--- 1/draft-ietf-sipbrandy-osrtp-08.txt 2019-05-01 05:13:14.611886151 -0700 +++ 2/draft-ietf-sipbrandy-osrtp-09.txt 2019-05-01 05:13:14.635886760 -0700 @@ -1,26 +1,26 @@ SIPBRANDY Working Group A. Johnston Internet-Draft Villanova University Intended status: Informational B. Aboba -Expires: September 27, 2019 Microsoft +Expires: November 2, 2019 Microsoft A. Hutton Atos R. Jesske Deutsche Telekom T. Stach Unaffiliated - March 26, 2019 + May 1, 2019 An Opportunistic Approach for Secure Real-time Transport Protocol (OSRTP) - draft-ietf-sipbrandy-osrtp-08 + draft-ietf-sipbrandy-osrtp-09 Abstract Opportunistic Secure Real-time Transport Protocol (OSRTP) is an implementation of the Opportunistic Security mechanism, as defined in RFC 7435, applied to Real-time Transport Protocol (RTP). OSRTP allows encrypted media to be used in environments where support for encryption is not known in advance, and not required. OSRTP does not require SDP extensions or features and is fully backwards compatible with existing implementations using encrypted and authenticated media @@ -38,21 +38,21 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on September 27, 2019. + This Internet-Draft will expire on November 2, 2019. Copyright Notice Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents @@ -66,27 +66,27 @@ 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 3. SDP Offer/Answer Considerations . . . . . . . . . . . . . . . 3 3.1. Generating the Initial OSRTP Offer . . . . . . . . . . . 4 3.2. Generating the Answer . . . . . . . . . . . . . . . . . . 4 3.3. Offerer Processing the Answer . . . . . . . . . . . . . . 4 3.4. Modifying the Session . . . . . . . . . . . . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 - 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 - 6. Implementation Status . . . . . . . . . . . . . . . . . . . . 5 + 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 + 6. Implementation Status . . . . . . . . . . . . . . . . . . . . 6 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 - 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 - 8.1. Normative References . . . . . . . . . . . . . . . . . . 6 + 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 + 8.1. Normative References . . . . . . . . . . . . . . . . . . 7 8.2. Informative References . . . . . . . . . . . . . . . . . 8 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9 1. Introduction Opportunistic Security [RFC7435] (OS) is an approach to security that defines a third mode for security between "cleartext" and "comprehensive protection" that allows encryption and authentication of media to be used if supported but will not result in failures if it is not supported. In terms of secure media, cleartext is RTP [RFC3550] media which is negotiated with the RTP/AVP (Audio Video Profile) [RFC3551] or the RTP/AVPF profile [RFC4585]. Comprehensive @@ -211,20 +211,32 @@ For SDP Security Descriptions key agreement [RFC4568], an authenticated signaling channel does not need to be used with OSRTP if it is not available, although an encrypted signaling channel must still be used. For ZRTP key agreement [RFC6189], the security considerations are unchanged, since ZRTP does not rely on the security of the signaling channel. + While OSRTP does not require authentication of the key-agreement + mechanism, it does need to avoid exposing SRTP keys to eavesdroppers, + since this could enable passive attacks against SRTP. Section 8.3 of + [RFC7435] requires that any messages that contain SRTP keys be + encrypted, and further says that encryption "SHOULD" provide end-to- + end confidentiality protection if intermediaries that could inspect + the SDP message are present. At the time of this writing, it is + understood that the [RFC7435] requirement for end-to-end + confidentiality protection is commonly ignored. Therefore, if OSRTP + is used with SDP Security Descriptions, any such intermediaries + (e.g., SIP proxies) must be assumed to have access to the SRTP keys. + As discussed in [RFC7435], OSRTP is used in cases where support for encryption by the other party is not known in advance, and not required. For cases where it is known that the other party supports SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a secure profile of RTP is used in the offer. 5. IANA Considerations This document has no actions for IANA.