idnits 2.17.1 draft-ietf-sipbrandy-osrtp-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack an IANA Considerations section. (See Section 2.2 of https://www.ietf.org/id-info/checklist for how to handle the case when there are no actions for IANA.) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (September 18, 2017) is 2409 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Obsolete informational reference (is this intentional?): RFC 6982 (Obsoleted by RFC 7942) Summary: 1 error (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SIPBRANDY Working Group A. Johnston 3 Internet-Draft Rowan University 4 Intended status: Informational B. Aboba 5 Expires: March 22, 2018 Microsoft 6 A. Hutton 7 Unify / Atos 8 R. Jesske 9 Deutsche Telekom 10 T. Stach 11 Unaffiliated 12 September 18, 2017 14 An Opportunistic Approach for Secure Real-time Transport Protocol 15 (OSRTP) 16 draft-ietf-sipbrandy-osrtp-03 18 Abstract 20 Opportunistic Secure Real-time Transport Protocol (OSRTP) is an 21 implementation of the Opportunistic Security mechanism, as defined in 22 RFC 7435, applied to Real-time Transport Protocol (RTP). OSRTP 23 allows encrypted media to be used in environments where support for 24 encryption is not known in advance, and not required. OSRTP does not 25 require SDP extensions or features and is fully backwards compatible 26 with existing implementations using encrypted and authenticated media 27 and implementations that do not encrypt or authenticate media 28 packets. OSRTP is not specific to any key management technique for 29 SRTP. OSRTP is a transitional approach useful for migrating existing 30 deployments of real-time communications to a fully encrypted and 31 authenticated state. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on March 22, 2018. 50 Copyright Notice 52 Copyright (c) 2017 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3 69 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 70 3. Definition of Opportunistic Security for SRTP . . . . . . . . 3 71 4. Security Considerations . . . . . . . . . . . . . . . . . . . 4 72 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 5 73 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5 74 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5 75 7.1. Normative References . . . . . . . . . . . . . . . . . . 5 76 7.2. Informative References . . . . . . . . . . . . . . . . . 7 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7 79 1. Introduction 81 Opportunistic Security [RFC7435] (OS) is an approach to security that 82 defines a third mode for security between "cleartext" and 83 "comprehensive protection" that allows encryption and authentication 84 to be used if supported but will not result in failures if it is not 85 supported. In terms of secure media, cleartext is RTP [RFC3550] 86 media which is negotiated with the RTP/AVP (Audio Video Profile) 87 profile defined [RFC3551]. Comprehensive protection is Secure RTP 88 [RFC3711], negotiated with a secure profile, such as SAVP or SAVPF 89 [RFC5124]. OSRTP allows SRTP to be negotiated with the RTP/AVP 90 profile, with fallback to RTP if SRTP is not supported. 92 There have been some extensions to SDP to allow profiles to be 93 negotiated such as SDP Capabilities Negotiation (capneg) [RFC5939] . 94 However, these approaches are complex and have very limited 95 deployment in communication systems. Other key management protocols 96 for SRTP have been developed which by design use OS, such as ZRTP 97 [RFC6189]. This approach for OSRTP is based on 99 [I-D.kaplan-mmusic-best-effort-srtp] where it was called "best effort 100 SRTP". [I-D.kaplan-mmusic-best-effort-srtp] has a full discussion of 101 the motivation and requirements for opportunistic secure media. 103 OSRTP uses the presence of SRTP keying-related attributes in an SDP 104 offer to indicate support for opportunistic secure media. The 105 presence of SRTP keying-related attributes in the SDP answer 106 indicates that the other party also supports OSRTP and encrypted and 107 authenticated media will be used. OSRTP requires no additional 108 extensions to SDP or new attributes and is defined independently of 109 the key agreement mechanism used. OSRTP is only usable when media is 110 negotiated using the Offer/Answer protocol [RFC3264]. 112 1.1. Applicability Statement 114 OSRTP is a transitional approach that provides a migration path from 115 unencrypted communication (RTP) to fully encrypted communication 116 (SRTP). It is only to be used in existing deployments which are 117 attempting to transition to fully secure communications. New 118 applications and new deployments will not use OSRTP. 120 2. Requirements Language 122 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 123 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 124 "OPTIONAL" in this document are to be interpreted as described in RFC 125 2119 [RFC2119]. 127 3. Definition of Opportunistic Security for SRTP 129 To indicate support for OSRTP in an SDP offer, the offerer uses the 130 RTP/AVP profile [RFC3551] but includes SRTP keying attributes. OSRTP 131 is not specific to any key management technique for SRTP. For 132 example: 134 If the offerer supports DTLS-SRTP key agreement [RFC5763], then an 135 a=fingerprint attribute will be present, or 137 If the offerer supports SDP Security Descriptions key agreement 138 [RFC4568], then an a=crypto attribute will be present, or 140 If the offerer supports ZRTP key agreement [RFC6189], then an 141 a=zrtp-hash attribute will be present. 143 To accept OSRTP, an answerer receiving an offer indicating support 144 for OSRTP generates an SDP answer containing SRTP keying attributes 145 which match one of the keying methods in the offer. The answer MUST 146 NOT contain attributes from more than one keying method, even if the 147 offer contained multiple keying method attributes. The selected SRTP 148 key management approach is followed and SRTP media is used for this 149 session. If the SRTP key management fails for any reason, the media 150 session MUST fail. To decline OSRTP, the answerer generates an SDP 151 answer omitting SRTP keying attributes, and the media session 152 proceeds with RTP with no encryption or authentication used. 154 If the offerer of OSRTP receives an SDP answer which does not contain 155 SRTP keying attributes, then the media session proceeds with RTP. If 156 the SDP answer contains the RTP/AVP profile with SRTP keying 157 attributes or the SAVP (or UDP/TLS/RTP/SAVP(F)) profile with SRTP 158 keying attributes, then that particular SRTP key management approach 159 is followed and SRTP media is used for this session. If the SRTP key 160 management fails, the media session MUST fail. 162 It is important to note that OSRTP makes no changes, and has no 163 effect on media sessions in which the offer contains a secure profile 164 of RTP, such as SAVP or SAVPF. As discussed in [RFC7435], this is 165 the "comprehensive protection" for media mode. 167 4. Security Considerations 169 The security considerations of [RFC7435] apply to OSRTP, as well as 170 the security considerations of the particular SRTP key agreement 171 approach used. However, the authentication requirements of a 172 particular SRTP key agreement approach are relaxed when that key 173 agreement is used with OSRTP. For example: 175 For DTLS-SRTP key agreement [RFC5763], an authenticated signaling 176 channel does not need to be used with OSRTP if it is not 177 available. 179 For SDP Security Descriptions key agreement [RFC4568], an 180 authenticated signaling channel does not need to be used with 181 OSRTP if it is not available, although an encrypted signaling 182 channel must still be used. The use of SDP Security Descriptions 183 using the RTP/AVP profile is defined in 184 [I-D.mmusic-opportunistic-negotiation]. 186 For ZRTP key agreement [RFC6189], the security considerations are 187 unchanged, since ZRTP does not rely on the security of the 188 signaling channel. 190 As discussed in [RFC7435], OSRTP is used in cases where support for 191 encryption by the other party is not known in advance, and not 192 required. For cases where it is known that the other party supports 193 SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a 194 secure profile of RTP is used in the offer. 196 5. Implementation Status 198 Note to RFC Editor: Please remove this entire section prior to 199 publication, including the reference to [RFC6982]. 201 This section records the status of known implementations of the 202 protocol defined by this specification at the time of posting of this 203 Internet-Draft, and is based on a proposal described in [RFC6982]. 204 The description of implementations in this section is intended to 205 assist the IETF in its decision processes in progressing drafts to 206 RFCs. Please note that the listing of any individual implementation 207 here does not imply endorsement by the IETF. Furthermore, no effort 208 has been spent to verify the information presented here that was 209 supplied by IETF contributors. This is not intended as, and must not 210 be construed to be, a catalog of available implementations or their 211 features. Readers are advised to note that other implementations may 212 exist. 214 According to [RFC6982], "this will allow reviewers and working groups 215 to assign due consideration to documents that have the benefit of 216 running code, which may serve as evidence of valuable experimentation 217 and feedback that have made the implemented protocols more mature. 218 It is up to the individual working groups to use this information as 219 they see fit". 221 There are implementations of [I-D.kaplan-mmusic-best-effort-srtp] in 222 deployed products by Microsoft and Unify. The IMTC "Best Practices 223 for SIP Security" document [IMTC-SIP] recommends this approach. The 224 SIP Forum planned to include support in the SIPconnect 2.0 SIP 225 trunking recommendation [SIPCONNECT]. There are many deployments of 226 ZRTP [RFC6189]. 228 6. Acknowledgements 230 This document is dedicated to our friend and colleague Francois Audet 231 who is greatly missed in our community. His work on improving 232 security in SIP and RTP provided the foundation for this work. 234 Thanks to Eric Rescorla, Martin Thomson, and Richard Barnes for their 235 comments. 237 7. References 239 7.1. Normative References 241 [I-D.mmusic-opportunistic-negotiation] 242 Hutton, A., Jesske, R., Johnston, A., Salgueiro, G., and 243 B. Aboba, "Negotiating SRTP and RTCP Feedback using the 244 RTP/AVP Profile", draft-mmusic-opportunistic- 245 negotiation-00 (work in progress), June 2017. 247 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 248 Requirement Levels", BCP 14, RFC 2119, 249 DOI 10.17487/RFC2119, March 1997, 250 . 252 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 253 with Session Description Protocol (SDP)", RFC 3264, 254 DOI 10.17487/RFC3264, June 2002, 255 . 257 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 258 Jacobson, "RTP: A Transport Protocol for Real-Time 259 Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, 260 July 2003, . 262 [RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and 263 Video Conferences with Minimal Control", STD 65, RFC 3551, 264 DOI 10.17487/RFC3551, July 2003, 265 . 267 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 268 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 269 RFC 3711, DOI 10.17487/RFC3711, March 2004, 270 . 272 [RFC4568] Andreasen, F., Baugher, M., and D. Wing, "Session 273 Description Protocol (SDP) Security Descriptions for Media 274 Streams", RFC 4568, DOI 10.17487/RFC4568, July 2006, 275 . 277 [RFC5124] Ott, J. and E. Carrara, "Extended Secure RTP Profile for 278 Real-time Transport Control Protocol (RTCP)-Based Feedback 279 (RTP/SAVPF)", RFC 5124, DOI 10.17487/RFC5124, February 280 2008, . 282 [RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework 283 for Establishing a Secure Real-time Transport Protocol 284 (SRTP) Security Context Using Datagram Transport Layer 285 Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May 286 2010, . 288 [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: 289 Media Path Key Agreement for Unicast Secure RTP", 290 RFC 6189, DOI 10.17487/RFC6189, April 2011, 291 . 293 [RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection 294 Most of the Time", RFC 7435, DOI 10.17487/RFC7435, 295 December 2014, . 297 7.2. Informative References 299 [I-D.kaplan-mmusic-best-effort-srtp] 300 Audet, F. and H. Kaplan, "Session Description Protocol 301 (SDP) Offer/Answer Negotiation For Best-Effort Secure 302 Real-Time Transport Protocol", draft-kaplan-mmusic-best- 303 effort-srtp-01 (work in progress), October 2006. 305 [IMTC-SIP] 306 "Best Practices for SIP Security", IMTC SIP Parity 307 Group http://www.imtc.org/uc/sip-parity-activity-group/, 308 2011, . 310 [RFC5939] Andreasen, F., "Session Description Protocol (SDP) 311 Capability Negotiation", RFC 5939, DOI 10.17487/RFC5939, 312 September 2010, . 314 [RFC6982] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 315 Code: The Implementation Status Section", RFC 6982, 316 DOI 10.17487/RFC6982, July 2013, 317 . 319 [SIPCONNECT] 320 "SIP-PBX / Service Provider Interoperability SIPconnect 321 2.0 - Technical Recommendation", SIP Forum http://www.sipf 322 orum.org/component/option,com_docman/task,doc_download/ 323 gid,838/Itemid,261/, 2017, . 325 Authors' Addresses 327 Alan Johnston 328 Rowan University 329 Glassboro, NJ 330 USA 332 Email: alan.b.johnston@gmail.com 333 Bernard Aboba 334 Microsoft 335 One Microsoft Way 336 Redmond, WA 98052 337 USA 339 Email: bernard.aboba@gmail.com 341 Andrew Hutton 342 Unify / Atos 343 4 Triton Square 344 London NW1 3HG 345 UK 347 Email: andrew.hutton@atos.net 349 Roland Jesske 350 Deutsche Telekom 351 Heinrich-Hertz-Strasse 3-7 352 Darmstadt 64295 353 Germany 355 Email: R.Jesske@telekom.de 357 Thomas Stach 358 Unaffiliated 360 Email: thomass.stach@gmail.com