idnits 2.17.1 draft-ietf-sipbrandy-osrtp-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (May 8, 2017) is 2537 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Obsolete informational reference (is this intentional?): RFC 6982 (Obsoleted by RFC 7942) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SIPBRANDY Working Group A. Johnston 3 Internet-Draft Unaffiliated 4 Intended status: Informational B. Aboba 5 Expires: November 9, 2017 Microsoft 6 A. Hutton 7 Unify 8 R. Jesske 9 Deutsche Telekom 10 T. Stach 11 Unaffiliated 12 May 8, 2017 14 An Opportunistic Approach for Secure Real-time Transport Protocol 15 (OSRTP) 16 draft-ietf-sipbrandy-osrtp-02 18 Abstract 20 Opportunistic Secure Real-time Transport Protocol (OSRTP) allows 21 encrypted media to be used in environments where support for 22 encryption is not known in advance, and not required. OSRTP is an 23 implementation of Opportunistic Security, as defined in RFC 7435. 24 OSRTP does not require advanced SDP extensions or features and is 25 fully backwards compatible with existing secure and insecure 26 implementations. OSRTP is not specific to any key management 27 technique for SRTP. OSRTP is a transitional approach useful for 28 migrating existing deployments of real-time communications to a fully 29 encrypted and authenticated state. 31 Status of This Memo 33 This Internet-Draft is submitted in full conformance with the 34 provisions of BCP 78 and BCP 79. 36 Internet-Drafts are working documents of the Internet Engineering 37 Task Force (IETF). Note that other groups may also distribute 38 working documents as Internet-Drafts. The list of current Internet- 39 Drafts is at http://datatracker.ietf.org/drafts/current/. 41 Internet-Drafts are draft documents valid for a maximum of six months 42 and may be updated, replaced, or obsoleted by other documents at any 43 time. It is inappropriate to use Internet-Drafts as reference 44 material or to cite them other than as "work in progress." 46 This Internet-Draft will expire on November 9, 2017. 48 Copyright Notice 50 Copyright (c) 2017 IETF Trust and the persons identified as the 51 document authors. All rights reserved. 53 This document is subject to BCP 78 and the IETF Trust's Legal 54 Provisions Relating to IETF Documents 55 (http://trustee.ietf.org/license-info) in effect on the date of 56 publication of this document. Please review these documents 57 carefully, as they describe your rights and restrictions with respect 58 to this document. Code Components extracted from this document must 59 include Simplified BSD License text as described in Section 4.e of 60 the Trust Legal Provisions and are provided without warranty as 61 described in the Simplified BSD License. 63 Table of Contents 65 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 66 1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3 67 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 68 3. Definition of Opportunistic Security for SRTP . . . . . . . . 3 69 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 70 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 5 71 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 72 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 73 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 74 7.2. Informative References . . . . . . . . . . . . . . . . . 7 75 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 77 1. Introduction 79 Opportunistic Security [RFC7435] (OS) is an approach to security that 80 defines a third mode for security between "cleartext" and 81 "comprehensive protection" that allows encryption and authentication 82 to be used if supported but will not result in failures if it is not 83 supported. In terms of secure media, cleartext is RTP [RFC3550] 84 media which is negotiated with the AVP (Audio Video Profile) profile 85 defined [RFC3551]. Comprehensive protection is Secure RTP [RFC3711], 86 negotiated with a secure profile, such as SAVP or SAVPF [RFC5124]. 87 OSRTP allows SRTP to be negotiated with the AVP profile, with 88 fallback to RTP if SRTP is not supported. 90 There have been some extensions to SDP to allow profiles to be 91 negotiated such as SDP Capabilities Negotiation (capneg) [RFC5939] . 92 However, these approaches are complex and have very limited 93 deployment in communication systems. Other key management protocols 94 for SRTP have been developed which by design use OS, such as ZRTP 95 [RFC6189]. This approach for OSRTP is based on 97 [I-D.kaplan-mmusic-best-effort-srtp] where it was called "best effort 98 SRTP". [I-D.kaplan-mmusic-best-effort-srtp] has a full discussion of 99 the motivation and requirements for opportunistic secure media. 101 OSRTP uses the presence of SRTP keying-related attributes in an SDP 102 offer to indicate support for opportunistic secure media. The 103 presence of SRTP keying-related attributes in the SDP answer 104 indicates that the other party also supports OSRTP and encrypted and 105 authenticated media will be used. OSRTP requires no additional 106 extensions to SDP or new attributes and is defined independently of 107 the key agreement mechanism used. OSRTP is only usable when media is 108 negotiated using the Offer/Answer protocol [RFC3264]. 110 1.1. Applicability Statement 112 OSRTP is a transitional approach that provides a migration path from 113 unencrypted communication (RTP) to fully encrypted communication 114 (SRTP). It is only to be used in existing deployments which are 115 attempting to transition to fully secure communications. New 116 applications and new deployments will not use OSRTP. 118 2. Requirements Language 120 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 121 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 122 "OPTIONAL" in this document are to be interpreted as described in RFC 123 2119 [RFC2119]. 125 3. Definition of Opportunistic Security for SRTP 127 To indicate support for OSRTP in an SDP offer, the offerer uses the 128 AVP profile [RFC3551] but includes SRTP keying attributes. OSRTP is 129 not specific to any key management technique for SRTP. For example: 131 If the offerer supports DTLS-SRTP key agreement [RFC5763], then an 132 a=fingerprint attribute will be present, or 134 If the offerer supports SDP Security Descriptions key agreement 135 [RFC4568], then an a=crypto attribute will be present, or 137 If the offerer supports ZRTP key agreement [RFC6189], then an 138 a=zrtp-hash attribute will be present. 140 To accept OSRTP, an answerer receiving an offer indicating support 141 for OSRTP generates an SDP answer containing SRTP keying attributes 142 which match one of the keying methods in the offer. The answer MUST 143 NOT contain attributes from more than one keying method, even if the 144 offer contained multiple keying method attributes. The selected SRTP 145 key management approach is followed and SRTP media is used for this 146 session. If the SRTP key management fails for any reason, the media 147 session MUST fail. To decline OSRTP, the answerer generates an SDP 148 answer omitting SRTP keying attributes, and the media session 149 proceeds with RTP with no encryption or authentication used. 151 If the offerer of OSRTP receives an SDP answer which does not contain 152 SRTP keying attributes, then the media session proceeds with RTP. If 153 the SDP answer contains the AVP (or RTP/AVP) profile with SRTP keying 154 attributes or the SAVP (or UDP/TLS/RTP/SAVP(F)) profile with SRTP 155 keying attributes, then that particular SRTP key management approach 156 is followed and SRTP media is used for this session. If the SRTP key 157 management fails, the media session MUST fail. 159 It is important to note that OSRTP makes no changes, and has no 160 effect on media sessions in which the offer contains a secure profile 161 of RTP, such as SAVP or SAVPF. As discussed in [RFC7435], this is 162 the "comprehensive protection" for media mode. 164 4. Security Considerations 166 The security considerations of [RFC7435] apply to OSRTP, as well as 167 the security considerations of the particular SRTP key agreement 168 approach used. However, the authentication requirements of a 169 particular SRTP key agreement approach are relaxed when that key 170 agreement is used with OSRTP. For example: 172 For DTLS-SRTP key agreement [RFC5763], an authenticated signaling 173 channel does not need to be used with OSRTP if it is not 174 available. 176 For SDP Security Descriptions key agreement [RFC4568], an 177 authenticated signaling channel does not need to be used with 178 OSRTP if it is not available, although an encrypted signaling 179 channel must still be used. 181 For ZRTP key agreement [RFC6189], the security considerations are 182 unchanged, since ZRTP does not rely on the security of the 183 signaling channel. 185 As discussed in [RFC7435], OSRTP is used in cases where support for 186 encryption by the other party is not known in advance, and not 187 required. For cases where it is known that the other party supports 188 SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a 189 secure profile of RTP is used in the offer. 191 5. Implementation Status 193 Note to RFC Editor: Please remove this entire section prior to 194 publication, including the reference to [RFC6982]. 196 This section records the status of known implementations of the 197 protocol defined by this specification at the time of posting of this 198 Internet-Draft, and is based on a proposal described in [RFC6982]. 199 The description of implementations in this section is intended to 200 assist the IETF in its decision processes in progressing drafts to 201 RFCs. Please note that the listing of any individual implementation 202 here does not imply endorsement by the IETF. Furthermore, no effort 203 has been spent to verify the information presented here that was 204 supplied by IETF contributors. This is not intended as, and must not 205 be construed to be, a catalog of available implementations or their 206 features. Readers are advised to note that other implementations may 207 exist. 209 According to [RFC6982], "this will allow reviewers and working groups 210 to assign due consideration to documents that have the benefit of 211 running code, which may serve as evidence of valuable experimentation 212 and feedback that have made the implemented protocols more mature. 213 It is up to the individual working groups to use this information as 214 they see fit". 216 There are implementations of [I-D.kaplan-mmusic-best-effort-srtp] in 217 deployed products by Microsoft and Unify. The IMTC "Best Practices 218 for SIP Security" document [IMTC-SIP] recommends this approach. The 219 SIP Forum planned to include support in the SIPconnect 2.0 SIP 220 trunking recommendation [SIPCONNECT]. There are many deployments of 221 ZRTP [RFC6189]. 223 6. Acknowledgements 225 This document is dedicated to our friend and colleague Francois Audet 226 who is greatly missed in our community. His work on improving 227 security in SIP and RTP provided the foundation for this work. 229 Thanks to Eric Rescorla, Martin Thomson, and Richard Barnes for their 230 comments. 232 7. References 234 7.1. Normative References 236 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 237 Requirement Levels", BCP 14, RFC 2119, 238 DOI 10.17487/RFC2119, March 1997, 239 . 241 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 242 with Session Description Protocol (SDP)", RFC 3264, 243 DOI 10.17487/RFC3264, June 2002, 244 . 246 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 247 Jacobson, "RTP: A Transport Protocol for Real-Time 248 Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, 249 July 2003, . 251 [RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and 252 Video Conferences with Minimal Control", STD 65, RFC 3551, 253 DOI 10.17487/RFC3551, July 2003, 254 . 256 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 257 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 258 RFC 3711, DOI 10.17487/RFC3711, March 2004, 259 . 261 [RFC4568] Andreasen, F., Baugher, M., and D. Wing, "Session 262 Description Protocol (SDP) Security Descriptions for Media 263 Streams", RFC 4568, DOI 10.17487/RFC4568, July 2006, 264 . 266 [RFC5124] Ott, J. and E. Carrara, "Extended Secure RTP Profile for 267 Real-time Transport Control Protocol (RTCP)-Based Feedback 268 (RTP/SAVPF)", RFC 5124, DOI 10.17487/RFC5124, February 269 2008, . 271 [RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework 272 for Establishing a Secure Real-time Transport Protocol 273 (SRTP) Security Context Using Datagram Transport Layer 274 Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May 275 2010, . 277 [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: 278 Media Path Key Agreement for Unicast Secure RTP", 279 RFC 6189, DOI 10.17487/RFC6189, April 2011, 280 . 282 [RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection 283 Most of the Time", RFC 7435, DOI 10.17487/RFC7435, 284 December 2014, . 286 7.2. Informative References 288 [I-D.kaplan-mmusic-best-effort-srtp] 289 Audet, F. and H. Kaplan, "Session Description Protocol 290 (SDP) Offer/Answer Negotiation For Best-Effort Secure 291 Real-Time Transport Protocol", draft-kaplan-mmusic-best- 292 effort-srtp-01 (work in progress), October 2006. 294 [IMTC-SIP] 295 "Best Practices for SIP Security", IMTC SIP Parity 296 Group http://www.imtc.org/uc/sip-parity-activity-group/, 297 2011, . 299 [RFC5939] Andreasen, F., "Session Description Protocol (SDP) 300 Capability Negotiation", RFC 5939, DOI 10.17487/RFC5939, 301 September 2010, . 303 [RFC6982] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 304 Code: The Implementation Status Section", RFC 6982, 305 DOI 10.17487/RFC6982, July 2013, 306 . 308 [SIPCONNECT] 309 "SIP-PBX / Service Provider Interoperability SIPconnect 310 2.0 - Technical Recommendation", SIP Forum http://www.sipf 311 orum.org/component/option,com_docman/task,doc_download/ 312 gid,838/Itemid,261/, 2017, . 314 Authors' Addresses 316 Alan Johnston 317 Unaffiliated 318 Bellevue, WA 319 USA 321 Email: alan.b.johnston@gmail.com 322 Bernard Aboba 323 Microsoft 324 One Microsoft Way 325 Redmond, WA 98052 326 USA 328 Email: bernard.aboba@gmail.com 330 Andy Hutton 331 Unify 332 Technology Drive 333 Nottingham NG9 1LA 334 UK 336 Email: andrew.hutton@unify.com 338 Roland Jesske 339 Deutsche Telekom 340 Heinrich-Hertz-Strasse 3-7 341 Darmstadt 64295 342 Germany 344 Email: R.Jesske@telekom.de 346 Thomas Stach 347 Unaffiliated 349 Email: thomass.stach@gmail.com