An Opportunistic Approach for Secure Real-time Transport Protocol (OSRTP)
draft-johnston-dispatch-osrtp-00
This document is an Internet-Draft (I-D).
Anyone may submit an I-D to the IETF.
This I-D is not endorsed by the IETF and has no formal standing in the
IETF standards process.
The information below is for an old version of the document.
| Document | Type |
This is an older version of an Internet-Draft whose latest revision state is "Expired".
|
|
|---|---|---|---|
| Authors | Alan Johnston , Dr. Bernard D. Aboba , Andrew Hutton , Laura Liess , Thomas Stach | ||
| Last updated | 2015-07-06 | ||
| RFC stream | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | I-D Exists | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
draft-johnston-dispatch-osrtp-00
DISPATCH Working Group A. Johnston
Internet-Draft Avaya
Intended status: Standards Track B. Aboba
Expires: January 7, 2016 Microsoft
A. Hutton
Unify
L. Liess
Deutsche Telekom
T. Stach
Unaffiliated
July 6, 2015
An Opportunistic Approach for Secure Real-time Transport Protocol
(OSRTP)
draft-johnston-dispatch-osrtp-00
Abstract
Opportunistic Secure Real-time Transport Protocol (OSRTP) allows
encrypted media to be used in environments where support for
encryption is not known in advance, and not required. OSRTP is an
implementation of Opportunistic Security, as defined in RFC 7435.
OSRTP does not require advanced SDP extensions or features and is
fully backwards compatible with existing secure and insecure
implementations. OSRTP is not specific to any key management
technique for SRTP.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 7, 2016.
Johnston, et al. Expires January 7, 2016 [Page 1]
Internet-Draft OSRTP July 2015
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. Definition of Opportunistic Security for SRTP . . . . . . . . 3
4. Security Considerations . . . . . . . . . . . . . . . . . . . 4
5. Implementation Status . . . . . . . . . . . . . . . . . . . . 5
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 5
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 5
7.1. Normative References . . . . . . . . . . . . . . . . . . 5
7.2. Informative References . . . . . . . . . . . . . . . . . 6
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction
Opportunistic Security [RFC7435] (OS) is an approach to security that
defines a third mode for security between "cleartext" and
"comprehensive protection" that allows encryption and authentication
to be used if supported but will not result in failures if it is not
supported. In terms of secure media, cleartext is RTP [RFC3550]
media which is negotiated with the AVP (Audio Video Profile) profile
defined [RFC3551]. Comprehensive protection is Secure RTP [RFC3711],
negotiated with a secure profile, such as SAVP or SAVPF [RFC5124].
OSRTP allows SRTP to be negotiated with the AVP profile, with
fallback to RTP if SRTP is not supported.
There have been some extensions to SDP to allow profiles to be
negotiated; however, these approaches are complex and have very
limited deployment in communication systems. Other key management
protocols for SRTP have been developed which by design use OS, such
as ZRTP [RFC6189]. This approach for OSRTP is based on
[I-D.kaplan-mmusic-best-effort-srtp] where it was called "best effort
Johnston, et al. Expires January 7, 2016 [Page 2]
Internet-Draft OSRTP July 2015
SRTP". [I-D.kaplan-mmusic-best-effort-srtp] has a full discussion of
the motivation and requirements for opportunistic secure media.
OSRTP uses the presence of SRTP keying-related attributes in an SDP
offer to indicate support for opportunistic secure media. The
presence of SRTP keying-related attributes in the SDP answer
indicates that the other party also supports OSRTP and encrypted and
authenticated media will be used. OSRTP requires no additional
extensions to SDP or new attributes and is defined independently of
the key agreement mechanism used. OSRTP is only usable when media is
negotiated using the Offer/Answer protocol [RFC3264].
2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in RFC
2119 [RFC2119].
3. Definition of Opportunistic Security for SRTP
To indicate support for OSRTP in an SDP offer, the offerer uses the
AVP profile [RFC3551] but includes SRTP keying attributes. OSRTP is
not specific to any key management technique for SRTP. For example:
If the offerer supports DTLS-SRTP key agreement [RFC5763], then an
a=fingerprint attribute will be present, or
If the offerer supports SDP Security Descriptions key agreement
[RFC4568], then an a=crypto attribute will be present, or
If the offerer supports MIKEY key agreement [RFC4567], then an
a=key-mgt attribute will be present, or
If the offerer supports ZRTP key agreement [RFC6189], then an
a=zrtp-hash attribute will be present.
To accept OSRTP, an answerer receiving an offer indicating support
for OSRTP generates an SDP answer containing SRTP keying attributes
which match those in the offer. The selected SRTP key management
approach is followed and SRTP media is used for this session. If the
SRTP key management fails for any reason (such as a protocol error or
a failure to retrieve a key) the session will fallback to RTP with
unencrypted and unauthenticated media. To decline OSRTP, the
answerer generates an SDP answer omitting SRTP keying attributes, and
the media session proceeds with RTP with no encryption or
authentication used.
Johnston, et al. Expires January 7, 2016 [Page 3]
Internet-Draft OSRTP July 2015
If the offerer of OSRTP receives an SDP answer which does not contain
SRTP keying attributes, then the media session proceeds with RTP. If
the SDP answer contains SRTP keying attributes, then that particular
SRTP key management approach is followed and SRTP media is used for
this session. If the SRTP key management fails (for example, due to
a protocol error or a failure to retrieve a key), the session will
fallback to RTP with unencrypted and unauthenticated media.
It is important to note that OSRTP makes no changes, and has no
effect on media sessions in which the offer contains a secure profile
of RTP, such as SAVP or SAVPF. As discussed in [RFC7435], this is
the "comprehensive protection" for media mode.
4. Security Considerations
The security considerations of [RFC7435] apply to OSRTP, as well as
the security considerations of the particular SRTP key agreement
approach used. However, the authentication requirements of a
particular SRTP key agreement approach are relaxed when that key
agreement is used with OSRTP. For example:
For DTLS-SRTP key agreement [RFC5763], an authenticated signaling
channel does not need to be used with OSRTP if it is not
available.
For SDP Security Descriptions key agreement [RFC4568], an
authenticated signaling channel does not need to be used with
OSRTP if it is not available, although an encrypted signaling
channel must still be used.
For MIKEY key agreement [RFC4567], the exact requirements vary by
mode, but in general, any authenticated signaling requirements are
relaxed.
For ZRTP key agreement [RFC6189], the security considerations are
unchanged, since ZRTP does not rely on the security of the
signaling channel.
As discussed in [RFC7435], OSRTP is used in cases where support for
encryption by the other party is not known in advance, and not
required. For cases where it is known that the other party supports
SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a
secure profile of RTP is used in the offer.
Johnston, et al. Expires January 7, 2016 [Page 4]
Internet-Draft OSRTP July 2015
5. Implementation Status
Note to RFC Editor: Please remove this entire section prior to
publication, including the reference to [RFC6982].
This section records the status of known implementations of the
protocol defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in [RFC6982].
The description of implementations in this section is intended to
assist the IETF in its decision processes in progressing drafts to
RFCs. Please note that the listing of any individual implementation
here does not imply endorsement by the IETF. Furthermore, no effort
has been spent to verify the information presented here that was
supplied by IETF contributors. This is not intended as, and must not
be construed to be, a catalog of available implementations or their
features. Readers are advised to note that other implementations may
exist.
According to [RFC6982], "this will allow reviewers and working groups
to assign due consideration to documents that have the benefit of
running code, which may serve as evidence of valuable experimentation
and feedback that have made the implemented protocols more mature.
It is up to the individual working groups to use this information as
they see fit".
There are implementations of [I-D.kaplan-mmusic-best-effort-srtp] in
deployed products by Microsoft and Unify. The IMTC "Best Practices
for SIP Security" document [IMTC-SIP] recommends this approach. The
SIP Forum plans to include support in the SIPconnect 2.0 SIP trunking
recommendation [SIPCONNECT] which is under development. There are
many deployments of ZRTP [RFC6189].
6. Acknowledgements
This document is dedicated to our friend and colleague Francois Audet
who is greatly missed in our community. His work on improving
security in SIP and RTP provided the foundation for this work.
7. References
7.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
with Session Description Protocol (SDP)", RFC 3264, June
2002.
Johnston, et al. Expires January 7, 2016 [Page 5]
Internet-Draft OSRTP July 2015
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003.
[RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and
Video Conferences with Minimal Control", STD 65, RFC 3551,
July 2003.
[RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
Norrman, "The Secure Real-time Transport Protocol (SRTP)",
RFC 3711, March 2004.
[RFC4567] Arkko, J., Lindholm, F., Naslund, M., Norrman, K., and E.
Carrara, "Key Management Extensions for Session
Description Protocol (SDP) and Real Time Streaming
Protocol (RTSP)", RFC 4567, July 2006.
[RFC4568] Andreasen, F., Baugher, M., and D. Wing, "Session
Description Protocol (SDP) Security Descriptions for Media
Streams", RFC 4568, July 2006.
[RFC5124] Ott, J. and E. Carrara, "Extended Secure RTP Profile for
Real-time Transport Control Protocol (RTCP)-Based Feedback
(RTP/SAVPF)", RFC 5124, February 2008.
[RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework
for Establishing a Secure Real-time Transport Protocol
(SRTP) Security Context Using Datagram Transport Layer
Security (DTLS)", RFC 5763, May 2010.
[RFC6189] Zimmermann, P., Johnston, A., and J. Callas, "ZRTP: Media
Path Key Agreement for Unicast Secure RTP", RFC 6189,
April 2011.
[RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection
Most of the Time", RFC 7435, December 2014.
7.2. Informative References
[I-D.kaplan-mmusic-best-effort-srtp]
Audet, F. and H. Kaplan, "Session Description Protocol
(SDP) Offer/Answer Negotiation For Best-Effort Secure
Real-Time Transport Protocol", draft-kaplan-mmusic-best-
effort-srtp-01 (work in progress), October 2006.
Johnston, et al. Expires January 7, 2016 [Page 6]
Internet-Draft OSRTP July 2015
[IMTC-SIP]
"Best Practices for SIP Security", IMTC SIP Parity Group
http://www.imtc.org/uc/sip-parity-activity-group/, 2011,
<http://www.imtc.org>.
[RFC6982] Sheffer, Y. and A. Farrel, "Improving Awareness of Running
Code: The Implementation Status Section", RFC 6982, July
2013.
[SIPCONNECT]
"SIP-PBX / Service Provider Interoperability SIPconnect
2.0 - DRAFT Technical Recommendation", SIP Forum
http://www.sipforum.org/content/view/179/213/, 2015,
<http://www.sipforum.org>.
Authors' Addresses
Alan Johnston
Avaya
St. Louis, MO
USA
Email: alan.b.johnston@gmail.com
Bernard Aboba
Microsoft
One Microsoft Way
Redmond, WA 98052
USA
Email: bernard.aboba@gmail.com
Andy Hutton
Unify
Technology Drive
Nottingham NG9 1LA
UK
Email: andrew.hutton@unify.com
Johnston, et al. Expires January 7, 2016 [Page 7]
Internet-Draft OSRTP July 2015
Laura Liess
Deutsche Telekom
Heinrich-Hertz-Strasse 3-7
Darmstadt 64295
Germany
Email: laura.liess.dt@googlemail.com
Thomas Stach
Unaffiliated
Email: thomass.stach@gmail.com
Johnston, et al. Expires January 7, 2016 [Page 8]