idnits 2.17.1 draft-ietf-sipbrandy-osrtp-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (December 3, 2018) is 1971 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- -- Obsolete informational reference (is this intentional?): RFC 6982 (Obsoleted by RFC 7942) Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 2 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SIPBRANDY Working Group A. Johnston 3 Internet-Draft Villanova University 4 Intended status: Informational B. Aboba 5 Expires: June 6, 2019 Microsoft 6 A. Hutton 7 Atos 8 R. Jesske 9 Deutsche Telekom 10 T. Stach 11 Unaffiliated 12 December 3, 2018 14 An Opportunistic Approach for Secure Real-time Transport Protocol 15 (OSRTP) 16 draft-ietf-sipbrandy-osrtp-07 18 Abstract 20 Opportunistic Secure Real-time Transport Protocol (OSRTP) is an 21 implementation of the Opportunistic Security mechanism, as defined in 22 RFC 7435, applied to Real-time Transport Protocol (RTP). OSRTP 23 allows encrypted media to be used in environments where support for 24 encryption is not known in advance, and not required. OSRTP does not 25 require SDP extensions or features and is fully backwards compatible 26 with existing implementations using encrypted and authenticated media 27 and implementations that do not encrypt or authenticate media 28 packets. OSRTP is not specific to any key management technique for 29 SRTP. OSRTP is a transitional approach useful for migrating existing 30 deployments of real-time communications to a fully encrypted and 31 authenticated state. 33 Status of This Memo 35 This Internet-Draft is submitted in full conformance with the 36 provisions of BCP 78 and BCP 79. 38 Internet-Drafts are working documents of the Internet Engineering 39 Task Force (IETF). Note that other groups may also distribute 40 working documents as Internet-Drafts. The list of current Internet- 41 Drafts is at https://datatracker.ietf.org/drafts/current/. 43 Internet-Drafts are draft documents valid for a maximum of six months 44 and may be updated, replaced, or obsoleted by other documents at any 45 time. It is inappropriate to use Internet-Drafts as reference 46 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on June 6, 2019. 50 Copyright Notice 52 Copyright (c) 2018 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3 69 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 70 3. SDP Offer/Answer Considerations . . . . . . . . . . . . . . . 3 71 3.1. Generating the Initial OSRTP Offer . . . . . . . . . . . 4 72 3.2. Generating the Answer . . . . . . . . . . . . . . . . . . 4 73 3.3. Offerer Processing the Answer . . . . . . . . . . . . . . 4 74 3.4. Modifying the Session . . . . . . . . . . . . . . . . . . 4 75 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 76 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 77 6. Implementation Status . . . . . . . . . . . . . . . . . . . . 5 78 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 79 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 80 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 81 8.2. Informative References . . . . . . . . . . . . . . . . . 7 82 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 84 1. Introduction 86 Opportunistic Security [RFC7435] (OS) is an approach to security that 87 defines a third mode for security between "cleartext" and 88 "comprehensive protection" that allows encryption and authentication 89 to be used if supported but will not result in failures if it is not 90 supported. In terms of secure media, cleartext is RTP [RFC3550] 91 media which is negotiated with the RTP/AVP (Audio Video Profile) 92 [RFC3551] or the RTP/AVPF profile [RFC4585]. Comprehensive 93 protection is Secure RTP [RFC3711], negotiated with a secure profile, 94 such as SAVP or SAVPF [RFC5124]. OSRTP allows SRTP to be negotiated 95 with the RTP/AVP profile, with fallback to RTP if SRTP is not 96 supported. 98 There have been some extensions to SDP to allow profiles to be 99 negotiated such as SDP Capabilities Negotiation (capneg) [RFC5939] . 100 However, these approaches are complex and have very limited 101 deployment in communication systems. Other key management protocols 102 for SRTP have been developed which by design use OS, such as ZRTP 103 [RFC6189]. This approach for OSRTP is based on 104 [I-D.kaplan-mmusic-best-effort-srtp] where it was called "best effort 105 SRTP". [I-D.kaplan-mmusic-best-effort-srtp] has a full discussion of 106 the motivation and requirements for opportunistic secure media. 108 OSRTP uses the presence of SRTP keying-related attributes in an SDP 109 offer to indicate support for opportunistic secure media. The 110 presence of SRTP keying-related attributes in the SDP answer 111 indicates that the other party also supports OSRTP and encrypted and 112 authenticated media will be used. OSRTP requires no additional 113 extensions to SDP or new attributes and is defined independently of 114 the key agreement mechanism used. OSRTP is only usable when media is 115 negotiated using the Offer/Answer protocol [RFC3264]. 117 1.1. Applicability Statement 119 OSRTP is a transitional approach that provides a migration path from 120 unencrypted communication (RTP) to fully encrypted communication 121 (SRTP). It is only to be used in existing deployments which are 122 attempting to transition to fully secure communications. New 123 applications and new deployments will not use OSRTP. 125 2. Requirements Language 127 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 128 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 129 "OPTIONAL" in this document are to be interpreted as described in RFC 130 2119 [RFC2119]. 132 3. SDP Offer/Answer Considerations 134 This section defines the SDP offer/answer considerations for 135 opportunistic security. 137 The procedures are for a specific m- section describing RTP-based 138 media. If an SDP offer or answer contains multiple such m- sections, 139 the procedures are applied to each m- section individually. 141 "Initial OSRTP offer" refers to the offer in which oportunistic 142 security is offered for an m- section for the first time within an 143 SDP session. 145 It is important to note that OSRTP makes no changes, and has no 146 effect on media sessions in which the offer contains a secure profile 147 of RTP, such as SAVP or SAVPF. As discussed in [RFC7435], this is 148 the "comprehensive protection" for media mode. 150 3.1. Generating the Initial OSRTP Offer 152 To indicate support for OSRTP in an SDP offer, the offerer uses the 153 RTP/AVP profile [RFC3551] or the RTP/AVPF profile [RFC4585] but 154 includes SRTP keying attributes. OSRTP is not specific to any key 155 management technique for SRTP. For example: 157 If the offerer supports DTLS-SRTP key agreement [RFC5763], then an 158 a=fingerprint attribute will be present, or 160 If the offerer supports SDP Security Descriptions key agreement 161 [RFC4568], then an a=crypto attribute will be present, or 163 If the offerer supports ZRTP key agreement [RFC6189], then an 164 a=zrtp-hash attribute will be present. 166 3.2. Generating the Answer 168 To accept OSRTP, an answerer receiving an offer indicating support 169 for OSRTP generates an SDP answer containing SRTP keying attributes 170 which match one of the keying methods in the offer. The answer MUST 171 NOT contain attributes from more than one keying method, even if the 172 offer contained multiple keying method attributes. The selected SRTP 173 key management approach is followed and SRTP media is used for this 174 session. If the SRTP key management fails for any reason, the media 175 session MUST fail. To decline OSRTP, the answerer generates an SDP 176 answer omitting SRTP keying attributes, and the media session 177 proceeds with RTP with no encryption or authentication used. 179 3.3. Offerer Processing the Answer 181 If the offerer of OSRTP receives an SDP answer which does not contain 182 SRTP keying attributes, then the media session proceeds with RTP. If 183 the SDP answer contains SRTP keying attributes then the associated 184 SRTP key management approach is followed and SRTP media is used for 185 this session. If the SRTP key management fails, the media session 186 MUST fail. 188 3.4. Modifying the Session 190 When an offerer generates a subsequent offer it should do so 191 following the principles of [RFC6337] meaning that the decision to 192 create an OSRTP type offer or something else should not be influenced 193 by what was previously negotiated. For example if a previous OSRTP 194 offer did not result in SRTP being established the offerer may try 195 again and generate a new OSRTP offer as specified in section [3.1]. 197 4. Security Considerations 199 The security considerations of [RFC7435] apply to OSRTP, as well as 200 the security considerations of the particular SRTP key agreement 201 approach used. However, the authentication requirements of a 202 particular SRTP key agreement approach are relaxed when that key 203 agreement is used with OSRTP. For example: 205 For DTLS-SRTP key agreement [RFC5763], an authenticated signaling 206 channel does not need to be used with OSRTP if it is not 207 available. 209 For SDP Security Descriptions key agreement [RFC4568], an 210 authenticated signaling channel does not need to be used with 211 OSRTP if it is not available, although an encrypted signaling 212 channel must still be used. 214 For ZRTP key agreement [RFC6189], the security considerations are 215 unchanged, since ZRTP does not rely on the security of the 216 signaling channel. 218 As discussed in [RFC7435], OSRTP is used in cases where support for 219 encryption by the other party is not known in advance, and not 220 required. For cases where it is known that the other party supports 221 SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a 222 secure profile of RTP is used in the offer. 224 5. IANA Considerations 226 This document has no actions for IANA. 228 6. Implementation Status 230 Note to RFC Editor: Please remove this entire section prior to 231 publication, including the reference to [RFC6982]. 233 This section records the status of known implementations of the 234 protocol defined by this specification at the time of posting of this 235 Internet-Draft, and is based on a proposal described in [RFC6982]. 236 The description of implementations in this section is intended to 237 assist the IETF in its decision processes in progressing drafts to 238 RFCs. Please note that the listing of any individual implementation 239 here does not imply endorsement by the IETF. Furthermore, no effort 240 has been spent to verify the information presented here that was 241 supplied by IETF contributors. This is not intended as, and must not 242 be construed to be, a catalog of available implementations or their 243 features. Readers are advised to note that other implementations may 244 exist. 246 According to [RFC6982], "this will allow reviewers and working groups 247 to assign due consideration to documents that have the benefit of 248 running code, which may serve as evidence of valuable experimentation 249 and feedback that have made the implemented protocols more mature. 250 It is up to the individual working groups to use this information as 251 they see fit". 253 There are implementations of [I-D.kaplan-mmusic-best-effort-srtp] in 254 deployed products by Microsoft and Unify. The IMTC "Best Practices 255 for SIP Security" document [IMTC-SIP] recommends this approach. The 256 SIP Forum planned to include support in the SIPconnect 2.0 SIP 257 trunking recommendation [SIPCONNECT]. There are many deployments of 258 ZRTP [RFC6189]. 260 7. Acknowledgements 262 This document is dedicated to our friend and colleague Francois Audet 263 who is greatly missed in our community. His work on improving 264 security in SIP and RTP provided the foundation for this work. 266 Thanks to Eric Rescorla, Martin Thomson, Christer Holmberg, and 267 Richard Barnes for their comments. 269 8. References 271 8.1. Normative References 273 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 274 Requirement Levels", BCP 14, RFC 2119, 275 DOI 10.17487/RFC2119, March 1997, 276 . 278 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 279 with Session Description Protocol (SDP)", RFC 3264, 280 DOI 10.17487/RFC3264, June 2002, 281 . 283 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 284 Jacobson, "RTP: A Transport Protocol for Real-Time 285 Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, 286 July 2003, . 288 [RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and 289 Video Conferences with Minimal Control", STD 65, RFC 3551, 290 DOI 10.17487/RFC3551, July 2003, 291 . 293 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 294 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 295 RFC 3711, DOI 10.17487/RFC3711, March 2004, 296 . 298 [RFC4568] Andreasen, F., Baugher, M., and D. Wing, "Session 299 Description Protocol (SDP) Security Descriptions for Media 300 Streams", RFC 4568, DOI 10.17487/RFC4568, July 2006, 301 . 303 [RFC4585] Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey, 304 "Extended RTP Profile for Real-time Transport Control 305 Protocol (RTCP)-Based Feedback (RTP/AVPF)", RFC 4585, 306 DOI 10.17487/RFC4585, July 2006, 307 . 309 [RFC5124] Ott, J. and E. Carrara, "Extended Secure RTP Profile for 310 Real-time Transport Control Protocol (RTCP)-Based Feedback 311 (RTP/SAVPF)", RFC 5124, DOI 10.17487/RFC5124, February 312 2008, . 314 [RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework 315 for Establishing a Secure Real-time Transport Protocol 316 (SRTP) Security Context Using Datagram Transport Layer 317 Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May 318 2010, . 320 [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: 321 Media Path Key Agreement for Unicast Secure RTP", 322 RFC 6189, DOI 10.17487/RFC6189, April 2011, 323 . 325 [RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection 326 Most of the Time", RFC 7435, DOI 10.17487/RFC7435, 327 December 2014, . 329 8.2. Informative References 331 [I-D.kaplan-mmusic-best-effort-srtp] 332 Audet, F. and H. Kaplan, "Session Description Protocol 333 (SDP) Offer/Answer Negotiation For Best-Effort Secure 334 Real-Time Transport Protocol", draft-kaplan-mmusic-best- 335 effort-srtp-01 (work in progress), October 2006. 337 [IMTC-SIP] 338 "Best Practices for SIP Security", IMTC SIP Parity 339 Group http://www.imtc.org/uc/sip-parity-activity-group/, 340 2011, . 342 [RFC5939] Andreasen, F., "Session Description Protocol (SDP) 343 Capability Negotiation", RFC 5939, DOI 10.17487/RFC5939, 344 September 2010, . 346 [RFC6337] Okumura, S., Sawada, T., and P. Kyzivat, "Session 347 Initiation Protocol (SIP) Usage of the Offer/Answer 348 Model", RFC 6337, DOI 10.17487/RFC6337, August 2011, 349 . 351 [RFC6982] Sheffer, Y. and A. Farrel, "Improving Awareness of Running 352 Code: The Implementation Status Section", RFC 6982, 353 DOI 10.17487/RFC6982, July 2013, 354 . 356 [SIPCONNECT] 357 "SIP-PBX / Service Provider Interoperability SIPconnect 358 2.0 - Technical Recommendation", SIP Forum http://www.sipf 359 orum.org/component/option,com_docman/task,doc_download/ 360 gid,838/Itemid,261/, 2017, . 362 Authors' Addresses 364 Alan Johnston 365 Villanova University 366 Villanova, PA 367 USA 369 Email: alan.b.johnston@gmail.com 371 Bernard Aboba 372 Microsoft 373 One Microsoft Way 374 Redmond, WA 98052 375 USA 377 Email: bernard.aboba@gmail.com 378 Andrew Hutton 379 Atos 380 Mid City Place 381 London WC1V 6EA 382 UK 384 Email: andrew.hutton@atos.net 386 Roland Jesske 387 Deutsche Telekom 388 Heinrich-Hertz-Strasse 3-7 389 Darmstadt 64295 390 Germany 392 Email: R.Jesske@telekom.de 394 Thomas Stach 395 Unaffiliated 397 Email: thomass.stach@gmail.com