Securing the RTP Framework: Why RTP Does Not Mandate a Single Media Security Solution
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, avtcore mailing list <email@example.com>, avtcore chair <firstname.lastname@example.org> Subject: Document Action: 'Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution' to Informational RFC (draft-ietf-avt-srtp-not-mandatory-16.txt) The IESG has approved the following document: - 'Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution' (draft-ietf-avt-srtp-not-mandatory-16.txt) as Informational RFC This document is the product of the Audio/Video Transport Core Maintenance Working Group. The IESG contact persons are Richard Barnes and Gonzalo Camarillo. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-avt-srtp-not-mandatory/
Technical Summary This memo discusses the problem of securing real-time multimedia sessions, and explains why the Real-time Transport Protocol (RTP), and the associated RTP Control Protocol (RTCP), do not mandate a single media security mechanism. Guidelines for designers and reviewers of future RTP extensions are provided, to ensure that appropriate security mechanisms are mandated, and that any such mechanisms are specified in a manner that conforms with the RTP architecture. Working Group Summary This document was already in IESG review and there were concerns from the Security area suggesting that there will be also a document describing the security options. It came back to the AVTcore WG and there is also the security option document that complements this document. It was reviewed by the WG members and the WG security experts and there are no issues from the WG that is worth noting. Document Quality This document is an informational document and I would like to mention that Dan Wing and Alan Johnston did a review and made helpful comments that helped with the quality of the document. There are of course implementations of the media security solutions including SRTP with SDES and DTLS SRTO but this document is only explain why we do not mandate a single solution. Personnel Document Shepherd is Roni Even and the responsible AD is Richard Barnes.