Network Working Group D. Wing, Ed. Request for Comments: 5479 Cisco Category: Informational S. Fries Siemens AG H. Tschofenig Nokia Siemens Networks F. Audet Nortel April 2009 Requirements and Analysis of Media Security Management Protocols Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract This document describes requirements for a protocol to negotiate a security context for SIP-signaled Secure RTP (SRTP) media. In addition to the natural security requirements, this negotiation protocol must interoperate well with SIP in certain ways. A number of proposals have been published and a summary of these proposals is in the appendix of this document. Wing, et al. Informational [Page 1] RFC 5479 Media Security Requirements April 2009 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Attack Scenarios . . . . . . . . . . . . . . . . . . . . . . . 5 4. Call Scenarios and Requirements Considerations . . . . . . . . 7 4.1. Clipping Media before Signaling Answer . . . . . . . . . . 7 4.2. Retargeting and Forking . . . . . . . . . . . . . . . . . 8 4.3. Recording . . . . . . . . . . . . . . . . . . . . . . . . 11 4.4. PSTN Gateway . . . . . . . . . . . . . . . . . . . . . . . 12 4.5. Call Setup Performance . . . . . . . . . . . . . . . . . . 12 4.6. Transcoding . . . . . . . . . . . . . . . . . . . . . . . 13 4.7. Upgrading to SRTP . . . . . . . . . . . . . . . . . . . . 13 4.8. Interworking with Other Signaling Protocols . . . . . . . 14 4.9. Certificates . . . . . . . . . . . . . . . . . . . . . . . 14 5. Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 14 5.1. Key Management Protocol Requirements . . . . . . . . . . . 15 5.2. Security Requirements . . . . . . . . . . . . . . . . . . 16 5.3. Requirements outside of the Key Management Protocol . . . 19 6. Security Considerations . . . . . . . . . . . . . . . . . . . 20 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 20 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 20 8.1. Normative References . . . . . . . . . . . . . . . . . . . 20 8.2. Informative References . . . . . . . . . . . . . . . . . . 21 Appendix A. Overview and Evaluation of Existing Keying Mechanisms . . . . . . . . . . . . . . . . . . . . . 24 A.1. Signaling Path Keying Techniques . . . . . . . . . . . . . 25 A.1.1. MIKEY-NULL . . . . . . . . . . . . . . . . . . . . . . 25 A.1.2. MIKEY-PSK . . . . . . . . . . . . . . . . . . . . . . 25 A.1.3. MIKEY-RSA . . . . . . . . . . . . . . . . . . . . . . 25 A.1.4. MIKEY-RSA-R . . . . . . . . . . . . . . . . . . . . . 25 A.1.5. MIKEY-DHSIGN . . . . . . . . . . . . . . . . . . . . . 26 A.1.6. MIKEY-DHHMAC . . . . . . . . . . . . . . . . . . . . . 26 A.1.7. MIKEY-ECIES and MIKEY-ECMQV (MIKEY-ECC) . . . . . . . 26 A.1.8. SDP Security Descriptions with SIPS . . . . . . . . . 26 A.1.9. SDP Security Descriptions with S/MIME . . . . . . . . 27 A.1.10. SDP-DH (Expired) . . . . . . . . . . . . . . . . . . . 27 A.1.11. MIKEYv2 in SDP (Expired) . . . . . . . . . . . . . . . 27 A.2. Media Path Keying Technique . . . . . . . . . . . . . . . 27 A.2.1. ZRTP . . . . . . . . . . . . . . . . . . . . . . . . . 27 A.3. Signaling and Media Path Keying Techniques . . . . . . . . 28 A.3.1. EKT . . . . . . . . . . . . . . . . . . . . . . . . . 28 A.3.2. DTLS-SRTP . . . . . . . . . . . . . . . . . . . . . . 28
[include full document text]
datatracker.ietf.org