ZRTP: Media Path Key Agreement for Unicast Secure RTP
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: Internet Architecture Board <email@example.com>, RFC Editor <firstname.lastname@example.org> Subject: Document Action: 'ZRTP: Media Path Key Agreement for Unicast Secure RTP' to Informational RFC The IESG has approved the following document: - 'ZRTP: Media Path Key Agreement for Unicast Secure RTP ' <draft-zimmermann-avt-zrtp-22.txt> as an Informational RFC This document has been reviewed in the IETF but is not the product of an IETF Working Group. The IESG contact person is Robert Sparks. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-zimmermann-avt-zrtp-22.txt
Technical Summary This document defines ZRTP, a protocol for media path Diffie-Hellman exchange to agree on a session key and parameters for establishing Secure Real-time Transport Protocol (SRTP) sessions for VoIP applications. The ZRTP protocol is media path keying because it is multiplexed on the same port as RTP and does not require support in the signaling protocol. ZRTP does not assume a Public Key Infrastructure (PKI) or require the complexity of certificates in end devices. For the media session, ZRTP provides confidentiality, protection against man-in-the-middle (MiTM) attacks, and, in cases where the signaling protocol provides end-to-end integrity protection, authentication. ZRTP can utilize a Session Description Protocol (SDP) attribute to provide discovery and authentication through the signaling channel. To provide best effort SRTP, ZRTP utilizes normal RTP/AVP profiles. ZRTP secures media sessions which include a voice media stream, and can also secure media sessions which do not include voice by using an optional digital signature. IETF Discussion Summary This protocol was proposed as a solution for keying SRTP and received significant review and discussion while it was being considered. The IETF chose a different proposal (draft-ietf-avt-dtls-srtp) to publish as Proposed Standard. Document Quality There are multiple implementations of this protocol. A reference implementation of ZRTP is available as Zfone.