draft-ietf-sip-media-security-requirements-05.txt   draft-ietf-sip-media-security-requirements-06.txt 
SIP Working Group D. Wing, Ed. SIP Working Group D. Wing, Ed.
Internet-Draft Cisco Internet-Draft Cisco
Intended status: Informational S. Fries Intended status: Informational S. Fries
Expires: November 6, 2008 Siemens AG Expires: November 13, 2008 Siemens AG
H. Tschofenig H. Tschofenig
Nokia Siemens Networks Nokia Siemens Networks
F. Audet F. Audet
Nortel Nortel
May 5, 2008 May 12, 2008
Requirements and Analysis of Media Security Management Protocols Requirements and Analysis of Media Security Management Protocols
draft-ietf-sip-media-security-requirements-05 draft-ietf-sip-media-security-requirements-06
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 39 skipping to change at page 1, line 39
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 6, 2008. This Internet-Draft will expire on November 13, 2008.
Abstract Abstract
This document describes requirements for a protocol to negotiate a This document describes requirements for a protocol to negotiate a
security context for SIP-signaled SRTP media. In addition to the security context for SIP-signaled SRTP media. In addition to the
natural security requirements, this negotiation protocol must natural security requirements, this negotiation protocol must
interoperate well with SIP in certain ways. A number of proposals interoperate well with SIP in certain ways. A number of proposals
have been published and a summary of these proposals is in the have been published and a summary of these proposals is in the
appendix of this document. appendix of this document.
skipping to change at page 17, line 22 skipping to change at page 17, line 22
R-PFS: R-PFS:
The media security key management protocol MUST be able to The media security key management protocol MUST be able to
support perfect forward secrecy. support perfect forward secrecy.
R-COMPUTE: R-COMPUTE:
The media security key management protocol MUST support The media security key management protocol MUST support
offering additional SRTP cipher suites without incurring offering additional SRTP cipher suites without incurring
significant computational expense. significant computational expense.
R-CERTS: R-CERTS:
The media security key management protocol MUST NOT constrain The media security key management protocol MUST NOT require
the set of trust anchors that a peer can use to validate using a trust anchor to validate credentials (e.g., a
certificates used in the protocol. certificate) or to obtain credentials (e.g., a private key)
used in the protocol.
R-FIPS: R-FIPS:
The media security key management protocol SHOULD use The media security key management protocol SHOULD use
algorithms that allow FIPS 140-2 [FIPS-140-2] certification. algorithms that allow FIPS 140-2 [FIPS-140-2] certification.
The United States Government can only purchase and use crypto The United States Government can only purchase and use crypto
implementations that have been validated by the FIPS-140 implementations that have been validated by the FIPS-140
[FIPS-140-2] process: [FIPS-140-2] process:
"The FIPS-140 standard is applicable to all Federal "The FIPS-140 standard is applicable to all Federal
 End of changes. 5 change blocks. 
7 lines changed or deleted 8 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/