--- 1/draft-ietf-sipbrandy-osrtp-06.txt 2018-12-03 09:13:33.858575111 -0800 +++ 2/draft-ietf-sipbrandy-osrtp-07.txt 2018-12-03 09:13:33.882575688 -0800 @@ -1,26 +1,26 @@ SIPBRANDY Working Group A. Johnston Internet-Draft Villanova University Intended status: Informational B. Aboba -Expires: June 1, 2019 Microsoft +Expires: June 6, 2019 Microsoft A. Hutton Atos R. Jesske Deutsche Telekom T. Stach Unaffiliated - November 28, 2018 + December 3, 2018 An Opportunistic Approach for Secure Real-time Transport Protocol (OSRTP) - draft-ietf-sipbrandy-osrtp-06 + draft-ietf-sipbrandy-osrtp-07 Abstract Opportunistic Secure Real-time Transport Protocol (OSRTP) is an implementation of the Opportunistic Security mechanism, as defined in RFC 7435, applied to Real-time Transport Protocol (RTP). OSRTP allows encrypted media to be used in environments where support for encryption is not known in advance, and not required. OSRTP does not require SDP extensions or features and is fully backwards compatible with existing implementations using encrypted and authenticated media @@ -38,21 +38,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on June 1, 2019. + This Internet-Draft will expire on June 6, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -66,25 +66,26 @@ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 3. SDP Offer/Answer Considerations . . . . . . . . . . . . . . . 3 3.1. Generating the Initial OSRTP Offer . . . . . . . . . . . 4 3.2. Generating the Answer . . . . . . . . . . . . . . . . . . 4 3.3. Offerer Processing the Answer . . . . . . . . . . . . . . 4 3.4. Modifying the Session . . . . . . . . . . . . . . . . . . 4 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 - 5. Implementation Status . . . . . . . . . . . . . . . . . . . . 5 - 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 - 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 - 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 - 7.2. Informative References . . . . . . . . . . . . . . . . . 7 + 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 + 6. Implementation Status . . . . . . . . . . . . . . . . . . . . 5 + 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 + 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 + 8.2. Informative References . . . . . . . . . . . . . . . . . 7 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 1. Introduction Opportunistic Security [RFC7435] (OS) is an approach to security that defines a third mode for security between "cleartext" and "comprehensive protection" that allows encryption and authentication to be used if supported but will not result in failures if it is not supported. In terms of secure media, cleartext is RTP [RFC3550] media which is negotiated with the RTP/AVP (Audio Video Profile) @@ -213,21 +214,25 @@ For ZRTP key agreement [RFC6189], the security considerations are unchanged, since ZRTP does not rely on the security of the signaling channel. As discussed in [RFC7435], OSRTP is used in cases where support for encryption by the other party is not known in advance, and not required. For cases where it is known that the other party supports SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a secure profile of RTP is used in the offer. -5. Implementation Status +5. IANA Considerations + + This document has no actions for IANA. + +6. Implementation Status Note to RFC Editor: Please remove this entire section prior to publication, including the reference to [RFC6982]. This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in [RFC6982]. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation @@ -245,32 +250,32 @@ It is up to the individual working groups to use this information as they see fit". There are implementations of [I-D.kaplan-mmusic-best-effort-srtp] in deployed products by Microsoft and Unify. The IMTC "Best Practices for SIP Security" document [IMTC-SIP] recommends this approach. The SIP Forum planned to include support in the SIPconnect 2.0 SIP trunking recommendation [SIPCONNECT]. There are many deployments of ZRTP [RFC6189]. -6. Acknowledgements +7. Acknowledgements This document is dedicated to our friend and colleague Francois Audet who is greatly missed in our community. His work on improving security in SIP and RTP provided the foundation for this work. Thanks to Eric Rescorla, Martin Thomson, Christer Holmberg, and Richard Barnes for their comments. -7. References +8. References -7.1. Normative References +8.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with Session Description Protocol (SDP)", RFC 3264, DOI 10.17487/RFC3264, June 2002, . @@ -314,21 +319,21 @@ [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: Media Path Key Agreement for Unicast Secure RTP", RFC 6189, DOI 10.17487/RFC6189, April 2011, . [RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection Most of the Time", RFC 7435, DOI 10.17487/RFC7435, December 2014, . -7.2. Informative References +8.2. Informative References [I-D.kaplan-mmusic-best-effort-srtp] Audet, F. and H. Kaplan, "Session Description Protocol (SDP) Offer/Answer Negotiation For Best-Effort Secure Real-Time Transport Protocol", draft-kaplan-mmusic-best- effort-srtp-01 (work in progress), October 2006. [IMTC-SIP] "Best Practices for SIP Security", IMTC SIP Parity Group http://www.imtc.org/uc/sip-parity-activity-group/,