| draft-ietf-mmusic-kmgmt-ext-05.txt | draft-ietf-mmusic-kmgmt-ext-06.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force J. Arkko | Internet Engineering Task Force J. Arkko | |||
| MMUSIC Working Group E. Carrara | MMUSIC Working Group E. Carrara | |||
| INTERNET-DRAFT F. Lindholm | INTERNET-DRAFT F. Lindholm | |||
| Expires: December 2002 M. Naslund | Expires: August 2003 M. Naslund | |||
| K. Norrman | K. Norrman | |||
| Ericsson | Ericsson | |||
| June, 2002 | February, 2003 | |||
| Key Management Extensions for SDP and RTSP | Key Management Extensions for SDP and RTSP | |||
| <draft-ietf-mmusic-kmgmt-ext-05.txt> | <draft-ietf-mmusic-kmgmt-ext-06.txt> | |||
| Status of this memo | Status of this memo | |||
| This document is an Internet-Draft and is in full conformance with | This document is an Internet-Draft and is in full conformance with | |||
| all provisions of Section 10 of RFC2026. | all provisions of Section 10 of RFC2026. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that other | Task Force (IETF), its areas, and its working groups. Note that other | |||
| groups may also distribute working documents as Internet-Drafts. | groups may also distribute working documents as Internet-Drafts. | |||
| skipping to change at page 2, line 14 | skipping to change at page 2, line 14 | |||
| TABLE OF CONTENTS | TABLE OF CONTENTS | |||
| 1. Introduction.....................................................2 | 1. Introduction.....................................................2 | |||
| 1.1. Notational Conventions.........................................3 | 1.1. Notational Conventions.........................................3 | |||
| 2. Extensions to SDP and RTSP.......................................3 | 2. Extensions to SDP and RTSP.......................................3 | |||
| 2.1. SDP Extensions.................................................4 | 2.1. SDP Extensions.................................................4 | |||
| 2.2. RTSP Extensions................................................4 | 2.2. RTSP Extensions................................................4 | |||
| 3. Usage with SIP and RTSP..........................................5 | 3. Usage with SIP and RTSP..........................................5 | |||
| 3.1. General SDP processing.........................................5 | 3.1. General SDP processing.........................................5 | |||
| 3.2. SIP usage......................................................7 | 3.2. SIP usage......................................................6 | |||
| 3.3. RTSP usage.....................................................7 | 3.3. RTSP usage.....................................................7 | |||
| 3.4. Example scenarios..............................................8 | 3.4. Example scenarios..............................................7 | |||
| 4. Adding further Key management protocols.........................10 | 4. Adding further Key management protocols.........................10 | |||
| 5. Security Considerations.........................................10 | 5. Security Considerations.........................................10 | |||
| 6. IANA Considerations.............................................11 | 6. IANA Considerations.............................................11 | |||
| 7. Conclusions.....................................................11 | 7. Conclusions.....................................................11 | |||
| 8. Acknowledgments.................................................11 | 8. Acknowledgments.................................................11 | |||
| 9. Author's Addresses..............................................11 | 9. Author's Addresses..............................................11 | |||
| 10. References.....................................................12 | 10. References.....................................................12 | |||
| 10.1. Normative References.........................................12 | 10.1. Normative References.........................................12 | |||
| 10.2. Informative References.......................................12 | 10.2. Informative References.......................................12 | |||
| 1. Introduction | 1. Introduction | |||
| There has recently been work to define a security framework for the | There has recently been work to define a security framework for the | |||
| protection of real-time applications running over RTP, [SRTP]. | protection of real-time applications running over RTP, [SRTP]. | |||
| However, a security protocol needs a key management infrastructure to | However, a security protocol needs a key management infrastructure to | |||
| exchange keys and security parameters, managing and refreshing keys, | exchange keys and security parameters, managing and refreshing keys, | |||
| etc. | etc. | |||
| A key management protocol is executed prior to the security protocol | A key management protocol is executed prior to the security protocol | |||
| execution. The key management protocol's main goal is to, in a secure | execution. The key management protocol's main goal is to, in a secure | |||
| and reliable way, establish a so called security association for the | and reliable way, establish a so-called security association for the | |||
| security protocol. This includes one or several cryptographic keys | security protocol. This includes one or several cryptographic keys | |||
| and a set of necessary parameters for the security protocol, e.g., | and a set of necessary parameters for the security protocol, e.g., | |||
| cipher and authentication algorithm to be used. The key management | cipher and authentication algorithm to be used. The key management | |||
| protocol has similarities with, e.g., SIP [SIP] and RTSP [RTSP] in | protocol has similarities with, e.g., SIP [SIP] and RTSP [RTSP] in | |||
| the sense that it negotiates necessary information in order to be | the sense that it negotiates necessary information in order to be | |||
| able to setup the session. | able to setup the session. | |||
| The focus in the following sections is to describe SDP attribute | The focus in the following sections is to describe SDP attribute | |||
| extensions and RTSP header extensions to support key management, and | extensions and RTSP header extensions to support key management, and | |||
| a possible integration within SIP and RTSP. A framework is therefore | a possible integration within SIP and RTSP. A framework is therefore | |||
| skipping to change at page 3, line 22 | skipping to change at page 3, line 22 | |||
| * The knowledge of the media at the session establishment makes it | * The knowledge of the media at the session establishment makes it | |||
| easy to tie the key management to the multimedia sessions. | easy to tie the key management to the multimedia sessions. | |||
| * This approach may be more efficient than setting up the security | * This approach may be more efficient than setting up the security | |||
| later, as that approach might force extra roundtrips, possibly | later, as that approach might force extra roundtrips, possibly | |||
| also a separate set-up for each stream, hence implying more delay | also a separate set-up for each stream, hence implying more delay | |||
| to the actual setup of the media session. | to the actual setup of the media session. | |||
| Currently in SDP [SDPnew], one field exists to transport keys, i.e. | Currently in SDP [SDPnew], one field exists to transport keys, i.e. | |||
| the "key=" field. However, this is not enough for a key management | the "key=" field. However, this is not enough for a key management | |||
| protocol. The approach here is to use and extend the SDP description | protocol as there are many more parameters that need to be | |||
| to transport the key management offer/answer and also to associate it | transported. The approach here is to use and extend the SDP | |||
| with the media sessions. SIP uses the offer/answer model [OAM] | description to transport the key management offer/answer and also to | |||
| whereby extensions to SDP will be enough. However, RTSP [RTSP] does | associate it with the media sessions. SIP uses the offer/answer model | |||
| not use the offer/answer model. This makes it impossible to send back | [OAM] whereby extensions to SDP will be enough. However, RTSP [RTSP] | |||
| an answer to the server. To solve this, a new header is introduced in | does not use the offer/answer model. This makes it impossible to send | |||
| which the key management data can be included. | back an answer to the server. To solve this, a new header is | |||
| introduced in which the key management data can be included. | ||||
| 1.1. Notational Conventions | 1.1. Notational Conventions | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in RFC-2119. | document are to be interpreted as described in RFC-2119. | |||
| 2. Extensions to SDP and RTSP | 2. Extensions to SDP and RTSP | |||
| This section describes common attributes that are to be included in | This section describes common attributes that are to be included in | |||
| skipping to change at page 3, line 53 | skipping to change at page 4, line 5 | |||
| For the SDP description, the key management attributes MAY be defined | For the SDP description, the key management attributes MAY be defined | |||
| at session level (i.e. before the media descriptor lines) and/or at | at session level (i.e. before the media descriptor lines) and/or at | |||
| media level. If the key management attributes are defined at media | media level. If the key management attributes are defined at media | |||
| level, they will only apply to that specific media. If the key | level, they will only apply to that specific media. If the key | |||
| management attributes are defined at both session and media level, | management attributes are defined at both session and media level, | |||
| the media level definition overrides the session level definition for | the media level definition overrides the session level definition for | |||
| that specific media. | that specific media. | |||
| The following SDP attribute is defined: | The following SDP attribute is defined: | |||
| key-mgmt:<name> <opaque-data> | key-mgmt:<identifier> <opaque-data> | |||
| <name> is the name of the key management protocol and the opaque-data | ||||
| is a field to transport the key management protocol data. The key | <identifier> is the name of the key management protocol and the | |||
| management protocol data contains the necessary information to | opaque-data is a field to transport the key management protocol data. | |||
| establish the security protocol, e.g., keys and cryptographic | The key management protocol data contains the necessary information | |||
| to establish the security protocol, e.g., keys and cryptographic | ||||
| parameters. All parameters and keys are protected by the key | parameters. All parameters and keys are protected by the key | |||
| management. Note that if the key management protocol fails, e.g., the | management. Note that if the key management protocol fails, e.g., the | |||
| receiver does not accept any of the proposed security parameters, or | receiver does not accept any of the proposed security parameters, or | |||
| simply does not understand the key management protocol, the security | simply does not understand the key management protocol, the security | |||
| setup will fail. Consequently, it is impossible to establish a secure | setup will fail. Consequently, it is impossible to establish a secure | |||
| session. So, if the key management fails, the offer must be rejected. | session. So, if the key management fails, the offer must be rejected. | |||
| 2.1. SDP Extensions | 2.1. SDP Extensions | |||
| This section provides an Augmented Backus-Naur Form (ABNF) grammar | This section provides an Augmented Backus-Naur Form (ABNF) grammar | |||
| (as used in [SDPnew]) for the key management extensions to SDP. | (as used in [SDPnew]) for the key management extensions to SDP. | |||
| Note that the new definitions are compliant with the definition of an | Note that the new definitions are compliant with the definition of an | |||
| attribute field, i.e. | attribute field, i.e. | |||
| attribute = (att-field ":" att-value) | att-field | attribute = (att-field ":" att-value) | att-field | |||
| One new attribute for SDP is defined: | One new attribute for SDP is defined: | |||
| key-mgmt = "key-mgmt: " prtcl-name keymgmt-data | key-mgmt = "key-mgmt: " prtcl-id keymgmt-data | |||
| prtcl-name = non-ws-string | prtcl-id = non-ws-string | |||
| ; e.g. "MIKEY" | ; e.g. "mikey" | |||
| keymgmt-data = text | keymgmt-data = text | |||
| where non-ws-string and text are as defined in SDP [SDPnew]. The | where non-ws-string and text are as defined in SDP [SDPnew]. The | |||
| attribute may be used at session level, media level or at both | attribute may be used at session level, media level or at both | |||
| levels. An attribute defined at media level overrides an attribute | levels. An attribute defined at media level overrides an attribute | |||
| defined at session level. | defined at session level. | |||
| 2.2. RTSP Extensions | 2.2. RTSP Extensions | |||
| To support the needed attribute described, the following RTSP header | To support the needed attribute described, the following RTSP header | |||
| is defined: | is defined: | |||
| KeyMgmt _ "keymgmt" ":" 1#key-mgmt-spec | KeyMgmt = "keymgmt" ":" 1#key-mgmt-spec | |||
| key-mgmt-spec _ "prot" "=" token ";" "data" "=" quoted-string | key-mgmt-spec = "prot" "=" token ";" "data" "=" quoted-string | |||
| token and quoted-string are as defined in the RTSP specification | token and quoted-string are as defined in the RTSP specification | |||
| [RTSP]. | [RTSP]. | |||
| The KeyMgmt header should be possible to use in the messages | The KeyMgmt header should be possible to use in the messages | |||
| described in the table below. | described in the table below. | |||
| Method Direction Requirement | Method Direction Requirement | |||
| DESCRIBE C->S required | DESCRIBE C->S required | |||
| SETUP C->S required | SETUP C->S required | |||
| skipping to change at page 5, line 37 | skipping to change at page 5, line 37 | |||
| Today, the MIKEY protocol [MIKEY] has adopted the key management | Today, the MIKEY protocol [MIKEY] has adopted the key management | |||
| extensions to work together with SIP and RTSP. Other protocols MAY | extensions to work together with SIP and RTSP. Other protocols MAY | |||
| use the described attribute and header, e.g. Kerberos [KERB]. | use the described attribute and header, e.g. Kerberos [KERB]. | |||
| 3.1. General SDP processing | 3.1. General SDP processing | |||
| When an SDP message is created, the following procedure should be | When an SDP message is created, the following procedure should be | |||
| applied: | applied: | |||
| * The identifier of the key management protocol used (e.g. MIKEY or | * The identifier of the key management protocol used (e.g. MIKEY or | |||
| Kerberos) MUST be put in the prtcl-name field. | Kerberos) MUST be put in the prtcl-id field. | |||
| * The keymgmt-data field MUST be created with the data received from | * The keymgmt-data field MUST be created with the data received from | |||
| the key management protocol (this data MUST be base64 encoded). | the key management protocol (this data MUST be base64 encoded). | |||
| The data may e.g. be a MIKEY message or Kerberos ticket. | The data may e.g. be a MIKEY message or Kerberos ticket. | |||
| A received SDP message that contains the key management attributes | A received SDP message that contains the key management attributes | |||
| SHOULD process these attributes in the following manner: | SHOULD process these attributes in the following manner: | |||
| * The key management protocol used MUST be identified by checking the | * The key management protocol used MUST be identified by checking the | |||
| prtcl-name field in the key management attribute. | prtcl-id field in the key management attribute. | |||
| * The key management data from the keymgmt-data field MUST be | * The key management data from the keymgmt-data field MUST be | |||
| extracted and given to the key management protocol. Note that | extracted and given to the key management protocol. Note that | |||
| depending on key management protocol, some extra parameters might | depending on key management protocol, some extra parameters might | |||
| of course be requested, such as the source/destination network | of course be requested, such as the source/destination network | |||
| address/port(s) for the specified media. | address/port(s) for the specified media. | |||
| * Depending on the outcome of the key management processing (i.e. | * Depending on the outcome of the key management processing (i.e. | |||
| whether it was accepted or not), the processing can proceed | whether it was accepted or not), the processing can proceed | |||
| according to normal processing (e.g. according to the offer/answer | according to normal processing (e.g. according to the offer/answer | |||
| skipping to change at page 6, line 19 | skipping to change at page 6, line 19 | |||
| Note that the attribute MAY be repeated more than once (e.g., one at | Note that the attribute MAY be repeated more than once (e.g., one at | |||
| session level and one at media level). Consequently, the process is | session level and one at media level). Consequently, the process is | |||
| repeated for each key management attribute detected. | repeated for each key management attribute detected. | |||
| If more than one key management protocol is supported, multiple | If more than one key management protocol is supported, multiple | |||
| instances of the key management attribute MAY be included in the | instances of the key management attribute MAY be included in the | |||
| initial offer, each transporting a different key management data, | initial offer, each transporting a different key management data, | |||
| thus indicating alternatives supported. | thus indicating alternatives supported. | |||
| If the sender includes more than one key management attributes at | If the sender includes more than one key management protocol | |||
| session level (analogous for the media level), these SHOULD be listed | attributes at session level (analogous for the media level), these | |||
| in order of preference (with the first being the preferred). The | SHOULD be listed in order of preference (with the first being the | |||
| receiver chooses the key management protocol it supports. When | preferred). The receiver chooses the key management protocol it | |||
| answering, only the accepted key management attribute MUST be | supports. When answering, only the accepted key management protocol | |||
| included. If the receiver does not support any of the sender's | attribute MUST be included. If the receiver does not support any of | |||
| suggested key management protocols, the receiver answers with an | the sender's suggested key management protocols, the receiver answers | |||
| error message (see SIP and RTSP), possibly also listing the supported | with an error message (see SIP and RTSP), whereby the sender MUST put | |||
| key management protocols (without any data included). | down the current setup procedure. | |||
| However, the offerer is RECOMMENDED to include only one of the | ||||
| protocols for a specific media. If the answerer cannot support the | ||||
| proposed protocol, it rejects the offer. | ||||
| Note that by placing multiple key management offers in a single | Note that by placing multiple key management offers in a single | |||
| message has the disadvantage that the message expands and the | message has the disadvantage that the message expands and the | |||
| computational workload for the offerer will increase drastically. It | computational workload for the offerer will increase drastically. The | |||
| might be acceptable to use a trial and error approach if the number | possibility to support multiple key management protocols may | |||
| of key management protocols supported are few. The possibility to | introduce bidding down attacks. To avoid this, the list of | |||
| support multiple key management protocols may introduce bidding down | identifiers of the proposed key management protocols MUST be | |||
| attacks. It is therefore important that the local policy considers | authenticated, which MUST be done by each key management. This puts | |||
| this (e.g., only allows protocols that from a security point of view | the requirement that it MUST be specified (in the key management | |||
| are equivalent, to be negotiated). | protocol itself or in a companion document) how the protocol | |||
| identifiers could be authenticated from the offerer to the responder | ||||
| What can be done to increase the likelihood for a successful setup is | by the use of the specific key management protocol. Note that even if | |||
| to use a capability discovery mechanism (e.g., used in SIP when using | only one key management protocol is used, that still must | |||
| the OPTION message). In this case, the key management protocols | authenticate its own protocol identifier. | |||
| supported are expressed at session level without any data (i.e., a | ||||
| list of only the key-mgmt:<name> part is used). | ||||
| v=0 | If more than one protocol is supported by the offerer, it is | |||
| o=alice 2891092738 2891092738 IN IP4 lost.somewhere.com | RECOMMENDED that he offers all to him acceptable protocols in the | |||
| c=IN IP4 lost.somewhere.com | first offer, rather than making single, subsequent alternative offers | |||
| a=key-mgmt:mikey | in response to error messages, see "Security Considerations". | |||
| a=key-mgmt:coolxchg | ||||
| m=audio 0 RTP/SAVP 98 | ||||
| a=rtpmap:98 AMR/8000 | ||||
| m=video 0 RTP/SAVP 31 34 | ||||
| a=rtpmap:31 H261/90000 | ||||
| a=rtpmap:34 H263/90000 | ||||
| 3.2. SIP usage | 3.2. SIP usage | |||
| The offerer SHOULD include the key management data within an offer | The offerer SHOULD include the key management data within an offer | |||
| that contains the media description it should apply to. The answerer | that contains the media description it should apply to. The answerer | |||
| MUST check with the key management protocol if the attribute values | MUST check with the key management protocol if the attribute values | |||
| are valid, and then obtain from the key management the data to | are valid, and then obtain from the key management the data to | |||
| include in the answer. | include in the answer. | |||
| If the offer is not accepted, the answerer SHOULD return a "606 Not | If the offer is not accepted, the answerer SHOULD return a "606 Not | |||
| Acceptable" message, including one or more Warning headers (at least | Acceptable" message, including one or more Warning headers (at least | |||
| a 306). The offerer MAY then go out with a new (different) offer, | a 306). The offer MUST then abort the security setup. | |||
| depending on the local security policy. | ||||
| Re-keying can be handled as a new offer, i.e. a re-INVITE should be | Re-keying can be handled as a new offer, i.e. a re-INVITE should be | |||
| sent with the new proposed parameters. The answerer treats this as a | sent with the new proposed parameters. The answerer treats this as a | |||
| new offer where the key management is the issue of change. In | new offer where the key management is the issue of change. In | |||
| general, the re-INVITE (and the key exchange) must be finalized | general, the re-INVITE (and the key exchange) must be finalized | |||
| before the security protocol can change the keys. The synchronization | before the security protocol can change the keys. The synchronization | |||
| method used when changing keys are dependent on the security and key | method used when changing keys are dependent on the security and key | |||
| management protocol used. | management protocol used. | |||
| 3.3. RTSP usage | 3.3. RTSP usage | |||
| RTSP does not use the offer/answer model, as SIP does. This causes | RTSP does not use the offer/answer model, as SIP does. This causes | |||
| some problems as it is not possible (without abusing RTSP) to send | some problems, as it is not possible (without abusing RTSP) to send | |||
| back an answer to the server (as the server will in most cases be the | back an answer to the server (as the server will in most cases be the | |||
| one initiating the security parameter exchange). To solve this, a new | one initiating the security parameter exchange). To solve this, a new | |||
| header has been introduced (Section 2.2). This also assumes that the | header has been introduced (Section 2.2). This also assumes that the | |||
| key management also have some kind of binding to the media, so that | key management also has some kind of binding to the media, so that | |||
| the response to the server will be processed as required. | the response to the server will be processed as required. | |||
| The processing of a key management header in RTSP should be done | The processing of a key management header in RTSP should be done | |||
| analogous of the SDP message processing. The initial key management | analogous of the SDP message processing. The initial key management | |||
| message from a server should be sent to the client using SDP. When | message from a server should be sent to the client using SDP. When | |||
| responding to this, the client uses the new RTSP header to send back | responding to this, the client uses the new RTSP header to send back | |||
| an answer (included in the SETUP message). If a server receives a | an answer (included in the SETUP message). If a server receives a | |||
| SETUP message in which it expects a key management message, but none | SETUP message in which it expects a key management message, but none | |||
| is included, a 403 Forbidden SHOULD be returned to the client. | is included, a 403 Forbidden SHOULD be returned to the client, | |||
| whereby the current setup MUST be aborted. | ||||
| The server MAY provide re-keying/updating facilities by sending a new | The server MAY provide re-keying/updating facilities by sending a new | |||
| key management message in an ANNOUNCE messages. The ANNOUNCE message | key management message in an ANNOUNCE messages. The ANNOUNCE message | |||
| contains an SDP message including the key management parameters. The | contains an SDP message including the key management parameters. The | |||
| response message is put in the new RTSP header in the response from | response message is put in the new RTSP header in the response from | |||
| the client to the server. Note that the ANNOUNCE messages MUST be | the client to the server. Note that the ANNOUNCE messages MUST be | |||
| supported if this feature is to be used. | supported if this feature is to be used. | |||
| 3.4. Example scenarios | 3.4. Example scenarios | |||
| skipping to change at page 10, line 21 | skipping to change at page 10, line 12 | |||
| The RTSP then proceeds as usual (with e.g. a SETUP message for the | The RTSP then proceeds as usual (with e.g. a SETUP message for the | |||
| video followed by a PLAY message). | video followed by a PLAY message). | |||
| 4. Adding further Key management protocols | 4. Adding further Key management protocols | |||
| This framework cannot be used with all key management protocols. The | This framework cannot be used with all key management protocols. The | |||
| key management protocol needs to comply with the requirements | key management protocol needs to comply with the requirements | |||
| described in Section 3. To be able to use a key management protocol | described in Section 3. To be able to use a key management protocol | |||
| with this framework, the following MUST be specified: | with this framework, the following MUST be specified: | |||
| * the key management protocol name that should be used in the | * the key management protocol identifier that should be used in the | |||
| protocol name fields in both SDP and RTSP (e.g. "mikey" for | protocol identifier fields in both SDP and RTSP (e.g. "mikey" for | |||
| MIKEY). | MIKEY). | |||
| * the information the key management needs from SDP and RTSP (Section | * the information the key management needs from SDP and RTSP (Section | |||
| 3 gives a guideline of what SDP and RTSP needs from the key | 3 gives a guideline of what SDP and RTSP needs from the key | |||
| management). The exact API is implementation specific, but it | management). The exact API is implementation specific, but it | |||
| SHOULD at least support to exchange the specified information. | SHOULD at least support to exchange the specified information. | |||
| Note that in particular, the key management MUST always be given | ||||
| the protocol identifier(s) of the key management protocol(s) | ||||
| included in the offer in the correct order as they appear. | ||||
| The key management data MUST be base64 encoded in the SDP and RTSP | The key management data MUST be base64 encoded in the SDP and RTSP | |||
| fields. Therefore, considerations of possible conversion from the | fields. Therefore, considerations of possible conversion from the | |||
| normal key management representation to base64 SHOULD be taken into | normal key management representation to base64 SHOULD be taken into | |||
| consideration. | account. | |||
| 5. Security Considerations | 5. Security Considerations | |||
| The nature of this document is to allow SDP and RTSP to support | The nature of this document is to allow SDP and RTSP to support | |||
| security of the media sessions. It is therefore not the intention of | security of the media sessions. It is therefore not a primary | |||
| this document to describe possible security solutions or to define | intention of this document to describe possible security solutions or | |||
| possible security problems. The defined SDP and RTSP extensions are | to define possible security problems. The defined SDP and RTSP | |||
| not believed to introduce any new security risks to SDP and RTSP. | extensions are not believed to introduce any new security risks to | |||
| SDP and RTSP, if used as specified. | ||||
| Note that the purpose of the key management fields is to provide | Note that the purpose of the key management fields is to provide | |||
| information to secure the media streams. Under the assumption that | information to secure the media streams. Under the assumption that | |||
| the key management schemes are secure, the SDP can be passed along | the key management schemes are secure, the SDP can be passed along | |||
| unprotected without affecting the key management, and the media | unprotected without affecting the key management, and the media | |||
| streams will still be secure even if some attackers gained knowledge | streams will still be secure even if some attackers gained knowledge | |||
| of the SDP contents. | of the SDP contents. | |||
| However, if the SDP messages are not sent authenticated between the | However, if the SDP messages are not sent authenticated between the | |||
| parties, it is possible for an active attacker to change attributes | parties, it is possible for an active attacker to change attributes | |||
| without being detected. As the key management protocol may | without being detected. As the key management protocol may | |||
| (indirectly) rely on some of the session information from SDP (e.g., | (indirectly) rely on some of the session information from SDP (e.g., | |||
| address information), an attack on SDP may have indirect consequences | address information), an attack on SDP may have indirect consequences | |||
| on the key management. In general, it is therefore a good thing, not | on the key management. In general, it is therefore a good thing, not | |||
| only to try to secure the session, but also to secure the session | only to try to secure the session, but also to secure the session | |||
| setup. | setup. | |||
| Note that it is impossible to assure the authenticity of a declined | ||||
| offer, since even if it comes from the true respondent, the fact that | ||||
| he/she declines the offer usually means that he/she does not support | ||||
| the protocol(s) offered, and consequently cannot be expected to | ||||
| authenticate the response either. This means that if the initiator is | ||||
| unsure of which protocol(s) the responder supports, we RECOMMEND that | ||||
| the initiator offers all acceptable protocols in a single offer. If | ||||
| not, this opens up the possibility for a "man-in-the-middle" (MITM) | ||||
| to affect the outcome of the eventually agreed upon protocol, by | ||||
| faking unauthenticated error messages until the initiator eventually | ||||
| offers a protocol "to the liking" of the MITM. This is not really a | ||||
| security problem, but rather a mild form of denial of service that | ||||
| can be avoided by following the above recommendation. | ||||
| 6. IANA Considerations | 6. IANA Considerations | |||
| New attribute fields for SDP (see Section 2.1) and RTSP header are | New attribute fields for SDP (see Section 2.1) and RTSP header are | |||
| registered (see Section 2.2). | registered (see Section 2.2). | |||
| 7. Conclusions | 7. Conclusions | |||
| A security solution for real-time applications needs a key management | A security solution for real-time applications needs a key management | |||
| infrastructure. Integrating the key management scheme with the | infrastructure. Integrating the key management scheme with the | |||
| session establishment protocol could be done efficiently in most of | session establishment protocol could be done efficiently in most of | |||
| skipping to change at page 12, line 19 | skipping to change at page 12, line 27 | |||
| Karl Norrman | Karl Norrman | |||
| Ericsson Research | Ericsson Research | |||
| SE-16480 Stockholm Phone: +46 8 4044502 | SE-16480 Stockholm Phone: +46 8 4044502 | |||
| Sweden EMail: karl.norrman@era.ericsson.se | Sweden EMail: karl.norrman@era.ericsson.se | |||
| 10. References | 10. References | |||
| 10.1. Normative References | 10.1. Normative References | |||
| [OAM] Rosenberg, J. and Schulzrinne, H., "An Offer/Answer Model with | [OAM] Rosenberg, J. and Schulzrinne, H., "An Offer/Answer Model with | |||
| SDP", Internet Draft, IETF, Work in progress (MMUSIC). | the Session Description Protocol (SDP)", IETF, 3264. | |||
| [RTSP] Schulzrinne, H., Rao, A., and Lanphier, R., "Real Time | [RTSP] Schulzrinne, H., Rao, A., and Lanphier, R., "Real Time | |||
| Streaming Protocol (RTSP)", IETF, RFC 2326. | Streaming Protocol (RTSP)", IETF, RFC 2326. | |||
| [SDPnew] Handley, M., Jacobson, V., and Perkins, C., "SDP: Session | [SDPnew] Handley, M., Jacobson, V., and Perkins, C., "SDP: Session | |||
| Description Protocol", Internet Draft, IETF, Work in progress | Description Protocol", Internet Draft, IETF, Work in progress | |||
| (MMUSIC). | (MMUSIC). | |||
| [SIP] Handley, M., Schulzrinne, H., Schooler, E., and Rosenberg, J., | [SIP] Handley, M., Schulzrinne, H., Schooler, E., and Rosenberg, J., | |||
| "SIP: Session Initiation Protocol", IETF, RFC 2543. | "SIP: Session Initiation Protocol", IETF, RFC 2543. | |||
| skipping to change at page 12, line 44 | skipping to change at page 12, line 52 | |||
| Service (V5)", IETF, RFC 1510. | Service (V5)", IETF, RFC 1510. | |||
| [MIKEY] Arkko, J., Carrara, E., Lindholm, F., Naslund, M., and | [MIKEY] Arkko, J., Carrara, E., Lindholm, F., Naslund, M., and | |||
| Norrman, K., "MIKEY: Multimedia Internet KEYing", Internet Draft, | Norrman, K., "MIKEY: Multimedia Internet KEYing", Internet Draft, | |||
| IETF, Work in progress (MSEC). | IETF, Work in progress (MSEC). | |||
| [SRTP] Baugher, M., Blom, R., Carrara, E., McGrew, D., Naslund, M, | [SRTP] Baugher, M., Blom, R., Carrara, E., McGrew, D., Naslund, M, | |||
| Norrman, K., and Oran, D., "The Secure Real Time Transport Protocol", | Norrman, K., and Oran, D., "The Secure Real Time Transport Protocol", | |||
| Internet Draft, IETF, Work in Progress (AVT). | Internet Draft, IETF, Work in Progress (AVT). | |||
| This Internet-Draft expires in December 2002. | This Internet-Draft expires in August 2003. | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||