Colin Perkins : IETF Contributions : draft-ietf-avtcore-rtp-security-options

draft-ietf-avtcore-rtp-security-options

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions, Internet Engineering Task Force, RFC 7201, April 2014. DOI:10.17487/RFC7201

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions (.txt|.pdf), Internet Engineering Task Force, January 2014, Work in progress (draft-ietf-avtcore-rtp-security-options-10.txt).

This version adds a number of clarifications resulting from the IESG review. In particular, it better explains perfect forward secrecy, it adds a reference to RFC 5479 to motivate use of DTLS-SRTP, and it clarifies various issues around identifiers and identity.

(diff from previous version)

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions (.txt|.pdf), Internet Engineering Task Force, November 2013, Work in progress (draft-ietf-avtcore-rtp-security-options-09.txt).

Clarifications relating to source-specific multicast. Add discussion of automatic key management, end-to-end security vs tunnels, and plain text keys.

(diff from previous version)

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions (.txt|.pdf), Internet Engineering Task Force, October 2013, Work in progress (draft-ietf-avtcore-rtp-security-options-08.txt).

Updated to address review comments from John Mattsson.

(diff from previous version)

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions (.txt|.pdf), Internet Engineering Task Force, October 2013, Work in progress (draft-ietf-avtcore-rtp-security-options-07.txt).

This update addresses Michael Peck's comments during the WG last call. We have also updated one reference to use the now published RFC, rather than draft (RFC 7022) and included a unused reference for what MBMS is rather than just the security reference.

(diff from previous version)

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions (.txt|.pdf), Internet Engineering Task Force, August 2013, Work in progress (draft-ietf-avtcore-rtp-security-options-06.txt).

Note that DTLS-SRTP allows assertion of identity, and add a brief mention of SIP Identity.

(diff from previous version)

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions (.txt|.pdf), Internet Engineering Task Force, August 2013, Work in progress (draft-ietf-avtcore-rtp-security-options-05.txt).

Minor clarifications throughout. In particular, expands discussion of ZRTP, DTLS-SRTP, and how DTLS-SRTP is used with SIP Identity and WebRTC.

(diff from previous version)

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions (.txt|.pdf), Internet Engineering Task Force, July 2013, Work in progress (draft-ietf-avtcore-rtp-security-options-04.txt).

Address review comments by Kevin Gross.

(diff from previous version)

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions (.txt|.pdf), Internet Engineering Task Force, May 2013, Work in progress (draft-ietf-avtcore-rtp-security-options-03.txt).

This update of the RTP security options has a number of improvements: 1) it discusses known usage or inclusion in standard specs of different choices; 2) it has two new examples, PSS and RTSP 2.0; and 3) a new section on identity was added.

(diff from previous version)

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions (.txt|.pdf), Internet Engineering Task Force, February 2013, Work in progress (draft-ietf-avtcore-rtp-security-options-02.txt).

Minor editorial fixes.

(diff from previous version)

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions (.txt|.pdf), Internet Engineering Task Force, October 2012, Work in progress (draft-ietf-avtcore-rtp-security-options-01.txt).

Minor editorial updates. Clarify that using an unpredictably chosen CNAME might be helpful for privacy.

(diff from previous version)

Magnus Westerlund and Colin Perkins, Options for Securing RTP Sessions (.txt|.pdf), Internet Engineering Task Force, July 2012, Work in progress (draft-ietf-avtcore-rtp-security-options-00.txt).

Initial version.

RTP is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity and source authentication of RTP/RTCP packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP, and gives guidance for developers on how to choose the appropriate security mechanism. This draft forms a companion to draft-ietf-avt-srtp-not-mandatory.