast Service (MBMS); 382 Protocols and codecs TS 26.346", . 384 [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, 385 August 1980. 387 [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC 388 793, September 1981. 390 [RFC3365] Schiller, J., "Strong Security Requirements for Internet 391 Engineering Task Force Standard Protocols", BCP 61, RFC 392 3365, August 2002. 394 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 395 Jacobson, "RTP: A Transport Protocol for Real-Time 396 Applications", STD 64, RFC 3550, July 2003. 398 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 399 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 400 RFC 3711, March 2004. 402 [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram 403 Congestion Control Protocol (DCCP)", RFC 4340, March 2006. 405 [RFC4585] Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey, 406 "Extended RTP Profile for Real-time Transport Control 407 Protocol (RTCP)-Based Feedback (RTP/AVPF)", RFC 4585, July 408 2006. 410 [RFC4614] Duke, M., Braden, R., Eddy, W., and E. Blanton, "A Roadmap 411 for Transmission Control Protocol (TCP) Specification 412 Documents", RFC 4614, September 2006. 414 [RFC5479] Wing, D., Fries, S., Tschofenig, H., and F. Audet, 415 "Requirements and Analysis of Media Security Management 416 Protocols", RFC 5479, April 2009. 418 Authors' Addresses 420 Colin Perkins 421 University of Glasgow 422 School of Computing Science 423 Glasgow G12 8QQ 424 UK 426 Email: csp@csperkins.org 427 URI: http://csperkins.org/ 428 Magnus Westerlund 429 Ericsson 430 Farogatan 6 431 Kista SE-164 80 432 Sweden 434 Email: magnus.westerlund@ericsson.com