draft-ietf-sip-dtls-srtp-framework-03.txt   draft-ietf-sip-dtls-srtp-framework-04.txt 
SIP J. Fischl SIP J. Fischl
Internet-Draft CounterPath Corporation Internet-Draft CounterPath Corporation
Intended status: Standards Track H. Tschofenig Intended status: Standards Track H. Tschofenig
Expires: February 26, 2009 Nokia Siemens Networks Expires: April 4, 2009 Nokia Siemens Networks
E. Rescorla E. Rescorla
RTFM, Inc. RTFM, Inc.
August 25, 2008 October 1, 2008
Framework for Establishing an SRTP Security Context using DTLS Framework for Establishing an SRTP Security Context using DTLS
draft-ietf-sip-dtls-srtp-framework-03.txt draft-ietf-sip-dtls-srtp-framework-04.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 37 skipping to change at page 1, line 37
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on February 26, 2009. This Internet-Draft will expire on April 4, 2009.
Abstract Abstract
This document specifies how to use the Session Initiation Protocol This document specifies how to use the Session Initiation Protocol
(SIP) to establish an Secure Real-time Transport Protocol (SRTP) (SIP) to establish an Secure Real-time Transport Protocol (SRTP)
security context using the Datagram Transport Layer Security (DTLS) security context using the Datagram Transport Layer Security (DTLS)
protocol. It describes a mechanism of transporting a fingerprint protocol. It describes a mechanism of transporting a fingerprint
attribute in the Session Description Protocol (SDP) that identifies attribute in the Session Description Protocol (SDP) that identifies
the key that will be presented during the DTLS handshake. The key the key that will be presented during the DTLS handshake. The key
exchange travels along the media path as opposed to the signaling exchange travels along the media path as opposed to the signaling
skipping to change at page 2, line 15 skipping to change at page 2, line 15
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3. Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 7
5. Establishing a Secure Channel . . . . . . . . . . . . . . . . 8 5. Establishing a Secure Channel . . . . . . . . . . . . . . . . 8
6. Miscellaneous Considerations . . . . . . . . . . . . . . . . . 10 6. Miscellaneous Considerations . . . . . . . . . . . . . . . . . 10
6.1. Anonymous Calls . . . . . . . . . . . . . . . . . . . . . 10 6.1. Anonymous Calls . . . . . . . . . . . . . . . . . . . . . 10
6.2. Early Media . . . . . . . . . . . . . . . . . . . . . . . 10 6.2. Early Media . . . . . . . . . . . . . . . . . . . . . . . 11
6.3. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 11 6.3. Forking . . . . . . . . . . . . . . . . . . . . . . . . . 11
6.4. Delayed Offer Calls . . . . . . . . . . . . . . . . . . . 11 6.4. Delayed Offer Calls . . . . . . . . . . . . . . . . . . . 11
6.5. Multiple Associations . . . . . . . . . . . . . . . . . . 11 6.5. Multiple Associations . . . . . . . . . . . . . . . . . . 11
6.6. Session Modification . . . . . . . . . . . . . . . . . . . 11 6.6. Session Modification . . . . . . . . . . . . . . . . . . . 11
6.7. Middlebox Interaction . . . . . . . . . . . . . . . . . . 12 6.7. Middlebox Interaction . . . . . . . . . . . . . . . . . . 12
6.7.1. ICE Interaction . . . . . . . . . . . . . . . . . . . 12 6.7.1. ICE Interaction . . . . . . . . . . . . . . . . . . . 12
6.7.2. Latching Control Without ICE . . . . . . . . . . . . . 12 6.7.2. Latching Control Without ICE . . . . . . . . . . . . . 12
6.8. Rekeying . . . . . . . . . . . . . . . . . . . . . . . . . 13 6.8. Rekeying . . . . . . . . . . . . . . . . . . . . . . . . . 13
6.9. Conference Servers and Shared Encryptions Contexts . . . . 13 6.9. Conference Servers and Shared Encryptions Contexts . . . . 13
6.10. Media over SRTP . . . . . . . . . . . . . . . . . . . . . 13 6.10. Media over SRTP . . . . . . . . . . . . . . . . . . . . . 13
skipping to change at page 2, line 48 skipping to change at page 2, line 48
11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25
11.1. Normative References . . . . . . . . . . . . . . . . . . . 25 11.1. Normative References . . . . . . . . . . . . . . . . . . . 25
11.2. Informational References . . . . . . . . . . . . . . . . . 26 11.2. Informational References . . . . . . . . . . . . . . . . . 26
Appendix A. Requirements Analysis . . . . . . . . . . . . . . . . 28 Appendix A. Requirements Analysis . . . . . . . . . . . . . . . . 28
A.1. Forking and retargeting (R-FORK-RETARGET, A.1. Forking and retargeting (R-FORK-RETARGET,
R-BEST-SECURE, R-DISTINCT) . . . . . . . . . . . . . . . . 29 R-BEST-SECURE, R-DISTINCT) . . . . . . . . . . . . . . . . 29
A.2. Distinct Cryptographic Contexts (R-DISTINCT) . . . . . . . 29 A.2. Distinct Cryptographic Contexts (R-DISTINCT) . . . . . . . 29
A.3. Reusage of a Security Context (R-REUSE) . . . . . . . . . 29 A.3. Reusage of a Security Context (R-REUSE) . . . . . . . . . 29
A.4. Clipping (R-AVOID-CLIPPING) . . . . . . . . . . . . . . . 29 A.4. Clipping (R-AVOID-CLIPPING) . . . . . . . . . . . . . . . 29
A.5. Passive Attacks on the Media Path (R-PASS-MEDIA) . . . . . 29 A.5. Passive Attacks on the Media Path (R-PASS-MEDIA) . . . . . 29
A.6. Passive Attacks on the Signaling Path (R-PASS-SIG) . . . . 29 A.6. Passive Attacks on the Signaling Path (R-PASS-SIG) . . . . 30
A.7. (R-SIG-MEDIA, R-ACT-ACT) . . . . . . . . . . . . . . . . . 30 A.7. (R-SIG-MEDIA, R-ACT-ACT) . . . . . . . . . . . . . . . . . 30
A.8. Binding to Identifiers (R-ID-BINDING) . . . . . . . . . . 30 A.8. Binding to Identifiers (R-ID-BINDING) . . . . . . . . . . 30
A.9. Perfect Forward Secrecy (R-PFS) . . . . . . . . . . . . . 30 A.9. Perfect Forward Secrecy (R-PFS) . . . . . . . . . . . . . 30
A.10. Algorithm Negotiation (R-COMPUTE) . . . . . . . . . . . . 30 A.10. Algorithm Negotiation (R-COMPUTE) . . . . . . . . . . . . 30
A.11. RTP Validity Check (R-RTP-VALID) . . . . . . . . . . . . . 30 A.11. RTP Validity Check (R-RTP-VALID) . . . . . . . . . . . . . 31
A.12. 3rd Party Certificates (R-CERTS, R-EXISTING) . . . . . . . 31 A.12. 3rd Party Certificates (R-CERTS, R-EXISTING) . . . . . . . 31
A.13. FIPS 140-2 (R-FIPS) . . . . . . . . . . . . . . . . . . . 31 A.13. FIPS 140-2 (R-FIPS) . . . . . . . . . . . . . . . . . . . 31
A.14. Linkage between Keying Exchange and SIP Signaling A.14. Linkage between Keying Exchange and SIP Signaling
(R-ASSOC) . . . . . . . . . . . . . . . . . . . . . . . . 31 (R-ASSOC) . . . . . . . . . . . . . . . . . . . . . . . . 31
A.15. Denial of Service Vulnerability (R-DOS) . . . . . . . . . 31 A.15. Denial of Service Vulnerability (R-DOS) . . . . . . . . . 31
A.16. Crypto-Agility (R-AGILITY) . . . . . . . . . . . . . . . . 31 A.16. Crypto-Agility (R-AGILITY) . . . . . . . . . . . . . . . . 31
A.17. Downgrading Protection (R-DOWNGRADE) . . . . . . . . . . . 31 A.17. Downgrading Protection (R-DOWNGRADE) . . . . . . . . . . . 31
A.18. Media Security Negotation (R-NEGOTIATE) . . . . . . . . . 32 A.18. Media Security Negotation (R-NEGOTIATE) . . . . . . . . . 32
A.19. Signaling Protocol Independence (R-OTHER-SIGNALING) . . . 32 A.19. Signaling Protocol Independence (R-OTHER-SIGNALING) . . . 32
A.20. Media Recording (R-RECORDING) . . . . . . . . . . . . . . 32 A.20. Media Recording (R-RECORDING) . . . . . . . . . . . . . . 32
skipping to change at page 10, line 38 skipping to change at page 10, line 38
an otherwise anonymous call. When anonymous calls are being made, an otherwise anonymous call. When anonymous calls are being made,
the following procedures SHOULD be used to prevent deanonymization. the following procedures SHOULD be used to prevent deanonymization.
When making anonymous calls, a new self-signed certificate SHOULD be When making anonymous calls, a new self-signed certificate SHOULD be
used for each call so that the calls can not be correlated as to used for each call so that the calls can not be correlated as to
being from the same caller. In situations where some degree of being from the same caller. In situations where some degree of
correlation is acceptable, the same certificate SHOULD be used for a correlation is acceptable, the same certificate SHOULD be used for a
number of calls in order to enable continuity of authentication, see number of calls in order to enable continuity of authentication, see
Section 8.4. Section 8.4.
Additionally, it MUST be ensured that the Privacy header field Additionally note that in networks that deploy [RFC3325], RFC 3325
[RFC3323] with value 'id' [RFC3325]. is used in conjunction with the requires that the Privacy header field value defined in [RFC3323]
SIP identity mechanism to ensure that the identity of the user is not needs to be set to 'id'. This is used in conjunction with the SIP
identity mechanism to ensure that the identity of the user is not
asserted when enabling anonymous calls. Furthermore, the content of asserted when enabling anonymous calls. Furthermore, the content of
the subjectAltName attribute inside the certificate MUST NOT contain the subjectAltName attribute inside the certificate MUST NOT contain
information that either allows correlation or identification of the information that either allows correlation or identification of the
user that wishes to place an anonymous call. Note that following user that wishes to place an anonymous call. Note that following
this recommendation is not sufficient to provide anonymization. this recommendation is not sufficient to provide anonymization.
6.2. Early Media 6.2. Early Media
If an offer is received by an endpoint that wishes to provide early If an offer is received by an endpoint that wishes to provide early
media, it MUST take the setup:active role and can immediately media, it MUST take the setup:active role and can immediately
skipping to change at page 26, line 13 skipping to change at page 26, line 13
June 2002. June 2002.
[RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet [RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet
X.509 Public Key Infrastructure Certificate and X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile", RFC 3280, Certificate Revocation List (CRL) Profile", RFC 3280,
April 2002. April 2002.
[RFC3323] Peterson, J., "A Privacy Mechanism for the Session [RFC3323] Peterson, J., "A Privacy Mechanism for the Session
Initiation Protocol (SIP)", RFC 3323, November 2002. Initiation Protocol (SIP)", RFC 3323, November 2002.
[RFC3325] Jennings, C., Peterson, J., and M. Watson, "Private
Extensions to the Session Initiation Protocol (SIP) for
Asserted Identity within Trusted Networks", RFC 3325,
November 2002.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Jacobson, "RTP: A Transport Protocol for Real-Time Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003. Applications", STD 64, RFC 3550, July 2003.
[RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in [RFC4145] Yon, D. and G. Camarillo, "TCP-Based Media Transport in
the Session Description Protocol (SDP)", RFC 4145, the Session Description Protocol (SDP)", RFC 4145,
September 2005. September 2005.
[RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer [RFC4347] Rescorla, E. and N. Modadugu, "Datagram Transport Layer
Security", RFC 4347, April 2006. Security", RFC 4347, April 2006.
skipping to change at page 26, line 52 skipping to change at page 26, line 47
"Session Traversal Utilities for (NAT) (STUN)", "Session Traversal Utilities for (NAT) (STUN)",
draft-ietf-behave-rfc3489bis-18 (work in progress), draft-ietf-behave-rfc3489bis-18 (work in progress),
July 2008. July 2008.
11.2. Informational References 11.2. Informational References
[RFC4571] Lazzaro, J., "Framing Real-time Transport Protocol (RTP) [RFC4571] Lazzaro, J., "Framing Real-time Transport Protocol (RTP)
and RTP Control Protocol (RTCP) Packets over Connection- and RTP Control Protocol (RTCP) Packets over Connection-
Oriented Transport", RFC 4571, July 2006. Oriented Transport", RFC 4571, July 2006.
[RFC3325] Jennings, C., Peterson, J., and M. Watson, "Private
Extensions to the Session Initiation Protocol (SIP) for
Asserted Identity within Trusted Networks", RFC 3325,
November 2002.
[I-D.ietf-mmusic-ice] [I-D.ietf-mmusic-ice]
Rosenberg, J., "Interactive Connectivity Establishment Rosenberg, J., "Interactive Connectivity Establishment
(ICE): A Protocol for Network Address Translator (NAT) (ICE): A Protocol for Network Address Translator (NAT)
Traversal for Offer/Answer Protocols", Traversal for Offer/Answer Protocols",
draft-ietf-mmusic-ice-19 (work in progress), October 2007. draft-ietf-mmusic-ice-19 (work in progress), October 2007.
[RFC4567] Arkko, J., Lindholm, F., Naslund, M., Norrman, K., and E. [RFC4567] Arkko, J., Lindholm, F., Naslund, M., Norrman, K., and E.
Carrara, "Key Management Extensions for Session Carrara, "Key Management Extensions for Session
Description Protocol (SDP) and Real Time Streaming Description Protocol (SDP) and Real Time Streaming
Protocol (RTSP)", RFC 4567, July 2006. Protocol (RTSP)", RFC 4567, July 2006.
[RFC4568] Andreasen, F., Baugher, M., and D. Wing, "Session [RFC4568] Andreasen, F., Baugher, M., and D. Wing, "Session
Description Protocol (SDP) Security Descriptions for Media Description Protocol (SDP) Security Descriptions for Media
Streams", RFC 4568, July 2006. Streams", RFC 4568, July 2006.
[I-D.zimmermann-avt-zrtp] [I-D.zimmermann-avt-zrtp]
Zimmermann, P., Johnston, A., and J. Callas, "ZRTP: Media Zimmermann, P., Johnston, A., and J. Callas, "ZRTP: Media
Path Key Agreement for Secure RTP", Path Key Agreement for Secure RTP",
draft-zimmermann-avt-zrtp-07 (work in progress), draft-zimmermann-avt-zrtp-09 (work in progress),
June 2008. September 2008.
[I-D.mcgrew-srtp-ekt] [I-D.mcgrew-srtp-ekt]
McGrew, D., "Encrypted Key Transport for Secure RTP", McGrew, D., "Encrypted Key Transport for Secure RTP",
draft-mcgrew-srtp-ekt-03 (work in progress), July 2007. draft-mcgrew-srtp-ekt-03 (work in progress), July 2007.
[I-D.ietf-avt-dtls-srtp] [I-D.ietf-avt-dtls-srtp]
McGrew, D. and E. Rescorla, "Datagram Transport Layer McGrew, D. and E. Rescorla, "Datagram Transport Layer
Security (DTLS) Extension to Establish Keys for Secure Security (DTLS) Extension to Establish Keys for Secure
Real-time Transport Protocol (SRTP)", Real-time Transport Protocol (SRTP)",
draft-ietf-avt-dtls-srtp-03 (work in progress), July 2008. draft-ietf-avt-dtls-srtp-05 (work in progress),
September 2008.
[I-D.ietf-sip-media-security-requirements] [I-D.ietf-sip-media-security-requirements]
Wing, D., Fries, S., Tschofenig, H., and F. Audet, Wing, D., Fries, S., Tschofenig, H., and F. Audet,
"Requirements and Analysis of Media Security Management "Requirements and Analysis of Media Security Management
Protocols", draft-ietf-sip-media-security-requirements-07 Protocols", draft-ietf-sip-media-security-requirements-07
(work in progress), June 2008. (work in progress), June 2008.
[I-D.ietf-mmusic-sdp-capability-negotiation] [I-D.ietf-mmusic-sdp-capability-negotiation]
Andreasen, F., "SDP Capability Negotiation", Andreasen, F., "SDP Capability Negotiation",
draft-ietf-mmusic-sdp-capability-negotiation-09 (work in draft-ietf-mmusic-sdp-capability-negotiation-09 (work in
 End of changes. 12 change blocks. 
18 lines changed or deleted 20 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/