SDP Security Descriptions for Media Streams draft-ietf-mmusic-sdescriptions-02.txt November 14, 2003 Flemming Andreasen Mark Baugher.

Slides:

Advertisements

Similar presentations

Re-INVITE Handling draft-camarillo-sipping-reinvite-00.txt

Advertisements

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

RTP Payload Format for Multiple Flows FEC draft-peck-fecframe-rtp-mf-00 Orly Peck, RADVISION IETF 76 – November 2009.

Mobility Solutions BCMCS Key Derivation Procedure Harmonization with IETF SRTP.

RTP: A Transport Protocol for Real-Time Applications Provides end-to-end delivery services for data with real-time characteristics, such as interactive.

1 SIPREC Protocol (draft-ietf-siprec-protocol-06) August 3, 2012 IETF 84 Authors: L. Portman, H. Lum, A. Johnston, A. Hutton, C. Eckel.

Session Announcement Protocol Colin Perkins University College London.

Real-time Transport Protocol (RTP) Recommendations for SIPREC (draft-eckel-siprec-rtp-rec-01) Charles Eckel IETF-81, Quebec City, July.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

RTP: A Transport Protocol for Real-Time Applications

Introduction to SDP Issues. Content Background Goals SDP Primer RTP Primer Use cases “New” Functionalities in SDP Multiple RTP Streams in SDP Decision.

1 SIPREC Recording Metadata format (draft-ram-siprec-metadata-format- 01) IETF-80 SIPREC MEETING R Parthasarathi On behalf of the team Team: Paul Kyzivat,

ECE 424 Embedded Systems Design Networking Connectivity Chapter 12 Ning Weng.

July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston.

1 Accounting, Authentication and Authorization Issues in “Well Managed” IP Multicasting Services November 9, 2005 Tsunemasa Hayashi

Audio/Video Transport Working Group 44th IETF, Minneapolis March 1999 Stephen Casner -- Cisco Systems Colin Perkins -- UCL Mailing list:

EAP WG EAP Key Management Framework Draft-ietf-eap-keying-03.txt Bernard Aboba Microsoft.

SIPREC Conference Recording (draft-kyzivat-siprec-conference-use-cases-01) IETF 89, March 7, 2014 Authors: Michael Yan, Paul Kyzivat, Simon Romano.

Roni Even Jonathan Lennox Mapping RTP streams to CLUE media captures draft-even-clue-rtp-mapping-03 IETF-84.

Real Time Protocol (RTP) 김 준

RADIUS Crypto-Agility Requirements November 18, 2008 David B. Nelson IETF 73 Minneapolis.

Team Members Atcharawan Jansprasert Padmoja Roy Rana Almakabi Ehsan Eslamlouevan Manya Tarawalie.

Presents Fall Forum H.235 Security Status Quo and Perspectives Presented by Martin Euchner, Rapporteur Q.G/16 Siemens AG.

RTSP to Draft Standard draft-ietf-mmusic-rfc2236bis-02.txt Authors: Henning Schulzrinne, Anup Rao, Robert Lanphier, Magnus Westerlund.

IETF70, Vancouver, December 2007draft-wing-sipping-srtp-key-021 Disclosing Secure RTP (SRTP) Session Keys draft-wing-sipping-srtp-key-02 Dan Wing,

Real-time Transport Protocol (RTP) Recommendations for SIPREC (draft-eckel-siprec-rtp-rec-02) Charles Eckel SIPREC Virtual Interim.

Session Recording (SIPREC) Protocol (draft-ietf-siprec-protocol-09) Leon Portman Henry Lum

SIP Interconnect Guidelines draft-hancock-sip-interconnect-guidelines-01 David Hancock, Daryl Malas.

SDP Security Descriptions for Media Streams Mark Baugher Dan Wing - Cisco Systems -

IETF-81, Quebec City, July 25-29, 2011

1 SIP Requirements for SRTP Keying Dan Wing IETF 66 v4.

Audio/Video Transport Core Maintenance Working Group Magnus Westerlund Roni Even Jabber room:

Christian Groves Describing Captures in CLUE and relation to multipoint conferencing draft-groves-clue-multi-content-00 CLUE Interim meeting (09/13)

Security Support for Multi-cast Traffic in M2M communication Document Number: IEEE C802.16p-10/0032 Date Submitted: Source: Inuk Jung, Kiseon.

CLUE RTP usage Andy Pepperell

Magnus Westerlund 1 The RTSP Core specification draft-ietf-mmusic-rfc2326bis-06.txt Magnus Westerlund Aravind Narasimhan Rob Lanphier Anup Rao Henning.

RTP Splicing Status Update draft-ietf-avtext-splicing-for-rtp-11 Jinwei Xia.

SDP Simple Capability Negotiation (SDP Simcap) draft-andreasen-mmusic-sdp-simcap-reqts-00.txt draft-andreasen-mmusic-sdp-simcap-01.txt 50th IETF - March.

Open issues from SIP list Jonathan Rosenberg dynamicsoft.

IETF 831 Chairs: Flemming Andreasen Miguel A. Garcia.

IETF 53, Minneapolis Kutscher/Ott/Bormann 1 SDPng Update Dirk Jörg Carsten draft-ietf-mmusic-sdpng-04.txt.

A Framework for Session Initiation Protocol User Agent Profile Delivery (draft-ietf-sipping-config-framework-11) SIPPING – IETF 68 Mar 19, 2007 Sumanth.

Currently Open Issues in the MIPv6 Base RFC MIPv6 security design team.

Nov 18 th, th IETF MMUSIC WG draft-levin-mmusic-xml-media-control-00.txt O. Levin / RADVISION S. Olson / Microsoft R. Even / Polycom.

1 Header Compression over IPsec (HCoIPsec) Emre Ertekin, Christos Christou, Rohan Jasani {

IETF WG Presentation1 Urooj Rab Audio/Video Transport.

CLUE WG chair: Mary Barnes RTCWEB WG chair: Ted Hardie CLUE & RTCWEB WGs Adhoc Common (SDP/RTP) building blocks IETF-82.

RFC 4068bis draft-ietf-mipshop-fmipv6-rfc4068bis-01.txt Rajeev Koodli.

RTP Usage for CLUE IETF 82 – 14 November 2011 Jonathan Lennox Allyn Romanow Paul Witty.

Multiple Care-of Address Registration draft-ietf-monami6-multiplecoa-02.txt.

1 SIPREC Recording Metadata format (draft-ram-siprec-metadata- format-01) 9 th May 2011 Interim SIPREC MEETING R Parthasarathi On behalf of the team Team:

1 Connectivity Preconditions for SDP Media Stream draft-andreasen-mmusic-connectivityprecondition-00.txt March 3, 2004 Flemming Andreasen

SIPREC Conference Recording (draft-kyzivat-siprec-conference-use-cases-00) IETF 87, November 4, 2013 Authors: Michael Yan, Paul Kyzivat, Simon Romano.

Allyn Romanow Stephen Botzko Robert Hansen Signaling Requirements for implementing the.

SDP draft-ietf-mmusic-sdp-new-21.txt Colin Perkins.

Thoughts on the LMAP protocol(s) LMAP Interim meeting, Dublin, 15 th September 2014 Philip Eardley Al Morton Jason Weil 1.

Codec Control for RTCWEB

CLUE WG Interim Meeting San Jose, CA Sept , 2012

draft-ietf-simple-message-sessions-00 Ben Campbell

IPv6 Flow Label Specification

RTP: A Transport Protocol for Real-Time Applications

IETF#67 – 5-10 November 2006 FECFRAME requirements (draft-ietf-fecframe-req-01) Mark Watson.

IKEv2 Mobility and Multihoming Protocol (MOBIKE)

draft-rajeshkumar-mmusic-gpmd-01.txt 55th IETF – November 18, 2002

Proposal for VoIP term project

TGi Draft 1 Clause – 8.5 Comments

A RELOAD Usage for Distributed Conference Control (DisCo) – Update

Guidelines for using the Multiplexing Features of RTP to Support Multiple Media Streams draft-ietf-avtcore-multiplex-guidelines-06 Magnus.

Presentation transcript:

SDP Security Descriptions for Media Streams draft-ietf-mmusic-sdescriptions-02.txt November 14, 2003 Flemming Andreasen Mark Baugher Dan Wing

Overview of Changes Recap: –Establish secure media streams by sending security descriptions with ciphers, keys, etc. in SDP Generalize into a core framework and an SRTP- specific part: –High-level Operation and parameter definition –Use with Offer/Answer –Use outside Offer/Answer –Grammar Numerous editorial changes throughout

More Detailed Changes Offer/Answer highlights differences between unicast/multicast, and initial/subsequent offer. Rekeying addressed via offer/answer; everything can be changed (not just keys) Additional rules and considerations for communicating the SRTP SRC parameter (SSRC, SEQ, ROC). Removed SRTP “use” parameter (decryption, encryption or both) - now inferred from context Added Window-Size Hint and to SRTP profile

More Detailed Changes, cont. Extension rules: –Key methods (general) –SRTP crypto-suites –SRTP session parameters IANA considerations and registration procedures Updated grammar

Open Issues Multicast streams SRC Parameter (SSRC, ROC, SEQ) Hierarchical/layered encoding schemes “Use” parameter to specify encryption, decryption or both

Issue #1 - Multicast Streams Several problems: –Shared key versus per-participant specific key. –When key is shared we must ensure unique SSRCs: problematic unless we have other means available to ensure this (cf. issue #2 which has more multicast problems) –If per-participant specific key, then sdescriptions will need each participant to convey its key separately –Support for hierarchical/layered encoding schemes Unclear there is a single good solution for all of these that would work well across all multicast usage scenarios. Proposal:Leave multicast streams for further study.

Issue #2 - SRC Parameter Unique SSRC needed when master key is shared to prevent two-time pad issue ROC and SEQ needed for successful authentication and decryption but can in general not be derived algorithmically from the SRTP stream alone: –Consider a participant joining an existing session –Consider what happens when initial sequence number is close to wrapping and first few packets are lost SRC Parameter contains one or more of: –SSRC:Identifies the crypto context –Roll Over Counter (ROC) and Sequence Number (SEQ): Signals the current ROC and SEQ for a crypto context

Issue #2 - SRC parameter, cont. What does it mean to signal an SRC parameter ? –Meaning of SRC parameter is to instantiate a crypto context –In the multicast case, should we allow this as a way of instantiating crypto contexts for all the participants: Scaling issues - where do we draw the line ? Only works when key is shared between participants –Alternatively, should sdescriptions only be allowed to instantiate a single crypto context: Each participant will then have to send its own sdescription (which may or may not use a unique key) Should suffice for unicast (unless you want to have multiple SSRCs for a unicast session) For unicast, use of different encryption and decryption keys negates need for the SSRC part of the parameter.

Issue #2 - SRC parameter, cont. Handling “SRC collisions”, i.e. signaled SSRC collides with existing SSRC: –Currently, we simply reject such offers. –Would be nice if offerer understood why offer was rejected (especially in the multicast case) –Quickly end up duplicating normal RTP SSRC collision detection and resolution –Again, this is mostly an issue for multicast streams with many participants –For unicast, collision is easily resolved by simply picking another SSRC Proposal: Support unicast and singly single crypto context only. Consider removing SSRC part.

Issue #3: Hierarchical Streams Current draft does not consider hierarchical/layered encoding schemes Only an issue for multicast streams Proposal: Leave for further study for multicast.

Issue #4: “Use” Parameter “Use” parameter was removed: –Allowed a key to be specified as “encryption”, “decryption”, or “both” –Lead to more complicated offer/answer rules with additional room for errors. New rule is to infer usage from context: –Unicast offer contains offerer's encryption key –Unicast answer contains answerer's encryption key –Multicast offer and answer must use the same key (encryption and decryption) –Advertising just advertises the key Is there a need for the “use” parameter ? Proposal: Not needed for unicast.

Next Steps Propose to issue update without multicast No other known issues then Ready for WGLC ?

Security Preconditions for SDP Media Stream draft-andreasen-mmusic-securityprecondition-00.txt November 14, 2003 Flemming Andreasen Mark Baugher Dan Wing

Overview Problem –Offerer suggests more than one security description. –Answerer picks one and starts sending secure media accordingly. –Offerer receives secure media before answer and cannot determine which security description to use (crypto-suite, key, etc.) Solution –Define a security precondition (RFC 3312)

Next Steps Adopt as WG item ?