Presentation is loading. Please wait.

Presentation is loading. Please wait.

July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston.

Published byGavin Ryan Modified over 8 years ago

Similar presentations

Presentation on theme: "July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston."— Presentation transcript:

1 July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston

2 July 10, 2006rtpsec BOF IETF-662 Without Best Effort SRTP I need to know if you support secure media before I send you an INVITE :-( If I choose incorrectly, the session fails completely. :-( If I you have three devices and only one supports secure media, when I call you securely, only that phone will ever ring. :-( Adoption of SRTP will require a step function - everyone must simultaneously support it or else bad things will happen to the early adopters :-(

3 July 10, 2006rtpsec BOF IETF-663 Without Best Effort Call Flow INVITE m=SAVP 400 Not Supported ACK Failed Session! Secure UA Non-Secure UA

4 July 10, 2006rtpsec BOF IETF-664 Why is this true? SRTP currently can only be used with the Secure RTP profile (SAVP) SDP offer/answer can negotiate many things, but not RTP profiles a=keymgt and a=crypto cannot be used with normal AVP m= media lines

5 July 10, 2006rtpsec BOF IETF-665 Requirements The ability to transition from few devices supporting secure media to (hopefully) all devices supporting secure media. Caller is willing to accept a non-secure media session during this transition period Caller does not need to know if callee supports secure media. Work with forking and early media Must be backwards compatible

6 July 10, 2006rtpsec BOF IETF-666 Signaling Discovery Mechanisms Approaches –Try to retrofit SDP to allow negotiation of RTP profiles draft-andreasen-mmusic-sdp-capability-negotiation-00.txt –Allow SRTP key management attributes in AVP profiles Signaling is used to indicate that SRTP might be used. –Signaling can be useful for authentication E.g. exchange of certificate fingerprints or SAS Issues –Backwards compatibility –Deprecation of SAVP profile –Complexity in resulting SDP

7 July 10, 2006rtpsec BOF IETF-667 In-band Discovery Mechanism In-band RTP approach –Used in ZRTP draft-zimmermann-avt-zrtp-01.txt –Fits nicely with in-path key management approaches that solve the other keying problems (early media, forking, clipping, etc.) –Can still utilize signaling for authentication –Can be supplemented by signaling discovery Issues –Encryption ability can be dependent on codec support Offer/answer exchange complete (codec selected) prior to encryption negotiation Codec could be renegotiated to allow encryption

8 July 10, 2006rtpsec BOF IETF-668 In-Band Discovery “Secure Flag” encoded in RTP packets sent at the start of a media session –Can’t just start sending non-RTP packets on RTP ports without knowing the other UA is capable of demultiplexing Causes audio crashes –Natural place for layering reasons if in-path key management is used Use the RTP Extension header field for proven backwards compatibility –Ignored by UAs that don’t understand it –Answered by UAs that do.

9 July 10, 2006rtpsec BOF IETF-669 In-Band Discovery Flow Signaling Exchange RTP with secure flag Key Negotiation SRTP

10 July 10, 2006rtpsec BOF IETF-6610 Signaling Secure Media After the Fact Any backwards compatible solution for Best Effort SRTP will involve initiating SRTP over a normal AVP m= media line Could indicate secure media in other ways: –a=srtp attribute –“issecure” feature tag (signaled with Contact URI) Or, a re-INVITE or UPDATE could be used to upgrade a media line from non-secure to secure. –SAVP m= line would be added and AVP m= line would be declined

Download ppt "July 10, 2006rtpsec BOF IETF-661 Best Effort SRTP Phil Zimmermann Alan Johnston."

Similar presentations

Re-INVITE Handling draft-camarillo-sipping-reinvite-00.txt

Re-INVITE Handling draft-camarillo-sipping-reinvite-00.txt
www.dynamicsoft.com U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP 2000-05-10-00 SIP Security Jonathan Rosenberg Chief Scientist.

U N L E A S H I N G A S E R V I C E S R E N A I S S A N C E SIP SIP Security Jonathan Rosenberg Chief Scientist.
www.dynamicsoft.com VON Europe 2000 - 06-19-00 SIP Update Jonathan Rosenberg Chief Scientist co-chair, IETF SIP Working Group.

VON Europe SIP Update Jonathan Rosenberg Chief Scientist co-chair, IETF SIP Working Group.
SIP Interconnect Guidelines draft-hancock-sip-interconnect-guidelines-02 David Hancock, Daryl Malas.

SIP Interconnect Guidelines draft-hancock-sip-interconnect-guidelines-02 David Hancock, Daryl Malas.
Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.

Early Media Authorization Under what conditions should negotiated media flow prior to 200 OK (INVITE)? Richard Ejzak.
Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,
SIP Working Group Jonathan Rosenberg dynamicsoft.

SIP Working Group Jonathan Rosenberg dynamicsoft.
Remote Call/Device Control IETF82, Dispatch WG, Taipei November 15, 2011 1 Rifaat Shekh-Yusef Cullen Jennings Alan Johnston.

Remote Call/Device Control IETF82, Dispatch WG, Taipei November 15, Rifaat Shekh-Yusef Cullen Jennings Alan Johnston.
January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.

January 23-26, 2007 Ft. Lauderdale, Florida An introduction to SIP Simon Millard Professional Services Manager Aculab.
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.
July 30, 2010SIPREC WG1 SIP Call Control - Recording Extensions draft-johnston-siprec-cc-rec-00 Alan Johnston Andrew Hutton.

July 30, 2010SIPREC WG1 SIP Call Control - Recording Extensions draft-johnston-siprec-cc-rec-00 Alan Johnston Andrew Hutton.
SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.

SIP Action Referral Rifaat Shekh-Yusef Cullen Jennings Alan Johnston Francois Audet 1 IETF 80, SPLICES WG, Prague March 29, 2011.
Property of i3 Forum (all rights reserved) Analysis of T.38 protocol Survey results, carrier’s remarks and suggestions Contact Points: Dr. Jerzy Soldrowsky.

Property of i3 Forum (all rights reserved) Analysis of T.38 protocol Survey results, carrier’s remarks and suggestions Contact Points: Dr. Jerzy Soldrowsky.
RTCWEB Signaling Matthew Kaufman. Scope Web Server Browser.

RTCWEB Signaling Matthew Kaufman. Scope Web Server Browser.
Miscellaneous Capabilities Negotiation in SDP IETF82 Taipei, Taiwan Simo Veikkolainen 1.

Miscellaneous Capabilities Negotiation in SDP IETF82 Taipei, Taiwan Simo Veikkolainen 1.
Draft-romanow-clue-call-flow-02 Allyn Romanow Rob Hansen Arun Krishna.

Draft-romanow-clue-call-flow-02 Allyn Romanow Rob Hansen Arun Krishna.
March 10, 2008SIPPING WG IETF-711 Secure Media Recording and Transcoding with the Session Initiation Protocol draft-wing-sipping-srtp-key-03 Dan Wing Francois.

March 10, 2008SIPPING WG IETF-711 Secure Media Recording and Transcoding with the Session Initiation Protocol draft-wing-sipping-srtp-key-03 Dan Wing Francois.
All rights reserved © 1999, Alcatel, Paris. page n° 1 SIP for Xcast SIP for the establishment of xcast-based multiparty.

All rights reserved © 1999, Alcatel, Paris. page n° 1 SIP for Xcast SIP for the establishment of xcast-based multiparty.
Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.

Session Initiation Protocol (SIP). What is SIP? An application-layer protocol A control (signaling) protocol.
CS 414 - Spring 2012 CS 414 – Multimedia Systems Design Lecture 22 – Multimedia Session Protocols Klara Nahrstedt Spring 2012.

CS Spring 2012 CS 414 – Multimedia Systems Design Lecture 22 – Multimedia Session Protocols Klara Nahrstedt Spring 2012.

Similar presentations

Ads by Google