Options for Securing RTP Sessions
draft-ietf-avtcore-rtp-security-options-10
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2014-04-11
|
10 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2014-04-03
|
10 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2014-03-21
|
10 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2014-02-03
|
10 | Suresh Krishnan | Request for Last Call review by GENART Completed: Ready. Reviewer: Suresh Krishnan. |
2014-01-23
|
10 | Amy Vezza | State changed to RFC Ed Queue from Approved-announcement sent |
2014-01-23
|
10 | (System) | RFC Editor state changed to EDIT |
2014-01-23
|
10 | (System) | Announcement was received by RFC Editor |
2014-01-23
|
10 | (System) | IANA Action state changed to No IC from In Progress |
2014-01-23
|
10 | (System) | IANA Action state changed to In Progress |
2014-01-23
|
10 | Amy Vezza | State changed to Approved-announcement sent from Approved-announcement to be sent::Point Raised - writeup needed |
2014-01-23
|
10 | Amy Vezza | IESG has approved the document |
2014-01-23
|
10 | Amy Vezza | Closed "Approve" ballot |
2014-01-23
|
10 | Amy Vezza | Ballot approval text was generated |
2014-01-23
|
10 | Amy Vezza | Ballot writeup was changed |
2014-01-15
|
10 | Magnus Westerlund | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2014-01-15
|
10 | Magnus Westerlund | New version available: draft-ietf-avtcore-rtp-security-options-10.txt |
2014-01-02
|
09 | Tero Kivinen | Closed request for Early review by SECDIR with state 'No Response' |
2013-12-30
|
09 | Gunter Van de Velde | Closed request for Last Call review by OPSDIR with state 'No Response' |
2013-12-19
|
09 | Cindy Morgan | State changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation |
2013-12-19
|
09 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
2013-12-19
|
09 | Stephen Farrell | [Ballot comment] Thanks for doing this one! - 4.1.3/4.1.4/4.1.4, "Using Identities" would be better if stated in terms of identifiers and not identities. That might … [Ballot comment] Thanks for doing this one! - 4.1.3/4.1.4/4.1.4, "Using Identities" would be better if stated in terms of identifiers and not identities. That might conflict with the common (but incorrect) use of the term identify in SIP though, and it might be ok to go with the broken-but-common usage. - 4.1.4, Certificates don't prove identity. The verification with a public key from a cert of the use of a private key is good evidence that the itentifiers in the cert relate to the holder of the private key. While that is a fairly pedantic distinction compared to the text of the draft, its still better to get it right. Mind you, I'm not sure if that'll make so much difference;-) |
2013-12-19
|
09 | Stephen Farrell | [Ballot Position Update] New position, Yes, has been recorded for Stephen Farrell |
2013-12-19
|
09 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2013-12-19
|
09 | Sean Turner | [Ballot comment] Thanks for this - definitely answered the mail. |
2013-12-19
|
09 | Sean Turner | [Ballot Position Update] New position, Yes, has been recorded for Sean Turner |
2013-12-19
|
09 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2013-12-18
|
09 | Spencer Dawkins | [Ballot comment] This was an awesome document, and very helpful for me (I've spent most of my recent IETF years in RAI, but never on … [Ballot comment] This was an awesome document, and very helpful for me (I've spent most of my recent IETF years in RAI, but never on the media side). Thank you and the working group for producing it. I have a small number of comments, all about points of clarity. Please consider them along with any other feedback you receive. In section 3.1.1. Key Management for SRTP: DTLS-SRTP DTLS-SRTP usage is clearly on the rise. It is mandatory to support in WebRTC. It has growing support among SIP end-points. DTLS-SRTP was developed in IETF primarily to meet security requirements for SIP. The actual security properties of an established SRTP session using DTLS will depend on the cipher suites offered and used, as well as the mechanism for identifying the end-points of the hand-shake. For example some cipher suits provide perfect forward secrecy (PFS), while other do not. I can guess what perfect forward secrecy is, but I'm guessing. The term appears four times in this draft, and the only reference is given the fourth time the term is used, pointing to http://tools.ietf.org/html/rfc4949. That RFC says this: $ perfect forward secrecy (I) For a key agreement protocol, the property that compromises long-term keying material does not compromise session keys that were previously derived from the long-term material. (Compare: public-key forward secrecy.) Usage: Some existing RFCs use this term but either do not define it or do not define it precisely. While preparing this Glossary, we found this to be a muddled area. Experts did not agree. For all practical purposes, the literature defines "perfect forward secrecy" by stating the Diffie-Hellman-Merkle algorithm. The term "public-key forward secrecy" (suggested by Hilarie Orman) and the definition stated for it in this Glossary were crafted to be compatible with current Internet documents, yet be narrow and leave room for improved terminology. If "muddled area" is still accurate (I'm not remotely an expert), it might be helpful to include a definition that is actually what you meant, but even if the term is now perfectly clear, it would be helpful to have a reference the first time the term is used. Also in section 3.1.1 DTLS-SRTP usage is clearly on the rise. It is mandatory to support in WebRTC. It has growing support among SIP end-points. DTLS-SRTP was developed in IETF primarily to meet security requirements for SIP. This paragraph is true, but might be more useful to the reader if the last sentence continued, "security requirements for SIP, such as ..." - SIP has really broad applicability (people proposed using SIP for SmartGrid control, and it would have worked), so helping people understand what problems STLS-SRTP was solving might be helpful. Section 5.1 has some clues about this, but being specific would be helpful to readers who aren't familiar with previous discussions about media security in RAI. In section 3.1.5. Key Management for SRTP: Other systems The ZRTP [RFC6189] key-management system for SRTP was proposed as an alternative to DTLS-SRTP. ZRTP provides best effort encryption independent of the signalling protocol and utilizes key continuity, Short Authentication Strings, or a PKI for authentication. ZRTP wasn't adopted as an IETF standards track protocol, but was instead published as an informational RFC. Commercial implementations exist. Additional proprietary solutions are also known to exist. It was very easy for me to miss the part where the section was talking about "other systems _besides ZRTP_". The text isn't wrong, but might be clearer if the section title was something like "Key Management for SRTP: ZRTP and Other systems". If the the section header and second paragraph used the same noun (either both "systems" or both "solutions"), that would also work. |
2013-12-18
|
09 | Spencer Dawkins | Ballot comment text updated for Spencer Dawkins |
2013-12-18
|
09 | Spencer Dawkins | [Ballot comment] This was an awesome document, and very helpful for me (I've spent most of my recent IETF years in RAI, but never on … [Ballot comment] This was an awesome document, and very helpful for me (I've spent most of my recent IETF years in RAI, but never on the media side). Thank you and the working group for producing it. I have a small number of comments, all about points of clarity. Please consider them along with any other feedback you receive. In section 3.1.1. Key Management for SRTP: DTLS-SRTP DTLS-SRTP usage is clearly on the rise. It is mandatory to support in WebRTC. It has growing support among SIP end-points. DTLS-SRTP was developed in IETF primarily to meet security requirements for SIP. The actual security properties of an established SRTP session using DTLS will depend on the cipher suites offered and used, as well as the mechanism for identifying the end-points of the hand-shake. For example some cipher suits provide perfect forward secrecy (PFS), while other do not. I can guess what perfect forward secrecy is, but I'm guessing. The term appears four times in this draft, and the only reference is given the fourth time the term is used, pointing to http://tools.ietf.org/html/rfc4949. That RFC says this: $ perfect forward secrecy (I) For a key agreement protocol, the property that compromises long-term keying material does not compromise session keys that were previously derived from the long-term material. (Compare: public-key forward secrecy.) Usage: Some existing RFCs use this term but either do not define it or do not define it precisely. While preparing this Glossary, we found this to be a muddled area. Experts did not agree. For all practical purposes, the literature defines "perfect forward secrecy" by stating the Diffie-Hellman-Merkle algorithm. The term "public-key forward secrecy" (suggested by Hilarie Orman) and the definition stated for it in this Glossary were crafted to be compatible with current Internet documents, yet be narrow and leave room for improved terminology. If that's still accurate (I'm not remotely an expert), it might be helpful to include a definition that is actually what you meant, but even if the term is now perfectly clear, it would be helpful to have a reference on the first occurence. Also in section 3.1.1 DTLS-SRTP usage is clearly on the rise. It is mandatory to support in WebRTC. It has growing support among SIP end-points. DTLS-SRTP was developed in IETF primarily to meet security requirements for SIP. This paragraph is true, but might be more useful to the reader if the last sentence continued, "security requirements for SIP, such as ..." - SIP has really broad applicability (people proposed using SIP for SmartGrid control, and it would have worked), so helping people understand what problems STLS-SRTP was solving might be helpful. Section 5.1 has some clues about this, but being specific would be helpful to readers who aren't familiar with previous discussions about media security in RAI. In section 3.1.5. Key Management for SRTP: Other systems The ZRTP [RFC6189] key-management system for SRTP was proposed as an alternative to DTLS-SRTP. ZRTP provides best effort encryption independent of the signalling protocol and utilizes key continuity, Short Authentication Strings, or a PKI for authentication. ZRTP wasn't adopted as an IETF standards track protocol, but was instead published as an informational RFC. Commercial implementations exist. Additional proprietary solutions are also known to exist. It was very easy for me to miss the part where the section was talking about "other systems _besides ZRTP_". The text isn't wrong, but might be clearer if the section title was something like "Key Management for SRTP: ZRTP and Other systems". If the the section header and second paragraph used the same noun (either both "systems" or both "solutions"), that would also work. |
2013-12-18
|
09 | Spencer Dawkins | [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins |
2013-12-18
|
09 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant |
2013-12-17
|
09 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
2013-12-17
|
09 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2013-12-14
|
09 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel |
2013-12-09
|
09 | Richard Barnes | Ballot has been issued |
2013-12-09
|
09 | Richard Barnes | [Ballot Position Update] New position, Yes, has been recorded for Richard Barnes |
2013-12-09
|
09 | Richard Barnes | Created "Approve" ballot |
2013-12-09
|
09 | Richard Barnes | Changed consensus to Yes from Unknown |
2013-12-09
|
09 | Richard Barnes | Placed on agenda for telechat - 2013-12-19 |
2013-12-09
|
09 | Richard Barnes | State changed to IESG Evaluation from Waiting for AD Go-Ahead |
2013-12-06
|
09 | (System) | State changed to Waiting for AD Go-Ahead from In Last Call (ends 2013-12-06) |
2013-11-28
|
09 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Mahalingam Mani |
2013-11-28
|
09 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Mahalingam Mani |
2013-11-26
|
09 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2013-11-26
|
09 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2013-11-26
|
09 | Pearl Liang | IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-avtcore-rtp-security-options-09, which is currently in Last Call, and has the following comments: We understand that, upon approval of this … IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-avtcore-rtp-security-options-09, which is currently in Last Call, and has the following comments: We understand that, upon approval of this document, there are no IANA Actions that need completion. IANA requests that the IANA Considerations section of the document remain in place upon publication. If this assessment is not accurate, please respond as soon as possible. |
2013-11-25
|
09 | Jean Mahoney | Request for Last Call review by GENART is assigned to Suresh Krishnan |
2013-11-25
|
09 | Jean Mahoney | Request for Last Call review by GENART is assigned to Suresh Krishnan |
2013-11-22
|
09 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
2013-11-22
|
09 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Options for Securing RTP Sessions) … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Sender: Subject: Last Call: (Options for Securing RTP Sessions) to Informational RFC The IESG has received a request from the Audio/Video Transport Core Maintenance WG (avtcore) to consider the following document: - 'Options for Securing RTP Sessions' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-12-06. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity and source authentication of RTP/RTCP packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP, and gives guidance for developers on how to choose the appropriate security mechanism. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-security-options/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-security-options/ballot/ No IPR declarations have been submitted directly on this I-D. |
2013-11-22
|
09 | Amy Vezza | State changed to In Last Call from Last Call Requested |
2013-11-22
|
09 | Richard Barnes | Last call was requested |
2013-11-22
|
09 | Richard Barnes | Ballot approval text was generated |
2013-11-22
|
09 | Richard Barnes | State changed to Last Call Requested from AD Evaluation::AD Followup |
2013-11-22
|
09 | Richard Barnes | Last call announcement was generated |
2013-11-22
|
09 | Richard Barnes | Ballot writeup was changed |
2013-11-22
|
09 | Richard Barnes | Ballot writeup was generated |
2013-11-12
|
09 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2013-11-12
|
09 | Magnus Westerlund | New version available: draft-ietf-avtcore-rtp-security-options-09.txt |
2013-11-04
|
08 | Richard Barnes | State changed to AD Evaluation::Revised I-D Needed from Publication Requested |
2013-10-31
|
08 | Roni Even | IETF WG state changed to Submitted to IESG for Publication |
2013-10-31
|
08 | Roni Even | IESG state changed to Publication Requested |
2013-10-31
|
08 | Roni Even | State Change Notice email list changed to avtcore-chairs@tools.ietf.org, draft-ietf-avtcore-rtp-security-options@tools.ietf.org |
2013-10-31
|
08 | Roni Even | Responsible AD changed to Richard Barnes |
2013-10-31
|
08 | Roni Even | Working group state set to Submitted to IESG for Publication |
2013-10-31
|
08 | Roni Even | IESG state set to Publication Requested |
2013-10-31
|
08 | Roni Even | IESG process started in state Publication Requested |
2013-10-31
|
08 | Roni Even | Intended Status changed to Informational from None |
2013-10-31
|
08 | Roni Even | Changed document writeup |
2013-10-30
|
08 | Roni Even | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2013-10-21
|
08 | Colin Perkins | New version available: draft-ietf-avtcore-rtp-security-options-08.txt |
2013-10-07
|
07 | Magnus Westerlund | New version available: draft-ietf-avtcore-rtp-security-options-07.txt |
2013-09-04
|
06 | Roni Even | IETF WG state changed to In WG Last Call from WG Document |
2013-08-30
|
06 | Colin Perkins | New version available: draft-ietf-avtcore-rtp-security-options-06.txt |
2013-08-29
|
05 | Colin Perkins | New version available: draft-ietf-avtcore-rtp-security-options-05.txt |
2013-07-15
|
04 | Colin Perkins | New version available: draft-ietf-avtcore-rtp-security-options-04.txt |
2013-05-23
|
03 | Tero Kivinen | Request for Early review by SECDIR is assigned to Julien Laganier |
2013-05-23
|
03 | Tero Kivinen | Request for Early review by SECDIR is assigned to Julien Laganier |
2013-05-06
|
03 | Magnus Westerlund | New version available: draft-ietf-avtcore-rtp-security-options-03.txt |
2013-03-12
|
02 | Roni Even | Changed shepherd to Roni Even |
2013-02-25
|
02 | Colin Perkins | New version available: draft-ietf-avtcore-rtp-security-options-02.txt |
2012-10-22
|
01 | Magnus Westerlund | New version available: draft-ietf-avtcore-rtp-security-options-01.txt |
2012-07-09
|
00 | Colin Perkins | New version available: draft-ietf-avtcore-rtp-security-options-00.txt |