Technical Summary
For broadcast or multicast use of SRTP, for instance in
group conferencing, symmetric key based (group key based)
message integrity is not sufficient. For data origin
authentication, some type of digital signature based
technique is typically necessary. TESLA is a MAC-based data
origin authentication algorithm that uses delayed key
disclosure to amortize the cost of digital signatures, and
can also work without using signatures. This document
specifies the use of TESLA with the SRTP protocol.
Working Group Summary
Historically, there have been arguments in the MSEC WG
(and in SMuG RG) around the TESLA loose time synchronization
requirement. The MSEC WG determined that this requirement was
acceptable. The loose time synchronization in TESLA comes with
strict requirements on packet integrity verification. In that
context, there was a contentious discussion around whether to
drop packets arriving too late (w.r.t. time synchronization
requirement). The discussion was around "MUST" vs. "MAY", and
the WG finally settled on "SHOULD."
Protocol Quality
TESLA has generally received a fairly thorough review within
the MSEC WG, and there is at least one implementation. TESLA-SRTP
has been reviewed thoroughly by the MSEC WG, and positive feedback
was received after a review by the AVT WG. There are no known
implementations of TESLA-SRTP.
This document was reviewed by Russ Housley for the IESG.