[Docs] [txt|pdf|xml] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02

DISPATCH Working Group                                       A. Johnston
Internet-Draft                                                     Avaya
Intended status: Standards Track                                B. Aboba
Expires: January 22, 2016                                      Microsoft
                                                               A. Hutton
                                                                L. Liess
                                                        Deutsche Telekom
                                                                T. Stach
                                                           July 21, 2015

   An Opportunistic Approach for Secure Real-time Transport Protocol


   Opportunistic Secure Real-time Transport Protocol (OSRTP) allows
   encrypted media to be used in environments where support for
   encryption is not known in advance, and not required.  OSRTP is an
   implementation of Opportunistic Security, as defined in RFC 7435.
   OSRTP does not require advanced SDP extensions or features and is
   fully backwards compatible with existing secure and insecure
   implementations.  OSRTP is not specific to any key management
   technique for SRTP.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 22, 2016.

Johnston, et al.        Expires January 22, 2016                [Page 1]

Internet-Draft                    OSRTP                        July 2015

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Requirements Language . . . . . . . . . . . . . . . . . . . .   3
   3.  Definition of Opportunistic Security for SRTP . . . . . . . .   3
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   5.  Implementation Status . . . . . . . . . . . . . . . . . . . .   4
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .   5
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   5
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   5
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   7
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   7

1.  Introduction

   Opportunistic Security [RFC7435] (OS) is an approach to security that
   defines a third mode for security between "cleartext" and
   "comprehensive protection" that allows encryption and authentication
   to be used if supported but will not result in failures if it is not
   supported.  In terms of secure media, cleartext is RTP [RFC3550]
   media which is negotiated with the AVP (Audio Video Profile) profile
   defined [RFC3551].  Comprehensive protection is Secure RTP [RFC3711],
   negotiated with a secure profile, such as SAVP or SAVPF [RFC5124].
   OSRTP allows SRTP to be negotiated with the AVP profile, with
   fallback to RTP if SRTP is not supported.

   There have been some extensions to SDP to allow profiles to be
   negotiated; however, these approaches are complex and have very
   limited deployment in communication systems.  Other key management
   protocols for SRTP have been developed which by design use OS, such
   as ZRTP [RFC6189].  This approach for OSRTP is based on
   [I-D.kaplan-mmusic-best-effort-srtp] where it was called "best effort

Johnston, et al.        Expires January 22, 2016                [Page 2]

Internet-Draft                    OSRTP                        July 2015

   SRTP".  [I-D.kaplan-mmusic-best-effort-srtp] has a full discussion of
   the motivation and requirements for opportunistic secure media.

   OSRTP uses the presence of SRTP keying-related attributes in an SDP
   offer to indicate support for opportunistic secure media.  The
   presence of SRTP keying-related attributes in the SDP answer
   indicates that the other party also supports OSRTP and encrypted and
   authenticated media will be used.  OSRTP requires no additional
   extensions to SDP or new attributes and is defined independently of
   the key agreement mechanism used.  OSRTP is only usable when media is
   negotiated using the Offer/Answer protocol [RFC3264].

2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "OPTIONAL" in this document are to be interpreted as described in RFC
   2119 [RFC2119].

3.  Definition of Opportunistic Security for SRTP

   To indicate support for OSRTP in an SDP offer, the offerer uses the
   AVP profile [RFC3551] but includes SRTP keying attributes.  OSRTP is
   not specific to any key management technique for SRTP.  For example:

      If the offerer supports DTLS-SRTP key agreement [RFC5763], then an
      a=fingerprint attribute will be present, or

      If the offerer supports SDP Security Descriptions key agreement
      [RFC4568], then an a=crypto attribute will be present, or

      If the offerer supports MIKEY key agreement [RFC4567], then an
      a=key-mgt attribute will be present, or

      If the offerer supports ZRTP key agreement [RFC6189], then an
      a=zrtp-hash attribute will be present.

   To accept OSRTP, an answerer receiving an offer indicating support
   for OSRTP generates an SDP answer containing SRTP keying attributes
   which match one of the keying methods in the offer.  The answer MUST
   NOT contain attributes from more than one keying method, even if the
   offer contained multiple keying method attributes.  The selected SRTP
   key management approach is followed and SRTP media is used for this
   session.  If the SRTP key management fails for any reason, the media
   session MUST fail.  To decline OSRTP, the answerer generates an SDP
   answer omitting SRTP keying attributes, and the media session
   proceeds with RTP with no encryption or authentication used.

Johnston, et al.        Expires January 22, 2016                [Page 3]

Internet-Draft                    OSRTP                        July 2015

   If the offerer of OSRTP receives an SDP answer which does not contain
   SRTP keying attributes, then the media session proceeds with RTP.  If
   the SDP answer contains SRTP keying attributes, then that particular
   SRTP key management approach is followed and SRTP media is used for
   this session.  If the SRTP key management fails, the media session
   MUST fail.

   It is important to note that OSRTP makes no changes, and has no
   effect on media sessions in which the offer contains a secure profile
   of RTP, such as SAVP or SAVPF.  As discussed in [RFC7435], this is
   the "comprehensive protection" for media mode.

4.  Security Considerations

   The security considerations of [RFC7435] apply to OSRTP, as well as
   the security considerations of the particular SRTP key agreement
   approach used.  However, the authentication requirements of a
   particular SRTP key agreement approach are relaxed when that key
   agreement is used with OSRTP.  For example:

      For DTLS-SRTP key agreement [RFC5763], an authenticated signaling
      channel does not need to be used with OSRTP if it is not

      For SDP Security Descriptions key agreement [RFC4568], an
      authenticated signaling channel does not need to be used with
      OSRTP if it is not available, although an encrypted signaling
      channel must still be used.

      For MIKEY key agreement [RFC4567], the exact requirements vary by
      mode, but in general, any authenticated signaling requirements are

      For ZRTP key agreement [RFC6189], the security considerations are
      unchanged, since ZRTP does not rely on the security of the
      signaling channel.

   As discussed in [RFC7435], OSRTP is used in cases where support for
   encryption by the other party is not known in advance, and not
   required.  For cases where it is known that the other party supports
   SRTP or SRTP needs to be used, OSRTP MUST NOT be used.  Instead, a
   secure profile of RTP is used in the offer.

5.  Implementation Status

   Note to RFC Editor: Please remove this entire section prior to
   publication, including the reference to [RFC6982].

Johnston, et al.        Expires January 22, 2016                [Page 4]

Internet-Draft                    OSRTP                        July 2015

   This section records the status of known implementations of the
   protocol defined by this specification at the time of posting of this
   Internet-Draft, and is based on a proposal described in [RFC6982].
   The description of implementations in this section is intended to
   assist the IETF in its decision processes in progressing drafts to
   RFCs.  Please note that the listing of any individual implementation
   here does not imply endorsement by the IETF.  Furthermore, no effort
   has been spent to verify the information presented here that was
   supplied by IETF contributors.  This is not intended as, and must not
   be construed to be, a catalog of available implementations or their
   features.  Readers are advised to note that other implementations may

   According to [RFC6982], "this will allow reviewers and working groups
   to assign due consideration to documents that have the benefit of
   running code, which may serve as evidence of valuable experimentation
   and feedback that have made the implemented protocols more mature.
   It is up to the individual working groups to use this information as
   they see fit".

   There are implementations of [I-D.kaplan-mmusic-best-effort-srtp] in
   deployed products by Microsoft and Unify.  The IMTC "Best Practices
   for SIP Security" document [IMTC-SIP] recommends this approach.  The
   SIP Forum plans to include support in the SIPconnect 2.0 SIP trunking
   recommendation [SIPCONNECT] which is under development.  There are
   many deployments of ZRTP [RFC6189].

6.  Acknowledgements

   This document is dedicated to our friend and colleague Francois Audet
   who is greatly missed in our community.  His work on improving
   security in SIP and RTP provided the foundation for this work.

   Thanks to Eric Rescorla, Martin Thomson, and Richard Barnes for their

7.  References

7.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3264]  Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
              with Session Description Protocol (SDP)", RFC 3264,
              DOI 10.17487/RFC3264, June 2002,

Johnston, et al.        Expires January 22, 2016                [Page 5]

Internet-Draft                    OSRTP                        July 2015

   [RFC3550]  Schulzrinne, H., Casner, S., Frederick, R., and V.
              Jacobson, "RTP: A Transport Protocol for Real-Time
              Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550,
              July 2003, <http://www.rfc-editor.org/info/rfc3550>.

   [RFC3551]  Schulzrinne, H. and S. Casner, "RTP Profile for Audio and
              Video Conferences with Minimal Control", STD 65, RFC 3551,
              DOI 10.17487/RFC3551, July 2003,

   [RFC3711]  Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K.
              Norrman, "The Secure Real-time Transport Protocol (SRTP)",
              RFC 3711, DOI 10.17487/RFC3711, March 2004,

   [RFC4567]  Arkko, J., Lindholm, F., Naslund, M., Norrman, K., and E.
              Carrara, "Key Management Extensions for Session
              Description Protocol (SDP) and Real Time Streaming
              Protocol (RTSP)", RFC 4567, DOI 10.17487/RFC4567, July
              2006, <http://www.rfc-editor.org/info/rfc4567>.

   [RFC4568]  Andreasen, F., Baugher, M., and D. Wing, "Session
              Description Protocol (SDP) Security Descriptions for Media
              Streams", RFC 4568, DOI 10.17487/RFC4568, July 2006,

   [RFC5124]  Ott, J. and E. Carrara, "Extended Secure RTP Profile for
              Real-time Transport Control Protocol (RTCP)-Based Feedback
              (RTP/SAVPF)", RFC 5124, DOI 10.17487/RFC5124, February
              2008, <http://www.rfc-editor.org/info/rfc5124>.

   [RFC5763]  Fischl, J., Tschofenig, H., and E. Rescorla, "Framework
              for Establishing a Secure Real-time Transport Protocol
              (SRTP) Security Context Using Datagram Transport Layer
              Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May
              2010, <http://www.rfc-editor.org/info/rfc5763>.

   [RFC6189]  Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP:
              Media Path Key Agreement for Unicast Secure RTP",
              RFC 6189, DOI 10.17487/RFC6189, April 2011,

   [RFC7435]  Dukhovni, V., "Opportunistic Security: Some Protection
              Most of the Time", RFC 7435, DOI 10.17487/RFC7435,
              December 2014, <http://www.rfc-editor.org/info/rfc7435>.

Johnston, et al.        Expires January 22, 2016                [Page 6]

Internet-Draft                    OSRTP                        July 2015

7.2.  Informative References

              Audet, F. and H. Kaplan, "Session Description Protocol
              (SDP) Offer/Answer Negotiation For Best-Effort Secure
              Real-Time Transport Protocol", draft-kaplan-mmusic-best-
              effort-srtp-01 (work in progress), October 2006.

              "Best Practices for SIP Security", IMTC SIP Parity
              Group http://www.imtc.org/uc/sip-parity-activity-group/,
              2011, <http://www.imtc.org>.

   [RFC6982]  Sheffer, Y. and A. Farrel, "Improving Awareness of Running
              Code: The Implementation Status Section", RFC 6982,
              DOI 10.17487/RFC6982, July 2013,

              "SIP-PBX / Service Provider Interoperability SIPconnect
              2.0 - DRAFT Technical Recommendation", SIP
              Forum http://www.sipforum.org/content/view/179/213/, 2015,

Authors' Addresses

   Alan Johnston
   St. Louis, MO

   Email: alan.b.johnston@gmail.com

   Bernard Aboba
   One Microsoft Way
   Redmond, WA  98052

   Email: bernard.aboba@gmail.com

Johnston, et al.        Expires January 22, 2016                [Page 7]

Internet-Draft                    OSRTP                        July 2015

   Andy Hutton
   Technology Drive
   Nottingham  NG9 1LA

   Email: andrew.hutton@unify.com

   Laura Liess
   Deutsche Telekom
   Heinrich-Hertz-Strasse 3-7
   Darmstadt  64295

   Email: laura.liess.dt@googlemail.com

   Thomas Stach

   Email: thomass.stach@gmail.com

Johnston, et al.        Expires January 22, 2016                [Page 8]

Html markup produced by rfcmarkup 1.129c, available from https://tools.ietf.org/tools/rfcmarkup/