DTLS Tunnel between a Media Distributor and Key Distributor to Facilitate Key Exchange
draft-ietf-perc-dtls-tunnel-07
Network Working Group P. Jones
Internet-Draft Cisco Systems
Intended status: Informational P. Ellenbogen
Expires: August 14, 2021 Princeton University
N. Ohlmeier
Mozilla
February 10, 2021
DTLS Tunnel between a Media Distributor and Key Distributor to
Facilitate Key Exchange
draft-ietf-perc-dtls-tunnel-07
Abstract
This document defines a DTLS tunneling protocol for use in multimedia
conferences that enables a Media Distributor to facilitate key
exchange between an endpoint in a conference and the Key Distributor.
The protocol is designed to ensure that the keying material used for
hop-by-hop encryption and authentication is accessible to the media
distributor, while the keying material used for end-to-end encryption
and authentication is inaccessible to the media distributor.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 14, 2021.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
Jones, et al. Expires August 14, 2021 [Page 1]
Internet-Draft DTLS Tunnel for PERC February 2021
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Conventions Used In This Document . . . . . . . . . . . . . . 3
3. Tunneling Concept . . . . . . . . . . . . . . . . . . . . . . 3
4. Example Message Flows . . . . . . . . . . . . . . . . . . . . 4
5. Tunneling Procedures . . . . . . . . . . . . . . . . . . . . 6
5.1. Endpoint Procedures . . . . . . . . . . . . . . . . . . . 6
5.2. Tunnel Establishment Procedures . . . . . . . . . . . . . 6
5.3. Media Distributor Tunneling Procedures . . . . . . . . . 7
5.4. Key Distributor Tunneling Procedures . . . . . . . . . . 8
5.5. Versioning Considerations . . . . . . . . . . . . . . . . 9
6. Tunneling Protocol . . . . . . . . . . . . . . . . . . . . . 10
6.1. Tunnel Message Format . . . . . . . . . . . . . . . . . . 10
7. Example Binary Encoding . . . . . . . . . . . . . . . . . . . 13
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
9. Security Considerations . . . . . . . . . . . . . . . . . . . 14
10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
11.1. Normative References . . . . . . . . . . . . . . . . . . 15
11.2. Informative References . . . . . . . . . . . . . . . . . 16
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction
An objective of Privacy-Enhanced RTP Conferencing (PERC) [RFC8871] is
to ensure that endpoints in a multimedia conference have access to
the end-to-end (E2E) and hop-by-hop (HBH) keying material used to
encrypt and authenticate Real-time Transport Protocol (RTP) [RFC3550]
packets, while the Media Distributor has access only to the hop-by-
hop (HBH) keying material for encryption and authentication.
This specification defines a tunneling protocol that enables the
media distributor to tunnel DTLS [RFC6347] messages between an
endpoint and the key distributor, thus allowing an endpoint to use
DTLS-SRTP [RFC5764] for establishing encryption and authentication
keys with the key distributor.
The tunnel established between the media distributor and key
Show full document text