Encryption of Header Extensions in the Secure Real-time Transport Protocol (SRTP)
RFC 6904
Document Type RFC - Proposed Standard (April 2013; No errata)
Updates RFC 3711
Author Jonathan Lennox 
Last updated 2018-12-20
Replaces draft-lennox-avtcore-srtp-encrypted-header-ext
Stream IETF
Formats plain text html pdf htmlized bibtex
Reviews
GENART Telechat Review (of -04): Ready
SECDIR Last Call Review (of -04): Ready
GENART Last Call Review (of -04): Ready
Stream WG state Submitted to IESG for Publication
Document shepherd Roni Even
IESG IESG state RFC 6904 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Robert Sparks
IESG note Roni Even (ron.even.tlv@gmail.com) is the Document Shepherd.
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Internet Engineering Task Force (IETF)                         J. Lennox
Request for Comments: 6904                                         Vidyo
Updates: 3711                                                 April 2013
Category: Standards Track
ISSN: 2070-1721

                    Encryption of Header Extensions
           in the Secure Real-time Transport Protocol (SRTP)

Abstract

   The Secure Real-time Transport Protocol (SRTP) provides
   authentication, but not encryption, of the headers of Real-time
   Transport Protocol (RTP) packets.  However, RTP header extensions may
   carry sensitive information for which participants in multimedia
   sessions want confidentiality.  This document provides a mechanism,
   extending the mechanisms of SRTP, to selectively encrypt RTP header
   extensions in SRTP.

   This document updates RFC 3711, the Secure Real-time Transport
   Protocol specification, to require that all future SRTP encryption
   transforms specify how RTP header extensions are to be encrypted.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc6904.

Lennox                       Standards Track                    [Page 1]
RFC 6904            Encrypted SRTP Header Extensions          April 2013

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Encryption Mechanism  . . . . . . . . . . . . . . . . . . . .   4
     3.1.  Example Encryption Mask . . . . . . . . . . . . . . . . .   6
     3.2.  Header Extension Keystream Generation for Existing
           Encryption Transforms . . . . . . . . . . . . . . . . . .   7
     3.3.  Header Extension Keystream Generation for Future
           Encryption Transforms . . . . . . . . . . . . . . . . . .   8
   4.  Signaling (Setup) Information . . . . . . . . . . . . . . . .   8
     4.1.  Backward Compatibility  . . . . . . . . . . . . . . . . .   9
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .  10
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  11
   7.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  11
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  11
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  11
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  12
   Appendix A.  Test Vectors . . . . . . . . . . . . . . . . . . . .  13
     A.1.  Key Derivation Test Vectors . . . . . . . . . . . . . . .  13
     A.2.  Header Encryption Test Vectors Using AES-CM . . . . . . .  14

Lennox                       Standards Track                    [Page 2]
RFC 6904            Encrypted SRTP Header Extensions          April 2013

1.  Introduction

   The Secure Real-time Transport Protocol [RFC3711] specification
   provides confidentiality, message authentication, and replay
   protection for multimedia payloads sent using the Real-time Protocol
   (RTP) [RFC3550].  However, in order to preserve RTP header
   compression efficiency, SRTP provides only authentication and replay
   protection for the headers of RTP packets, not confidentiality.

   For the standard portions of an RTP header, providing only
   authentication and replay protection does not normally present a
   problem, as the information carried in an RTP header does not provide
   much information beyond that which an attacker could infer by
   observing the size and timing of RTP packets.  Thus, there is little
   need for confidentiality of the header information.

   However, the security requirements can be different for information
   carried in RTP header extensions.  A number of recent proposals for
   header extensions using the mechanism described in "A General
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools