draft-ietf-perc-double-11.txt   draft-ietf-perc-double-12.txt 
Network Working Group C. Jennings Network Working Group C. Jennings
Internet-Draft P. Jones Internet-Draft P. Jones
Intended status: Standards Track R. Barnes Intended status: Standards Track R. Barnes
Expires: January 9, 2020 Cisco Systems Expires: March 1, 2020 Cisco Systems
A. Roach A. Roach
Mozilla Mozilla
July 8, 2019 August 29, 2019
SRTP Double Encryption Procedures SRTP Double Encryption Procedures
draft-ietf-perc-double-11 draft-ietf-perc-double-12
Abstract Abstract
In some conferencing scenarios, it is desirable for an intermediary In some conferencing scenarios, it is desirable for an intermediary
to be able to manipulate some parameters in Real Time Protocol (RTP) to be able to manipulate some parameters in Real Time Protocol (RTP)
packets, while still providing strong end-to-end security guarantees. packets, while still providing strong end-to-end security guarantees.
This document defines a cryptographic transform for the Secure Real This document defines a cryptographic transform for the Secure Real
Time Protocol (SRTP) that uses two separate but related cryptographic Time Protocol (SRTP) that uses two separate but related cryptographic
operations to provide hop-by-hop and end-to-end security guarantees. operations to provide hop-by-hop and end-to-end security guarantees.
Both the end-to-end and hop-by-hop cryptographic algorithms can Both the end-to-end and hop-by-hop cryptographic algorithms can
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on January 9, 2020. This Internet-Draft will expire on March 1, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 27 skipping to change at page 2, line 27
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Cryptographic Context . . . . . . . . . . . . . . . . . . . . 4 3. Cryptographic Context . . . . . . . . . . . . . . . . . . . . 4
3.1. Key Derivation . . . . . . . . . . . . . . . . . . . . . 5 3.1. Key Derivation . . . . . . . . . . . . . . . . . . . . . 5
4. Original Header Block . . . . . . . . . . . . . . . . . . . . 5 4. Original Header Block . . . . . . . . . . . . . . . . . . . . 5
5. RTP Operations . . . . . . . . . . . . . . . . . . . . . . . 6 5. RTP Operations . . . . . . . . . . . . . . . . . . . . . . . 6
5.1. Encrypting a Packet . . . . . . . . . . . . . . . . . . . 7 5.1. Encrypting a Packet . . . . . . . . . . . . . . . . . . . 7
5.2. Relaying a Packet . . . . . . . . . . . . . . . . . . . . 8 5.2. Relaying a Packet . . . . . . . . . . . . . . . . . . . . 8
5.3. Decrypting a Packet . . . . . . . . . . . . . . . . . . . 9 5.3. Decrypting a Packet . . . . . . . . . . . . . . . . . . . 9
6. RTCP Operations . . . . . . . . . . . . . . . . . . . . . . . 10 6. RTCP Operations . . . . . . . . . . . . . . . . . . . . . . . 10
7. Use with Other RTP Mechanisms . . . . . . . . . . . . . . . . 10 7. Use with Other RTP Mechanisms . . . . . . . . . . . . . . . . 11
7.1. RTP Retransmission (RTX) . . . . . . . . . . . . . . . . 11 7.1. RTP Retransmission (RTX) . . . . . . . . . . . . . . . . 11
7.2. Redundant Audio Data (RED) . . . . . . . . . . . . . . . 11 7.2. Redundant Audio Data (RED) . . . . . . . . . . . . . . . 11
7.3. Forward Error Correction (FEC) . . . . . . . . . . . . . 12 7.3. Forward Error Correction (FEC) . . . . . . . . . . . . . 12
7.4. DTMF . . . . . . . . . . . . . . . . . . . . . . . . . . 12 7.4. DTMF . . . . . . . . . . . . . . . . . . . . . . . . . . 12
8. Recommended Inner and Outer Cryptographic Algorithms . . . . 12 8. Recommended Inner and Outer Cryptographic Algorithms . . . . 12
9. Security Considerations . . . . . . . . . . . . . . . . . . . 13 9. Security Considerations . . . . . . . . . . . . . . . . . . . 13
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
10.1. DTLS-SRTP . . . . . . . . . . . . . . . . . . . . . . . 14 10.1. DTLS-SRTP . . . . . . . . . . . . . . . . . . . . . . . 14
11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 15
12.1. Normative References . . . . . . . . . . . . . . . . . . 15 12.1. Normative References . . . . . . . . . . . . . . . . . . 15
12.2. Informative References . . . . . . . . . . . . . . . . . 16 12.2. Informative References . . . . . . . . . . . . . . . . . 16
Appendix A. Encryption Overview . . . . . . . . . . . . . . . . 17 Appendix A. Encryption Overview . . . . . . . . . . . . . . . . 17
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18
1. Introduction 1. Introduction
skipping to change at page 7, line 34 skipping to change at page 7, line 34
3. Form a synthetic RTP packet with the following contents: 3. Form a synthetic RTP packet with the following contents:
* Header: The RTP header of the original packet with the * Header: The RTP header of the original packet with the
following modifications: following modifications:
* The X bit is set to zero * The X bit is set to zero
* The header is truncated to remove any extensions (i.e., keep * The header is truncated to remove any extensions (i.e., keep
only the first 12 + 4 * CC bytes of the header) only the first 12 + 4 * CC bytes of the header)
* Payload: The RTP payload of the original packet * Payload: The RTP payload of the original packet (including
padding when present)
4. Apply the inner cryptographic algorithm to the synthetic RTP 4. Apply the inner cryptographic algorithm to the synthetic RTP
packet from the previous step. packet from the previous step.
5. Replace the header of the protected RTP packet with the header of 5. Replace the header of the protected RTP packet with the header of
the original packet (to restore any header extensions and reset the original packet (to restore any header extensions and reset
the X bit), and append an empty OHB (0x00) to the encrypted the X bit), and append an empty OHB (0x00) to the encrypted
payload (with the authentication tag) obtained from the step 4. payload (with the authentication tag) obtained from the step 4.
6. Apply the outer cryptographic algorithm to the RTP packet. If 6. Apply the outer cryptographic algorithm to the RTP packet. If
skipping to change at page 16, line 33 skipping to change at page 16, line 33
[I-D.ietf-perc-private-media-framework] [I-D.ietf-perc-private-media-framework]
Jones, P., Benham, D., and C. Groves, "A Solution Jones, P., Benham, D., and C. Groves, "A Solution
Framework for Private Media in Privacy Enhanced RTP Framework for Private Media in Privacy Enhanced RTP
Conferencing (PERC)", draft-ietf-perc-private-media- Conferencing (PERC)", draft-ietf-perc-private-media-
framework-12 (work in progress), June 2019. framework-12 (work in progress), June 2019.
[I-D.ietf-perc-srtp-ekt-diet] [I-D.ietf-perc-srtp-ekt-diet]
Jennings, C., Mattsson, J., McGrew, D., Wing, D., and F. Jennings, C., Mattsson, J., McGrew, D., Wing, D., and F.
Andreasen, "Encrypted Key Transport for DTLS and Secure Andreasen, "Encrypted Key Transport for DTLS and Secure
RTP", draft-ietf-perc-srtp-ekt-diet-09 (work in progress), RTP", draft-ietf-perc-srtp-ekt-diet-10 (work in progress),
October 2018. July 2019.
[I-D.ietf-rtcweb-fec] [I-D.ietf-rtcweb-fec]
Uberti, J., "WebRTC Forward Error Correction Uberti, J., "WebRTC Forward Error Correction
Requirements", draft-ietf-rtcweb-fec-09 (work in Requirements", draft-ietf-rtcweb-fec-10 (work in
progress), July 2019. progress), July 2019.
[RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V., [RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V.,
Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse- Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse-
Parisis, "RTP Payload for Redundant Audio Data", RFC 2198, Parisis, "RTP Payload for Redundant Audio Data", RFC 2198,
DOI 10.17487/RFC2198, September 1997, DOI 10.17487/RFC2198, September 1997,
<https://www.rfc-editor.org/info/rfc2198>. <https://www.rfc-editor.org/info/rfc2198>.
[RFC4588] Rey, J., Leon, D., Miyazaki, A., Varsa, V., and R. [RFC4588] Rey, J., Leon, D., Miyazaki, A., Varsa, V., and R.
Hakenberg, "RTP Retransmission Payload Format", RFC 4588, Hakenberg, "RTP Retransmission Payload Format", RFC 4588,
 End of changes. 9 change blocks. 
10 lines changed or deleted 11 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/