Encryption of Header Extensions in the Secure Real-time Transport Protocol (SRTP)
draft-ietf-avtcore-srtp-encrypted-header-ext-05
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2013-04-12
|
05 | (System) | RFC Editor state changed to AUTH48-DONE from AUTH48 |
2013-03-18
|
05 | (System) | RFC Editor state changed to AUTH48 from RFC-EDITOR |
2013-02-26
|
05 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
2013-02-14
|
05 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2013-02-13
|
05 | (System) | IANA Action state changed to Waiting on RFC Editor from Waiting on Authors |
2013-02-13
|
05 | Amy Vezza | State changed to RFC Ed Queue from Approved-announcement sent |
2013-02-13
|
05 | (System) | RFC Editor state changed to EDIT |
2013-02-13
|
05 | (System) | Announcement was received by RFC Editor |
2013-02-12
|
05 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2013-02-12
|
05 | (System) | IANA Action state changed to In Progress |
2013-02-12
|
05 | Amy Vezza | State changed to Approved-announcement sent from Approved-announcement to be sent |
2013-02-12
|
05 | Amy Vezza | IESG has approved the document |
2013-02-12
|
05 | Amy Vezza | Closed "Approve" ballot |
2013-02-12
|
05 | Amy Vezza | Ballot approval text was generated |
2013-02-12
|
05 | Amy Vezza | State changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2013-02-08
|
05 | Stephen Farrell | [Ballot comment] Thanks for addressing my security-wonk concerns:-) |
2013-02-08
|
05 | Stephen Farrell | [Ballot Position Update] Position for Stephen Farrell has been changed to Yes from Discuss |
2013-02-08
|
05 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2013-02-08
|
05 | Jonathan Lennox | New version available: draft-ietf-avtcore-srtp-encrypted-header-ext-05.txt |
2013-02-07
|
04 | Amy Vezza | State changed to IESG Evaluation::Revised ID Needed from IESG Evaluation |
2013-02-07
|
04 | Ralph Droms | [Ballot Position Update] New position, No Objection, has been recorded for Ralph Droms |
2013-02-07
|
04 | Sean Turner | [Ballot comment] I support Stephen's discuss and the resolutions proposed by the authors look good to me. |
2013-02-07
|
04 | Sean Turner | [Ballot Position Update] New position, No Objection, has been recorded for Sean Turner |
2013-02-06
|
04 | Wesley Eddy | [Ballot Position Update] New position, No Objection, has been recorded for Wesley Eddy |
2013-02-06
|
04 | Gonzalo Camarillo | [Ballot Position Update] New position, No Objection, has been recorded for Gonzalo Camarillo |
2013-02-05
|
04 | Martin Thomson | Request for Telechat review by GENART Completed: Ready. Reviewer: Martin Thomson. |
2013-02-05
|
04 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded for Russ Housley |
2013-02-05
|
04 | Stewart Bryant | [Ballot Position Update] New position, No Objection, has been recorded for Stewart Bryant |
2013-02-05
|
04 | Brian Haberman | [Ballot comment] I support Stephen's DISCUSS point #1. |
2013-02-05
|
04 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
2013-02-04
|
04 | Benoît Claise | [Ballot comment] - Feedback from Joel Jaeggli, part of the OPS directorate, on which I would appreciate an answer: Section 4.1 proposes negotiating the … [Ballot comment] - Feedback from Joel Jaeggli, part of the OPS directorate, on which I would appreciate an answer: Section 4.1 proposes negotiating the sending of a header element in either encrypted and unecrypted forms which seems a bit self defeating. and I find it a little difficult to stomach to say well its' important that this information be encrypted, but since you can't we'll just send it in the clear. - Really an editorial detail. Take it or leave it. A number of recent proposals for header extensions using the General Mechanism for RTP Header Extensions [RFC5285] carry information for which confidentiality could be desired or essential. Notably, two recent specifications ([RFC6464] and [RFC6465]) carry information about per-packet sound levels of the media data carried in the RTP payload, and exposing this to an eavesdropper is unacceptable in many circumstances. "exposing this to an eavesdropper is unacceptable in many circumstances." was not obvious to me, and I kept thinking about that one while reading through the rest of the doc. In the end, I came back to it, and researched this: this is well described in the RFC 6464 and RFC 6465 Security Considerations. NEW (last sentence) Notably, two recent specifications ([RFC6464] and [RFC6465]) carry information about per-packet sound levels of the media data carried in the RTP payload, and exposing this to an eavesdropper is unacceptable in many circumstances (as described in the respective RFC Security Considerations sections) |
2013-02-04
|
04 | Benoît Claise | Ballot comment text updated for Benoit Claise |
2013-02-04
|
04 | Benoît Claise | [Ballot comment] Really an editorial detail. Take it or leave it. A number of recent proposals for header extensions using the General Mechanism … [Ballot comment] Really an editorial detail. Take it or leave it. A number of recent proposals for header extensions using the General Mechanism for RTP Header Extensions [RFC5285] carry information for which confidentiality could be desired or essential. Notably, two recent specifications ([RFC6464] and [RFC6465]) carry information about per-packet sound levels of the media data carried in the RTP payload, and exposing this to an eavesdropper is unacceptable in many circumstances. "exposing this to an eavesdropper is unacceptable in many circumstances." was not obvious to me, and I kept thinking about that one while reading through the rest of the doc. In the end, I came back to it, and researched this: this is well described in the RFC 6464 and RFC 6465 Security Considerations. NEW (last sentence) Notably, two recent specifications ([RFC6464] and [RFC6465]) carry information about per-packet sound levels of the media data carried in the RTP payload, and exposing this to an eavesdropper is unacceptable in many circumstances (as described in the respective RFC Security Considerations sections) |
2013-02-04
|
04 | Benoît Claise | [Ballot Position Update] New position, No Objection, has been recorded for Benoit Claise |
2013-02-04
|
04 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
2013-02-04
|
04 | Stephen Farrell | [Ballot discuss] Other than point 1, I'm mostly just checking things here so a few quick mails should be enough to sort this out at … [Ballot discuss] Other than point 1, I'm mostly just checking things here so a few quick mails should be enough to sort this out at which point my ballot will turn into a yes. (1) p9, 2nd para - I don't get why you say that a node MAY send both plaintext and ciphertext - what'd be the (security) benefit in doing that? Seems like a dangerous thing to allow since it'd be likely to remain turned on accidentally if ever turned on. If you do need this then I think some better warning text is needed, but I'm not sure what, since I don't get when you want to have both plain and ciphertext present, nor quite how that'd look in e.g. SDP. (2) The masking is fairly elegant, but just to check, that assumes that all header fields are structured as TLVs always, and there's never a header we might want to encrypt that's e.g. a NULL terminated string or the moral equivalent. I think it also assumes that plaintext values never use escaping either, which could extend their length. Is that correct and ok? If there were non-TLV headers or escaping then I think you'd need to say a little more about how and when to calculate the mask from e.g. the SDP extmap attribute. (3) Again, just checking. This scheme would break if headers were moved, inserted before ciphertext, or deleted by middleboxes, right? Are such changes ever done by middleboxes that possess the right authentication keys? Do you need to say that such middleboxes that are part of the security association MUST NOT mess about with headers ever, since they don't know that this is being used over and above the authentication provided by SRTP? (And they don't know that, right?) (4) The 3711 KDF has a key_derivation_rate input that you don't mention here. I assume the idea is that new keystreams are generated for headers at the same rate as for payloads but don't you need to say that? Otherwise, some might use just the first keystream for all headers and others might roll the keystream breaking interop. (5) Slightly off into flakey concerns land;-) Is there any way a bad actor could use this to probe a keystream or verify bits of a keystream one or a few at a time e.g. via a million-message type attack? I don't see how to do that, and will just believe you if you say its ok, but just wondered if you'd thought about that. |
2013-02-04
|
04 | Stephen Farrell | [Ballot comment] - p4, last para - the description of the mask is a bit hard to follow - maybe moving the example earlier might … [Ballot comment] - p4, last para - the description of the mask is a bit hard to follow - maybe moving the example earlier might help, but one does get the right idea after reading further, so just a suggestion - p8, figure 4 has a bunch of numbers that I at least don't understand - what are "2^20|1:32" and "25@600/24" ? I'd like to know why I don't need to understand those:-) - p10, 3rd para - is it even possible to use this with CBC or ECB? Block padding would seem to just break the header syntax except if the plaintext is a multiple of the block size for ECB. I think the note could be deleted or replaced with one that says that this is for stream ciphers only and use of a block cipher would break the header syntax. In any case the MUST NOT seems wrong or moot. - Would it be worth adding an additional security consideration saying that since some headers may well have easily guessed plaintext (some bits anyway) and we're using a stream cipher, the authentication is really really needed or very bad things could happen if attackers flipped bits of ciphertext knowing the likely plaintext and the effects that might ensue? |
2013-02-04
|
04 | Stephen Farrell | [Ballot Position Update] New position, Discuss, has been recorded for Stephen Farrell |
2013-02-03
|
04 | Pete Resnick | [Ballot Position Update] New position, No Objection, has been recorded for Pete Resnick |
2013-02-03
|
04 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded for Ronald Bonica |
2013-01-31
|
04 | Jean Mahoney | Request for Telechat review by GENART is assigned to Martin Thomson |
2013-01-31
|
04 | Jean Mahoney | Request for Telechat review by GENART is assigned to Martin Thomson |
2013-01-30
|
04 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel |
2013-01-27
|
04 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
2013-01-25
|
04 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Scott Kelly. |
2013-01-21
|
04 | Magnus Westerlund | IETF state changed to Submitted to IESG for Publication from In WG Last Call |
2013-01-18
|
04 | Robert Sparks | Placed on agenda for telechat - 2013-02-07 |
2013-01-18
|
04 | Magnus Westerlund | This was requested to be published on 2012-12-17. |
2013-01-18
|
04 | Robert Sparks | State changed to IESG Evaluation from Waiting for AD Go-Ahead |
2013-01-18
|
04 | Robert Sparks | Ballot has been issued |
2013-01-18
|
04 | Robert Sparks | [Ballot Position Update] New position, Yes, has been recorded for Robert Sparks |
2013-01-18
|
04 | Robert Sparks | Created "Approve" ballot |
2013-01-17
|
04 | Martin Thomson | Request for Last Call review by GENART Completed: Ready. Reviewer: Martin Thomson. |
2013-01-17
|
04 | (System) | State changed to Waiting for AD Go-Ahead from In Last Call |
2013-01-11
|
04 | Pearl Liang | IANA has reviewed draft-ietf-avtcore-srtp-encrypted-header-ext-04 and has the following comments: IANA has a question about the IANA Action requested in this document. IANA understands that, upon … IANA has reviewed draft-ietf-avtcore-srtp-encrypted-header-ext-04 and has the following comments: IANA has a question about the IANA Action requested in this document. IANA understands that, upon approval of this document, there is a single action which IANA must complete. In the RTP Compact Header Extensions subregistry of the Real-Time Transport Protocol (RTP) Parameters registry located at: http://www.iana.org/assignments/rtp-parameters/rtp-parameters.xml#rtp-parameters-10 a new RTP Compact Header Extension is to be registered as follows: Extension URI: urn:ietf:params:rtp-hdrext:encrypt Description: Encrypted extension header element Reference: [ RFC-to-be ] Currently the RTP Compact Header Extensions subregistry is maintained through extert review as defined in RFC 5226. IANA Question -> has the document and registration request been reviewed by the RTP Compact Header Extensions subregistry expert? IANA understands this to be the only action that needs to be completed upon approval of this document. Note: The actions requested in this document will not be completed until the document has been approved for publication as an RFC. |
2013-01-10
|
04 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Scott Kelly |
2013-01-10
|
04 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Scott Kelly |
2013-01-03
|
04 | Jean Mahoney | Request for Last Call review by GENART is assigned to Martin Thomson |
2013-01-03
|
04 | Jean Mahoney | Request for Last Call review by GENART is assigned to Martin Thomson |
2013-01-03
|
04 | Amy Vezza | The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Subject: Last Call: (Encryption of Header Extensions in the … The following Last Call announcement was sent out: From: The IESG To: IETF-Announce CC: Reply-To: ietf@ietf.org Subject: Last Call: (Encryption of Header Extensions in the Secure Real-Time Transport Protocol (SRTP)) to Proposed Standard The IESG has received a request from the Audio/Video Transport Core Maintenance WG (avtcore) to consider the following document: - 'Encryption of Header Extensions in the Secure Real-Time Transport Protocol (SRTP)' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-01-17. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Secure Real-Time Transport Protocol (SRTP) provides authentication, but not encryption, of the headers of Real-Time Transport Protocol (RTP) packets. However, RTP header extensions may carry sensitive information for which participants in multimedia sessions want confidentiality. This document provides a mechanism, extending the mechanisms of SRTP, to selectively encrypt RTP header extensions in SRTP. This document updates RFC 3711, the Secure Real-Time Transport Protocol specification, to require that all future SRTP encryption transforms specify how RTP header extensions are to be encrypted. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-avtcore-srtp-encrypted-header-ext/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-avtcore-srtp-encrypted-header-ext/ballot/ No IPR declarations have been submitted directly on this I-D. |
2013-01-03
|
04 | Amy Vezza | State changed to In Last Call from Last Call Requested |
2013-01-03
|
04 | Robert Sparks | Last call was requested |
2013-01-03
|
04 | Robert Sparks | Ballot approval text was generated |
2013-01-03
|
04 | Robert Sparks | State changed to Last Call Requested from AD Evaluation::AD Followup |
2013-01-03
|
04 | Robert Sparks | Last call announcement was generated |
2013-01-03
|
04 | Robert Sparks | Ballot writeup was changed |
2013-01-03
|
04 | Robert Sparks | Ballot writeup was generated |
2013-01-03
|
04 | (System) | Sub state has been changed to AD Followup from Revised ID Needed |
2013-01-03
|
04 | Jonathan Lennox | New version available: draft-ietf-avtcore-srtp-encrypted-header-ext-04.txt |
2013-01-03
|
03 | Robert Sparks | State changed to AD Evaluation::Revised ID Needed from AD Evaluation |
2013-01-03
|
03 | Robert Sparks | State changed to AD Evaluation from Publication Requested |
2012-12-17
|
03 | Amy Vezza | (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? … (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? This is a standard track RFC updating RFC3711 adding a procedure that allows to encrypt part of the RTP header. The title page header indicates it. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: The Secure Real-Time Transport Protocol (SRTP) provides authentication, but not encryption, of the headers of Real-Time Transport Protocol (RTP) packets. However, RTP header extensions may carry sensitive information for which participants in multimedia sessions want confidentiality. This document provides a mechanism, extending the mechanisms of SRTP, to selectively encrypt RTP header extensions in SRTP. This document updates RFC 3711, the Secure Real-Time Transport Protocol specification, to require that all SRTP encryption transforms specify how RTP header extensions are to be encrypted. Working Group Summary: This document went through two working group last call. As a result of the first one there were proposals to add some technical changes that were consented in the second working group last call. Document Quality: The document got good reviews from AVTcore members including SRTP and security experts. Personnel: Roni Even is the Document Shepherd and the Responsible Area Director is Robert Sparks. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The shepherd reviewed the document very carefully in version -03 (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? This document got a good review by key people from AVTcore including SRTP experts. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. No need for any such review. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. No concerns (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? Yes, the shepherd has confirmed with all authors. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No IPR disclosure (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? There was a strong consensus that header extension encryption is needed and this document is already referenced by new RTP header extensions in RFC6464 and RFC6465. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. No ID nits in this document. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. Not applicable (13) Have all references within this document been identified as either normative or informative? yes (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? no (15) Are there downward normative references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. no (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. This document updates RFC3711 and it appears in the title page header, listed in the abstract and discussed in the introduction section. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). This document defines a new extension URI to the RTP Compact Header Extensions sub-registry of the Real-Time Transport Protocol (RTP) Parameters registry. The registration was reviewed by the document shepherd and it follows the registration requirements. No new IANA registries are defined. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. No new IANA registries. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. No formal language. |
2012-12-17
|
03 | Amy Vezza | Note added 'Roni Even (ron.even.tlv@gmail.com) is the Document Shepherd.' |
2012-12-17
|
03 | Amy Vezza | Intended Status changed to Proposed Standard |
2012-12-17
|
03 | Amy Vezza | IESG process started in state Publication Requested |
2012-12-17
|
03 | (System) | Earlier history may be found in the Comment Log for draft-lennox-avtcore-srtp-encrypted-header-ext |
2012-10-22
|
03 | Jonathan Lennox | New version available: draft-ietf-avtcore-srtp-encrypted-header-ext-03.txt |
2012-07-16
|
02 | Jonathan Lennox | New version available: draft-ietf-avtcore-srtp-encrypted-header-ext-02.txt |
2012-02-23
|
01 | Magnus Westerlund | In WG last call since the 17th of February. |
2012-02-23
|
01 | Magnus Westerlund | IETF state changed to In WG Last Call from WG Document |
2011-10-28
|
01 | (System) | New version available: draft-ietf-avtcore-srtp-encrypted-header-ext-01.txt |
2011-06-01
|
00 | (System) | New version available: draft-ietf-avtcore-srtp-encrypted-header-ext-00.txt |