draft-ietf-sipbrandy-osrtp-08.txt   draft-ietf-sipbrandy-osrtp-09.txt 
SIPBRANDY Working Group A. Johnston SIPBRANDY Working Group A. Johnston
Internet-Draft Villanova University Internet-Draft Villanova University
Intended status: Informational B. Aboba Intended status: Informational B. Aboba
Expires: September 27, 2019 Microsoft Expires: November 2, 2019 Microsoft
A. Hutton A. Hutton
Atos Atos
R. Jesske R. Jesske
Deutsche Telekom Deutsche Telekom
T. Stach T. Stach
Unaffiliated Unaffiliated
March 26, 2019 May 1, 2019
An Opportunistic Approach for Secure Real-time Transport Protocol An Opportunistic Approach for Secure Real-time Transport Protocol
(OSRTP) (OSRTP)
draft-ietf-sipbrandy-osrtp-08 draft-ietf-sipbrandy-osrtp-09
Abstract Abstract
Opportunistic Secure Real-time Transport Protocol (OSRTP) is an Opportunistic Secure Real-time Transport Protocol (OSRTP) is an
implementation of the Opportunistic Security mechanism, as defined in implementation of the Opportunistic Security mechanism, as defined in
RFC 7435, applied to Real-time Transport Protocol (RTP). OSRTP RFC 7435, applied to Real-time Transport Protocol (RTP). OSRTP
allows encrypted media to be used in environments where support for allows encrypted media to be used in environments where support for
encryption is not known in advance, and not required. OSRTP does not encryption is not known in advance, and not required. OSRTP does not
require SDP extensions or features and is fully backwards compatible require SDP extensions or features and is fully backwards compatible
with existing implementations using encrypted and authenticated media with existing implementations using encrypted and authenticated media
skipping to change at page 1, line 49 skipping to change at page 1, line 49
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 27, 2019. This Internet-Draft will expire on November 2, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 31 skipping to change at page 2, line 31
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3 1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. SDP Offer/Answer Considerations . . . . . . . . . . . . . . . 3 3. SDP Offer/Answer Considerations . . . . . . . . . . . . . . . 3
3.1. Generating the Initial OSRTP Offer . . . . . . . . . . . 4 3.1. Generating the Initial OSRTP Offer . . . . . . . . . . . 4
3.2. Generating the Answer . . . . . . . . . . . . . . . . . . 4 3.2. Generating the Answer . . . . . . . . . . . . . . . . . . 4
3.3. Offerer Processing the Answer . . . . . . . . . . . . . . 4 3.3. Offerer Processing the Answer . . . . . . . . . . . . . . 4
3.4. Modifying the Session . . . . . . . . . . . . . . . . . . 5 3.4. Modifying the Session . . . . . . . . . . . . . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6. Implementation Status . . . . . . . . . . . . . . . . . . . . 5 6. Implementation Status . . . . . . . . . . . . . . . . . . . . 6
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7
8.1. Normative References . . . . . . . . . . . . . . . . . . 6 8.1. Normative References . . . . . . . . . . . . . . . . . . 7
8.2. Informative References . . . . . . . . . . . . . . . . . 8 8.2. Informative References . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
Opportunistic Security [RFC7435] (OS) is an approach to security that Opportunistic Security [RFC7435] (OS) is an approach to security that
defines a third mode for security between "cleartext" and defines a third mode for security between "cleartext" and
"comprehensive protection" that allows encryption and authentication "comprehensive protection" that allows encryption and authentication
of media to be used if supported but will not result in failures if of media to be used if supported but will not result in failures if
it is not supported. In terms of secure media, cleartext is RTP it is not supported. In terms of secure media, cleartext is RTP
[RFC3550] media which is negotiated with the RTP/AVP (Audio Video [RFC3550] media which is negotiated with the RTP/AVP (Audio Video
Profile) [RFC3551] or the RTP/AVPF profile [RFC4585]. Comprehensive Profile) [RFC3551] or the RTP/AVPF profile [RFC4585]. Comprehensive
skipping to change at page 5, line 36 skipping to change at page 5, line 36
For SDP Security Descriptions key agreement [RFC4568], an For SDP Security Descriptions key agreement [RFC4568], an
authenticated signaling channel does not need to be used with authenticated signaling channel does not need to be used with
OSRTP if it is not available, although an encrypted signaling OSRTP if it is not available, although an encrypted signaling
channel must still be used. channel must still be used.
For ZRTP key agreement [RFC6189], the security considerations are For ZRTP key agreement [RFC6189], the security considerations are
unchanged, since ZRTP does not rely on the security of the unchanged, since ZRTP does not rely on the security of the
signaling channel. signaling channel.
While OSRTP does not require authentication of the key-agreement
mechanism, it does need to avoid exposing SRTP keys to eavesdroppers,
since this could enable passive attacks against SRTP. Section 8.3 of
[RFC7435] requires that any messages that contain SRTP keys be
encrypted, and further says that encryption "SHOULD" provide end-to-
end confidentiality protection if intermediaries that could inspect
the SDP message are present. At the time of this writing, it is
understood that the [RFC7435] requirement for end-to-end
confidentiality protection is commonly ignored. Therefore, if OSRTP
is used with SDP Security Descriptions, any such intermediaries
(e.g., SIP proxies) must be assumed to have access to the SRTP keys.
As discussed in [RFC7435], OSRTP is used in cases where support for As discussed in [RFC7435], OSRTP is used in cases where support for
encryption by the other party is not known in advance, and not encryption by the other party is not known in advance, and not
required. For cases where it is known that the other party supports required. For cases where it is known that the other party supports
SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a
secure profile of RTP is used in the offer. secure profile of RTP is used in the offer.
5. IANA Considerations 5. IANA Considerations
This document has no actions for IANA. This document has no actions for IANA.
 End of changes. 8 change blocks. 
9 lines changed or deleted 21 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/