draft-ietf-sipbrandy-osrtp-10.txt   rfc8643.txt 
SIPBRANDY Working Group A. Johnston Internet Engineering Task Force (IETF) A. Johnston
Internet-Draft Villanova University Request for Comments: 8643 Villanova University
Intended status: Informational B. Aboba Category: Informational B. Aboba
Expires: December 19, 2019 Microsoft ISSN: 2070-1721 Microsoft
A. Hutton A. Hutton
Atos Atos
R. Jesske R. Jesske
Deutsche Telekom Deutsche Telekom
T. Stach T. Stach
Unaffiliated Unaffiliated
June 17, 2019 August 2019
An Opportunistic Approach for Secure Real-time Transport Protocol An Opportunistic Approach for Secure Real-time Transport Protocol
(OSRTP) (OSRTP)
draft-ietf-sipbrandy-osrtp-10
Abstract Abstract
Opportunistic Secure Real-time Transport Protocol (OSRTP) is an Opportunistic Secure Real-time Transport Protocol (OSRTP) is an
implementation of the Opportunistic Security mechanism, as defined in implementation of the Opportunistic Security mechanism, as defined in
RFC 7435, applied to the Real-time Transport Protocol (RTP). OSRTP RFC 7435, applied to the Real-time Transport Protocol (RTP). OSRTP
allows encrypted media to be used in environments where support for allows encrypted media to be used in environments where support for
encryption is not known in advance, and not required. OSRTP does not encryption is not known in advance and is not required. OSRTP does
require Session Description Protocol (SDP) extensions or features and not require Session Description Protocol (SDP) extensions or features
is fully backwards compatible with existing implementations using and is fully backwards compatible with existing implementations using
encrypted and authenticated media and implementations that do not encrypted and authenticated media and implementations that do not
encrypt or authenticate media packets. OSRTP is not specific to any encrypt or authenticate media packets. OSRTP is not specific to any
key management technique for Secure RTP (SRTP). OSRTP is a key management technique for Secure RTP (SRTP). OSRTP is a
transitional approach useful for migrating existing deployments of transitional approach useful for migrating existing deployments of
real-time communications to a fully encrypted and authenticated real-time communications to a fully encrypted and authenticated
state. state.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This document is not an Internet Standards Track specification; it is
provisions of BCP 78 and BCP 79. published for informational purposes.
Internet-Drafts are working documents of the Internet Engineering This document is a product of the Internet Engineering Task Force
Task Force (IETF). Note that other groups may also distribute (IETF). It represents the consensus of the IETF community. It has
working documents as Internet-Drafts. The list of current Internet- received public review and has been approved for publication by the
Drafts is at https://datatracker.ietf.org/drafts/current/. Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
Internet-Drafts are draft documents valid for a maximum of six months Information about the current status of this document, any errata,
and may be updated, replaced, or obsoleted by other documents at any and how to provide feedback on it may be obtained at
time. It is inappropriate to use Internet-Drafts as reference https://www.rfc-editor.org/info/rfc8643.
material or to cite them other than as "work in progress."
This Internet-Draft will expire on December 19, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 33 skipping to change at page 2, line 32
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3 1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3
2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3
3. SDP Offer/Answer Considerations . . . . . . . . . . . . . . . 3 3. SDP Offer/Answer Considerations . . . . . . . . . . . . . . . 3
3.1. Generating the Initial OSRTP Offer . . . . . . . . . . . 4 3.1. Generating the Initial OSRTP Offer . . . . . . . . . . . 4
3.2. Generating the Answer . . . . . . . . . . . . . . . . . . 4 3.2. Generating the Answer . . . . . . . . . . . . . . . . . . 4
3.3. Offerer Processing the Answer . . . . . . . . . . . . . . 4 3.3. Offerer Processing the Answer . . . . . . . . . . . . . . 4
3.4. Modifying the Session . . . . . . . . . . . . . . . . . . 5 3.4. Modifying the Session . . . . . . . . . . . . . . . . . . 5
4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 6.1. Normative References . . . . . . . . . . . . . . . . . . 6
7.1. Normative References . . . . . . . . . . . . . . . . . . 6 6.2. Informative References . . . . . . . . . . . . . . . . . 7
7.2. Informative References . . . . . . . . . . . . . . . . . 7 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8
1. Introduction 1. Introduction
Opportunistic Security [RFC7435] (OS) is an approach to security that Opportunistic Security (OS) [RFC7435] is an approach to security that
defines a third mode for security between "cleartext" and defines a third mode for security between "cleartext" and
"comprehensive protection" that allows encryption and authentication "comprehensive protection" that allows encryption and authentication
of media to be used if supported but will not result in failures if of media to be used if supported but will not result in failures if
it is not supported. In the context of the transport of secure media it is not supported. In the context of the transport of secure media
streams using RTP and is secured derivatives, cleartext is streams using RTP and its secured derivatives, cleartext is
represented by an RTP [RFC3550] media stream which is negotiated with represented by an RTP [RFC3550] media stream that is negotiated with
the RTP/AVP (Audio Video Profile) [RFC3551] or the RTP/AVPF profile the RTP/AVP (Audio-Visual Profile) [RFC3551] or the RTP/AVPF profile
[RFC4585], whereas, comprehensive protection is represented by a [RFC4585], whereas comprehensive protection is represented by a
Secure RTP [RFC3711] stream, negotiated with a secure profile, such Secure RTP [RFC3711] stream negotiated with a secure profile, such as
as SAVP or SAVPF [RFC5124]. OSRTP allows SRTP to be negotiated with SAVP or SAVPF [RFC5124]. OSRTP allows SRTP to be negotiated with the
the RTP/AVP profile, with fallback to RTP if SRTP is not supported. RTP/AVP profile, with fallback to RTP if SRTP is not supported.
There have been some extensions to SDP to allow profiles to be There have been some extensions to SDP to allow profiles to be
negotiated such as SDP Capabilities Negotiation (capneg) [RFC5939]. negotiated, such as SDP Capabilities Negotiation (SDPCapNeg)
However, these approaches are complex and have very limited [RFC5939]. However, these approaches are complex and have very
deployment in communication systems. Other key management protocols limited deployment in communication systems. Other key management
for SRTP have been developed which by design use OS, such as ZRTP protocols for SRTP that have been developed, such as ZRTP [RFC6189],
[RFC6189]. This approach for OSRTP is based on use OS by design. This approach for OSRTP is based on [Kaplan06]
[I-D.kaplan-mmusic-best-effort-srtp] where it was called "best effort where it was called "best effort SRTP". [Kaplan06] has a full
SRTP". [I-D.kaplan-mmusic-best-effort-srtp] has a full discussion of discussion of the motivation and requirements for opportunistic
the motivation and requirements for opportunistic secure media. secure media.
OSRTP uses the presence of SRTP keying-related attributes in an SDP OSRTP uses the presence of SRTP keying-related attributes in an SDP
offer to indicate support for opportunistic secure media. The offer to indicate support for opportunistic secure media. The
presence of SRTP keying-related attributes in the SDP answer presence of SRTP keying-related attributes in the SDP answer
indicates that the other party also supports OSRTP and encrypted and indicates that the other party also supports OSRTP and that encrypted
authenticated media will be used. OSRTP requires no additional and authenticated media will be used. OSRTP requires no additional
extensions to SDP or new attributes and is defined independently of extensions to SDP or new attributes and is defined independently of
the key agreement mechanism used. OSRTP is only usable when media is the key agreement mechanism used. OSRTP is only usable when media is
negotiated using the Offer/Answer protocol [RFC3264]. negotiated using the Offer/Answer protocol [RFC3264].
1.1. Applicability Statement 1.1. Applicability Statement
OSRTP is a transitional approach that provides a migration path from OSRTP is a transitional approach that provides a migration path from
unencrypted communication (RTP) to fully encrypted communication unencrypted communication (RTP) to fully encrypted communication
(SRTP). It is only to be used in existing deployments which are (SRTP). It is only to be used in existing deployments that are
attempting to transition to fully secure communications. New attempting to transition to fully secure communications. New
applications and new deployments will not use OSRTP. applications and new deployments will not use OSRTP.
2. Requirements Language 2. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
"OPTIONAL" in this document are to be interpreted as described in BCP "OPTIONAL" in this document are to be interpreted as described in
14 [RFC2119] [RFC8174] when, and only when, they appear in all BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
capitals, as shown here. capitals, as shown here.
3. SDP Offer/Answer Considerations 3. SDP Offer/Answer Considerations
This section defines the SDP offer/answer considerations for This section defines the SDP offer/answer considerations for
opportunistic security. opportunistic security.
The procedures are for a specific m= section describing RTP-based The procedures are for a specific "m=" section describing RTP-based
media. If an SDP offer or answer contains multiple such m= sections, media. If an SDP offer or answer contains multiple such "m="
the procedures are applied to each m= section individually. sections, the procedures are applied to each "m=" section
individually.
"Initial OSRTP offer" refers to the offer in which oportunistic "Initial OSRTP offer" refers to the offer in which opportunistic
security is offered for an m= section for the first time within an security is offered for an "m=" section for the first time within an
SDP session. SDP session.
It is important to note that OSRTP makes no changes, and has no It is important to note that OSRTP makes no changes to and has no
effect on media sessions in which the offer contains a secure profile effect on media sessions in which the offer contains a secure profile
of RTP, such as SAVP or SAVPF. As discussed in [RFC7435], that is of RTP, such as SAVP or SAVPF. As discussed in [RFC7435], that is
the "comprehensive protection" for media mode. the "comprehensive protection" for media mode.
3.1. Generating the Initial OSRTP Offer 3.1. Generating the Initial OSRTP Offer
To indicate support for OSRTP in an SDP offer, the offerer uses the To indicate support for OSRTP in an SDP offer, the offerer uses the
RTP/AVP profile [RFC3551] or the RTP/AVPF profile [RFC4585] but RTP/AVP profile [RFC3551] or the RTP/AVPF profile [RFC4585] but
includes SRTP keying attributes. OSRTP is not specific to any key includes SRTP keying attributes. OSRTP is not specific to any key
management technique for SRTP and multiple key management techniques management technique for SRTP, and multiple key management techniques
can be included on the SDP offer. For example: can be included on the SDP offer. For example:
If the offerer supports DTLS-SRTP key agreement [RFC5763], then an If the offerer supports DTLS-SRTP key agreement [RFC5763], then an
a=fingerprint attribute will be present, or "a=fingerprint" attribute will be present. Or:
If the offerer supports SDP Security Descriptions key agreement If the offerer supports SDP Security Descriptions key agreement
[RFC4568], then an a=crypto attribute will be present, or [RFC4568], then an "a=crypto" attribute will be present. Or:
If the offerer supports ZRTP key agreement [RFC6189], then an If the offerer supports ZRTP key agreement [RFC6189], then an
a=zrtp-hash attribute will be present. "a=zrtp-hash" attribute will be present.
3.2. Generating the Answer 3.2. Generating the Answer
To accept OSRTP, an answerer receiving an offer indicating support To accept OSRTP, an answerer receiving an offer indicating support
for OSRTP generates an SDP answer containing SRTP keying attributes for OSRTP generates an SDP answer containing SRTP keying attributes
which match one of the keying methods in the offer. The answer MUST that match one of the keying methods in the offer. The answer MUST
NOT contain attributes from more than one keying method, even if the NOT contain attributes from more than one keying method, even if the
offer contained multiple keying method attributes. The selected SRTP offer contained multiple keying method attributes. The selected SRTP
key management approach is followed and SRTP media is used for this key management approach is followed, and SRTP media is used for this
session. If the SRTP key management fails for any reason, the media session. If the SRTP key management fails for any reason, the media
session MUST fail. To decline OSRTP, the answerer generates an SDP session MUST fail. To decline OSRTP, the answerer generates an SDP
answer omitting SRTP keying attributes, and the media session answer omitting SRTP keying attributes, and the media session
proceeds with RTP with no encryption or authentication used. proceeds with RTP with no encryption or authentication used.
3.3. Offerer Processing the Answer 3.3. Offerer Processing the Answer
If the offerer of OSRTP receives an SDP answer which does not contain If the offerer of OSRTP receives an SDP answer that does not contain
SRTP keying attributes, then the media session proceeds with RTP. If SRTP keying attributes, then the media session proceeds with RTP. If
the SDP answer contains SRTP keying attributes then the associated the SDP answer contains SRTP keying attributes, then the associated
SRTP key management approach is followed and SRTP media is used for SRTP key management approach is followed and SRTP media is used for
this session. If the SRTP key management fails, the media session this session. If the SRTP key management fails, the media session
MUST fail. MUST fail.
3.4. Modifying the Session 3.4. Modifying the Session
When an offerer generates a subsequent SDP offer it should do so When an offerer generates a subsequent SDP offer, it should do so
following the principles of [RFC6337] meaning that the decision to following the principles of [RFC6337], meaning that the decision to
create the new SDP offer should not be influenced by what was create the new SDP offer should not be influenced by what was
previously negotiated. For example if a previous OSRTP offer did not previously negotiated. For example, if a previous OSRTP offer did
result in SRTP being established the offerer may try again and not result in SRTP being established, the offerer may try again and
generate a new OSRTP offer as specified in section 3.1. generate a new OSRTP offer as specified in Section 3.1.
4. Security Considerations 4. Security Considerations
The security considerations of [RFC4568] apply to OSRTP, as well as The security considerations of [RFC4568] apply to OSRTP, as well as
the security considerations of the particular SRTP key agreement the security considerations of the particular SRTP key agreement
approach used. However, the authentication requirements of a approach used. However, the authentication requirements of a
particular SRTP key agreement approach are relaxed when that key particular SRTP key agreement approach are relaxed when that key
agreement is used with OSRTP, which is consistent with the agreement is used with OSRTP, which is consistent with the
Opportunistic Security approach described [RFC7435]. For example: Opportunistic Security approach described in [RFC7435]. For example:
For DTLS-SRTP key agreement [RFC5763], an authenticated signaling For DTLS-SRTP key agreement [RFC5763], an authenticated signaling
channel does not need to be used with OSRTP if it is not channel does not need to be used with OSRTP if it is not
available. available.
For SDP Security Descriptions key agreement [RFC4568], an For SDP Security Descriptions key agreement [RFC4568], an
authenticated signaling channel does not need to be used with authenticated signaling channel does not need to be used with
OSRTP if it is not available, although an encrypted signaling OSRTP if it is not available, although an encrypted signaling
channel MUST still be used. channel MUST still be used.
For ZRTP key agreement [RFC6189], the security considerations are For ZRTP key agreement [RFC6189], the security considerations are
unchanged, since ZRTP does not rely on the security of the unchanged, since ZRTP does not rely on the security of the
signaling channel. signaling channel.
While OSRTP does not require authentication of the key-agreement While OSRTP does not require authentication of the key agreement
mechanism, it does need to avoid exposing SRTP keys to eavesdroppers, mechanism, it does need to avoid exposing SRTP keys to eavesdroppers,
since this could enable passive attacks against SRTP. Section 8.3 of since this could enable passive attacks against SRTP. Section 8.3 of
[RFC4568] requires that any messages that contain SRTP keys be [RFC4568] requires that any messages that contain SRTP keys be
encrypted, and further says that encryption "SHOULD" provide end-to- encrypted, and further says that encryption SHOULD provide end-to-end
end confidentiality protection if intermediaries that could inspect confidentiality protection if intermediaries that could inspect the
the SDP message are present. At the time of this writing, it is SDP message are present. At the time of this writing, it is
understood that the [RFC4568] requirement for end-to-end understood that the requirement in [RFC4568] for end-to-end
confidentiality protection is commonly ignored. Therefore, if OSRTP confidentiality protection is commonly ignored. Therefore, if OSRTP
is used with SDP Security Descriptions, any such intermediaries is used with SDP Security Descriptions, any such intermediaries
(e.g., SIP proxies) must be assumed to have access to the SRTP keys. (e.g., SIP proxies) must be assumed to have access to the SRTP keys.
As discussed in [RFC7435], OSRTP is used in cases where support for As discussed in [RFC7435], OSRTP is used in cases where support for
encryption by the other party is not known in advance, and not encryption by the other party is not known in advance and is not
required. For cases where it is known that the other party supports required. For cases where it is known that the other party supports
SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a
secure profile of RTP is used in the offer. secure profile of RTP is used in the offer.
5. IANA Considerations 5. IANA Considerations
This document has no actions for IANA. This document has no actions for IANA.
6. Acknowledgements 6. References
This document is dedicated to our friend and colleague Francois Audet
who is greatly missed in our community. His work on improving
security in SIP and RTP provided the foundation for this work.
Thanks to Eric Rescorla, Martin Thomson, Christer Holmberg, and
Richard Barnes for their comments.
7. References
7.1. Normative References 6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model
with Session Description Protocol (SDP)", RFC 3264, with Session Description Protocol (SDP)", RFC 3264,
DOI 10.17487/RFC3264, June 2002, DOI 10.17487/RFC3264, June 2002,
<https://www.rfc-editor.org/info/rfc3264>. <https://www.rfc-editor.org/info/rfc3264>.
skipping to change at page 7, line 35 skipping to change at page 7, line 24
<https://www.rfc-editor.org/info/rfc6189>. <https://www.rfc-editor.org/info/rfc6189>.
[RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection [RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection
Most of the Time", RFC 7435, DOI 10.17487/RFC7435, Most of the Time", RFC 7435, DOI 10.17487/RFC7435,
December 2014, <https://www.rfc-editor.org/info/rfc7435>. December 2014, <https://www.rfc-editor.org/info/rfc7435>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
7.2. Informative References 6.2. Informative References
[I-D.kaplan-mmusic-best-effort-srtp] [Kaplan06] Kaplan, H. and F. Audet, "Session Description Protocol
Audet, F. and H. Kaplan, "Session Description Protocol
(SDP) Offer/Answer Negotiation For Best-Effort Secure (SDP) Offer/Answer Negotiation For Best-Effort Secure
Real-Time Transport Protocol", draft-kaplan-mmusic-best- Real-Time Transport Protocol", Work in Progress,
effort-srtp-01 (work in progress), October 2006. draft-kaplan-mmusic-best-effort-srtp-01, October 2006.
[RFC5939] Andreasen, F., "Session Description Protocol (SDP) [RFC5939] Andreasen, F., "Session Description Protocol (SDP)
Capability Negotiation", RFC 5939, DOI 10.17487/RFC5939, Capability Negotiation", RFC 5939, DOI 10.17487/RFC5939,
September 2010, <https://www.rfc-editor.org/info/rfc5939>. September 2010, <https://www.rfc-editor.org/info/rfc5939>.
[RFC6337] Okumura, S., Sawada, T., and P. Kyzivat, "Session [RFC6337] Okumura, S., Sawada, T., and P. Kyzivat, "Session
Initiation Protocol (SIP) Usage of the Offer/Answer Initiation Protocol (SIP) Usage of the Offer/Answer
Model", RFC 6337, DOI 10.17487/RFC6337, August 2011, Model", RFC 6337, DOI 10.17487/RFC6337, August 2011,
<https://www.rfc-editor.org/info/rfc6337>. <https://www.rfc-editor.org/info/rfc6337>.
Acknowledgements
This document is dedicated to our friend and colleague Francois Audet
who is greatly missed in our community. His work on improving
security in SIP and RTP provided the foundation for this work.
Thanks to Eric Rescorla, Martin Thomson, Christer Holmberg, and
Richard Barnes for their comments.
Authors' Addresses Authors' Addresses
Alan Johnston Alan Johnston
Villanova University Villanova University
Villanova, PA Villanova, PA
USA United States of America
Email: alan.b.johnston@gmail.com Email: alan.b.johnston@gmail.com
Bernard Aboba Bernard Aboba
Microsoft Microsoft
One Microsoft Way One Microsoft Way
Redmond, WA 98052 Redmond, WA 98052
USA United States of America
Email: bernard.aboba@gmail.com Email: bernard.aboba@gmail.com
Andrew Hutton Andrew Hutton
Atos Atos
Mid City Place Mid City Place
London WC1V 6EA London WC1V 6EA
UK United Kingdom
Email: andrew.hutton@atos.net Email: andrew.hutton@atos.net
Roland Jesske Roland Jesske
Deutsche Telekom Deutsche Telekom
Heinrich-Hertz-Strasse 3-7 Heinrich-Hertz-Strasse 3-7
Darmstadt 64295 Darmstadt 64295
Germany Germany
Email: R.Jesske@telekom.de Email: R.Jesske@telekom.de
 End of changes. 40 change blocks. 
90 lines changed or deleted 89 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/