| draft-ietf-sipbrandy-osrtp-06.txt | draft-ietf-sipbrandy-osrtp-07.txt | |||
|---|---|---|---|---|
| SIPBRANDY Working Group A. Johnston | SIPBRANDY Working Group A. Johnston | |||
| Internet-Draft Villanova University | Internet-Draft Villanova University | |||
| Intended status: Informational B. Aboba | Intended status: Informational B. Aboba | |||
| Expires: June 1, 2019 Microsoft | Expires: June 6, 2019 Microsoft | |||
| A. Hutton | A. Hutton | |||
| Atos | Atos | |||
| R. Jesske | R. Jesske | |||
| Deutsche Telekom | Deutsche Telekom | |||
| T. Stach | T. Stach | |||
| Unaffiliated | Unaffiliated | |||
| November 28, 2018 | December 3, 2018 | |||
| An Opportunistic Approach for Secure Real-time Transport Protocol | An Opportunistic Approach for Secure Real-time Transport Protocol | |||
| (OSRTP) | (OSRTP) | |||
| draft-ietf-sipbrandy-osrtp-06 | draft-ietf-sipbrandy-osrtp-07 | |||
| Abstract | Abstract | |||
| Opportunistic Secure Real-time Transport Protocol (OSRTP) is an | Opportunistic Secure Real-time Transport Protocol (OSRTP) is an | |||
| implementation of the Opportunistic Security mechanism, as defined in | implementation of the Opportunistic Security mechanism, as defined in | |||
| RFC 7435, applied to Real-time Transport Protocol (RTP). OSRTP | RFC 7435, applied to Real-time Transport Protocol (RTP). OSRTP | |||
| allows encrypted media to be used in environments where support for | allows encrypted media to be used in environments where support for | |||
| encryption is not known in advance, and not required. OSRTP does not | encryption is not known in advance, and not required. OSRTP does not | |||
| require SDP extensions or features and is fully backwards compatible | require SDP extensions or features and is fully backwards compatible | |||
| with existing implementations using encrypted and authenticated media | with existing implementations using encrypted and authenticated media | |||
| skipping to change at page 1, line 49 ¶ | skipping to change at page 1, line 49 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on June 1, 2019. | This Internet-Draft will expire on June 6, 2019. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 31 ¶ | skipping to change at page 2, line 31 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3 | 1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3 | |||
| 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 | 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. SDP Offer/Answer Considerations . . . . . . . . . . . . . . . 3 | 3. SDP Offer/Answer Considerations . . . . . . . . . . . . . . . 3 | |||
| 3.1. Generating the Initial OSRTP Offer . . . . . . . . . . . 4 | 3.1. Generating the Initial OSRTP Offer . . . . . . . . . . . 4 | |||
| 3.2. Generating the Answer . . . . . . . . . . . . . . . . . . 4 | 3.2. Generating the Answer . . . . . . . . . . . . . . . . . . 4 | |||
| 3.3. Offerer Processing the Answer . . . . . . . . . . . . . . 4 | 3.3. Offerer Processing the Answer . . . . . . . . . . . . . . 4 | |||
| 3.4. Modifying the Session . . . . . . . . . . . . . . . . . . 4 | 3.4. Modifying the Session . . . . . . . . . . . . . . . . . . 4 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 5 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 | 6. Implementation Status . . . . . . . . . . . . . . . . . . . . 5 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 7 | 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . 7 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 1. Introduction | 1. Introduction | |||
| Opportunistic Security [RFC7435] (OS) is an approach to security that | Opportunistic Security [RFC7435] (OS) is an approach to security that | |||
| defines a third mode for security between "cleartext" and | defines a third mode for security between "cleartext" and | |||
| "comprehensive protection" that allows encryption and authentication | "comprehensive protection" that allows encryption and authentication | |||
| to be used if supported but will not result in failures if it is not | to be used if supported but will not result in failures if it is not | |||
| supported. In terms of secure media, cleartext is RTP [RFC3550] | supported. In terms of secure media, cleartext is RTP [RFC3550] | |||
| media which is negotiated with the RTP/AVP (Audio Video Profile) | media which is negotiated with the RTP/AVP (Audio Video Profile) | |||
| skipping to change at page 5, line 35 ¶ | skipping to change at page 5, line 35 ¶ | |||
| For ZRTP key agreement [RFC6189], the security considerations are | For ZRTP key agreement [RFC6189], the security considerations are | |||
| unchanged, since ZRTP does not rely on the security of the | unchanged, since ZRTP does not rely on the security of the | |||
| signaling channel. | signaling channel. | |||
| As discussed in [RFC7435], OSRTP is used in cases where support for | As discussed in [RFC7435], OSRTP is used in cases where support for | |||
| encryption by the other party is not known in advance, and not | encryption by the other party is not known in advance, and not | |||
| required. For cases where it is known that the other party supports | required. For cases where it is known that the other party supports | |||
| SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a | SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a | |||
| secure profile of RTP is used in the offer. | secure profile of RTP is used in the offer. | |||
| 5. Implementation Status | 5. IANA Considerations | |||
| This document has no actions for IANA. | ||||
| 6. Implementation Status | ||||
| Note to RFC Editor: Please remove this entire section prior to | Note to RFC Editor: Please remove this entire section prior to | |||
| publication, including the reference to [RFC6982]. | publication, including the reference to [RFC6982]. | |||
| This section records the status of known implementations of the | This section records the status of known implementations of the | |||
| protocol defined by this specification at the time of posting of this | protocol defined by this specification at the time of posting of this | |||
| Internet-Draft, and is based on a proposal described in [RFC6982]. | Internet-Draft, and is based on a proposal described in [RFC6982]. | |||
| The description of implementations in this section is intended to | The description of implementations in this section is intended to | |||
| assist the IETF in its decision processes in progressing drafts to | assist the IETF in its decision processes in progressing drafts to | |||
| RFCs. Please note that the listing of any individual implementation | RFCs. Please note that the listing of any individual implementation | |||
| skipping to change at page 6, line 19 ¶ | skipping to change at page 6, line 23 ¶ | |||
| It is up to the individual working groups to use this information as | It is up to the individual working groups to use this information as | |||
| they see fit". | they see fit". | |||
| There are implementations of [I-D.kaplan-mmusic-best-effort-srtp] in | There are implementations of [I-D.kaplan-mmusic-best-effort-srtp] in | |||
| deployed products by Microsoft and Unify. The IMTC "Best Practices | deployed products by Microsoft and Unify. The IMTC "Best Practices | |||
| for SIP Security" document [IMTC-SIP] recommends this approach. The | for SIP Security" document [IMTC-SIP] recommends this approach. The | |||
| SIP Forum planned to include support in the SIPconnect 2.0 SIP | SIP Forum planned to include support in the SIPconnect 2.0 SIP | |||
| trunking recommendation [SIPCONNECT]. There are many deployments of | trunking recommendation [SIPCONNECT]. There are many deployments of | |||
| ZRTP [RFC6189]. | ZRTP [RFC6189]. | |||
| 6. Acknowledgements | 7. Acknowledgements | |||
| This document is dedicated to our friend and colleague Francois Audet | This document is dedicated to our friend and colleague Francois Audet | |||
| who is greatly missed in our community. His work on improving | who is greatly missed in our community. His work on improving | |||
| security in SIP and RTP provided the foundation for this work. | security in SIP and RTP provided the foundation for this work. | |||
| Thanks to Eric Rescorla, Martin Thomson, Christer Holmberg, and | Thanks to Eric Rescorla, Martin Thomson, Christer Holmberg, and | |||
| Richard Barnes for their comments. | Richard Barnes for their comments. | |||
| 7. References | 8. References | |||
| 7.1. Normative References | 8.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model | [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model | |||
| with Session Description Protocol (SDP)", RFC 3264, | with Session Description Protocol (SDP)", RFC 3264, | |||
| DOI 10.17487/RFC3264, June 2002, | DOI 10.17487/RFC3264, June 2002, | |||
| <https://www.rfc-editor.org/info/rfc3264>. | <https://www.rfc-editor.org/info/rfc3264>. | |||
| skipping to change at page 7, line 41 ¶ | skipping to change at page 7, line 46 ¶ | |||
| [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: | [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: | |||
| Media Path Key Agreement for Unicast Secure RTP", | Media Path Key Agreement for Unicast Secure RTP", | |||
| RFC 6189, DOI 10.17487/RFC6189, April 2011, | RFC 6189, DOI 10.17487/RFC6189, April 2011, | |||
| <https://www.rfc-editor.org/info/rfc6189>. | <https://www.rfc-editor.org/info/rfc6189>. | |||
| [RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection | [RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection | |||
| Most of the Time", RFC 7435, DOI 10.17487/RFC7435, | Most of the Time", RFC 7435, DOI 10.17487/RFC7435, | |||
| December 2014, <https://www.rfc-editor.org/info/rfc7435>. | December 2014, <https://www.rfc-editor.org/info/rfc7435>. | |||
| 7.2. Informative References | 8.2. Informative References | |||
| [I-D.kaplan-mmusic-best-effort-srtp] | [I-D.kaplan-mmusic-best-effort-srtp] | |||
| Audet, F. and H. Kaplan, "Session Description Protocol | Audet, F. and H. Kaplan, "Session Description Protocol | |||
| (SDP) Offer/Answer Negotiation For Best-Effort Secure | (SDP) Offer/Answer Negotiation For Best-Effort Secure | |||
| Real-Time Transport Protocol", draft-kaplan-mmusic-best- | Real-Time Transport Protocol", draft-kaplan-mmusic-best- | |||
| effort-srtp-01 (work in progress), October 2006. | effort-srtp-01 (work in progress), October 2006. | |||
| [IMTC-SIP] | [IMTC-SIP] | |||
| "Best Practices for SIP Security", IMTC SIP Parity | "Best Practices for SIP Security", IMTC SIP Parity | |||
| Group http://www.imtc.org/uc/sip-parity-activity-group/, | Group http://www.imtc.org/uc/sip-parity-activity-group/, | |||
| End of changes. 10 change blocks. | ||||
| 14 lines changed or deleted | 19 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||