Requirements and Analysis of Media Security Management Protocols
RFC 5479
Document Type RFC - Informational (April 2009; Errata)
Last updated 2015-10-14
Replaces draft-wing-rtpsec-keying-eval, draft-wing-media-security-requirements
Stream IETF
Formats plain text pdf html bibtex
Reviews
SECDIR Last Call Review
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 5479 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Cullen Jennings
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                       D. Wing, Ed.
Request for Comments: 5479                                         Cisco
Category: Informational                                         S. Fries
                                                              Siemens AG
                                                           H. Tschofenig
                                                  Nokia Siemens Networks
                                                                F. Audet
                                                                  Nortel
                                                              April 2009

    Requirements and Analysis of Media Security Management Protocols

Status of This Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (c) 2009 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents in effect on the date of
   publication of this document (http://trustee.ietf.org/license-info).
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.

Abstract

   This document describes requirements for a protocol to negotiate a
   security context for SIP-signaled Secure RTP (SRTP) media.  In
   addition to the natural security requirements, this negotiation
   protocol must interoperate well with SIP in certain ways.  A number
   of proposals have been published and a summary of these proposals is
   in the appendix of this document.

Wing, et al.                 Informational                      [Page 1]
RFC 5479              Media Security Requirements             April 2009

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  3
   3.  Attack Scenarios . . . . . . . . . . . . . . . . . . . . . . .  5
   4.  Call Scenarios and Requirements Considerations . . . . . . . .  7
     4.1.  Clipping Media before Signaling Answer . . . . . . . . . .  7
     4.2.  Retargeting and Forking  . . . . . . . . . . . . . . . . .  8
     4.3.  Recording  . . . . . . . . . . . . . . . . . . . . . . . . 11
     4.4.  PSTN Gateway . . . . . . . . . . . . . . . . . . . . . . . 12
     4.5.  Call Setup Performance . . . . . . . . . . . . . . . . . . 12
     4.6.  Transcoding  . . . . . . . . . . . . . . . . . . . . . . . 13
     4.7.  Upgrading to SRTP  . . . . . . . . . . . . . . . . . . . . 13
     4.8.  Interworking with Other Signaling Protocols  . . . . . . . 14
     4.9.  Certificates . . . . . . . . . . . . . . . . . . . . . . . 14
   5.  Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 14
     5.1.  Key Management Protocol Requirements . . . . . . . . . . . 15
     5.2.  Security Requirements  . . . . . . . . . . . . . . . . . . 16
     5.3.  Requirements outside of the Key Management Protocol  . . . 19
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 20
   7.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 20
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 20
     8.1.  Normative References . . . . . . . . . . . . . . . . . . . 20
     8.2.  Informative References . . . . . . . . . . . . . . . . . . 21
   Appendix A.  Overview and Evaluation of Existing Keying
                Mechanisms  . . . . . . . . . . . . . . . . . . . . . 24
     A.1.  Signaling Path Keying Techniques . . . . . . . . . . . . . 25
       A.1.1.  MIKEY-NULL . . . . . . . . . . . . . . . . . . . . . . 25
       A.1.2.  MIKEY-PSK  . . . . . . . . . . . . . . . . . . . . . . 25
       A.1.3.  MIKEY-RSA  . . . . . . . . . . . . . . . . . . . . . . 25
       A.1.4.  MIKEY-RSA-R  . . . . . . . . . . . . . . . . . . . . . 25
       A.1.5.  MIKEY-DHSIGN . . . . . . . . . . . . . . . . . . . . . 26
       A.1.6.  MIKEY-DHHMAC . . . . . . . . . . . . . . . . . . . . . 26
       A.1.7.  MIKEY-ECIES and MIKEY-ECMQV (MIKEY-ECC)  . . . . . . . 26
       A.1.8.  SDP Security Descriptions with SIPS  . . . . . . . . . 26
       A.1.9.  SDP Security Descriptions with S/MIME  . . . . . . . . 27
       A.1.10. SDP-DH (Expired) . . . . . . . . . . . . . . . . . . . 27
       A.1.11. MIKEYv2 in SDP (Expired) . . . . . . . . . . . . . . . 27
     A.2.  Media Path Keying Technique  . . . . . . . . . . . . . . . 27
       A.2.1.  ZRTP . . . . . . . . . . . . . . . . . . . . . . . . . 27
     A.3.  Signaling and Media Path Keying Techniques . . . . . . . . 28
       A.3.1.  EKT  . . . . . . . . . . . . . . . . . . . . . . . . . 28
       A.3.2.  DTLS-SRTP  . . . . . . . . . . . . . . . . . . . . . . 28
       A.3.3.  MIKEYv2 Inband (Expired) . . . . . . . . . . . . . . . 29
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA