draft-ietf-avt-srtp-not-mandatory-16.txt   rfc7202.txt 
Network Working Group C. Perkins Internet Engineering Task Force (IETF) C. Perkins
Internet-Draft University of Glasgow Request for Comments: 7202 University of Glasgow
Intended status: Informational M. Westerlund Category: Informational M. Westerlund
Expires: July 20, 2014 Ericsson ISSN: 2070-1721 Ericsson
January 16, 2014 April 2014
Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Securing the RTP Framework:
Media Security Solution Why RTP Does Not Mandate a Single Media Security Solution
draft-ietf-avt-srtp-not-mandatory-16.txt
Abstract Abstract
This memo discusses the problem of securing real-time multimedia This memo discusses the problem of securing real-time multimedia
sessions, and explains why the Real-time Transport Protocol (RTP), sessions. It also explains why the Real-time Transport Protocol
and the associated RTP Control Protocol (RTCP), do not mandate a (RTP) and the associated RTP Control Protocol (RTCP) do not mandate a
single media security mechanism. This is relevant for designers and single media security mechanism. This is relevant for designers and
reviewers of future RTP extensions, to ensure that appropriate reviewers of future RTP extensions to ensure that appropriate
security mechanisms are mandated, and that any such mechanisms are security mechanisms are mandated and that any such mechanisms are
specified in a manner that conforms with the RTP architecture. specified in a manner that conforms with the RTP architecture.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This document is not an Internet Standards Track specification; it is
provisions of BCP 78 and BCP 79. published for informational purposes.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months This document is a product of the Internet Engineering Task Force
and may be updated, replaced, or obsoleted by other documents at any (IETF). It represents the consensus of the IETF community. It has
time. It is inappropriate to use Internet-Drafts as reference received public review and has been approved for publication by the
material or to cite them other than as "work in progress." Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are a candidate for any level of Internet
Standard; see Section 2 of RFC 5741.
This Internet-Draft will expire on July 20, 2014. Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7202.
Copyright Notice Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 14 skipping to change at page 2, line 25
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. RTP Applications and Deployment Scenarios . . . . . . . . . . 3 2. RTP Applications and Deployment Scenarios . . . . . . . . . . 3
3. RTP Media Security . . . . . . . . . . . . . . . . . . . . . 4 3. RTP Media Security . . . . . . . . . . . . . . . . . . . . . 4
4. RTP Session Establishment and Key Management . . . . . . . . 4 4. RTP Session Establishment and Key Management . . . . . . . . 5
5. On the Requirement for Strong Security in Framework protocols 5 5. On the Requirement for Strong Security in Framework Protocols 5
6. Securing the RTP Protocol Framework . . . . . . . . . . . . . 6 6. Securing the RTP Framework . . . . . . . . . . . . . . . . . 6
7. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 7 7. Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . 8
8. Security Considerations . . . . . . . . . . . . . . . . . . . 8 8. Security Considerations . . . . . . . . . . . . . . . . . . . 8
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 8 10. Informative References . . . . . . . . . . . . . . . . . . . 8
11. Informative References . . . . . . . . . . . . . . . . . . . 8
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 9
1. Introduction 1. Introduction
The Real-time Transport Protocol (RTP) [RFC3550] is widely used for The Real-time Transport Protocol (RTP) [RFC3550] is widely used for
voice over IP, Internet television, video conferencing, and other voice over IP, Internet television, video conferencing, and other
real-time and streaming media applications. Despite this use, the real-time and streaming media applications. Despite this use, the
basic RTP specification provides only limited options for media basic RTP specification provides only limited options for media
security, and defines no standard key exchange mechanism. Rather, a security and defines no standard key exchange mechanism. Rather, a
number of extensions are defined that can provide confidentiality and number of extensions are defined that can provide confidentiality and
authentication of RTP media streams and RTP Control Protocol (RTCP) authentication of RTP media streams and RTP Control Protocol (RTCP)
messages. Other mechanisms define key exchange protocols. This memo messages. Other mechanisms define key exchange protocols. This memo
outlines why it is appropriate that multiple extension mechanisms are outlines why it is appropriate that multiple extension mechanisms are
defined rather than mandating a single security and keying mechanism defined rather than mandating a single security and keying mechanism
for all users of RTP. for all users of RTP.
The IETF policy on Strong Security Requirements for IETF Standard The IETF policy "Strong Security Requirements for Internet
Protocols [RFC3365] (the so-called "Danvers Doctrine") states that Engineering Task Force Standard Protocols" [RFC3365] (the so-called
"we MUST implement strong security in all protocols to provide for "Danvers Doctrine") states that "we MUST implement strong security in
the all too frequent day when the protocol comes into widespread use all protocols to provide for the all too frequent day when the
in the global Internet". The security mechanisms defined for use protocol comes into widespread use in the global Internet". The
with RTP allow these requirements to be met. However, since RTP is a security mechanisms defined for use with RTP allow these requirements
protocol framework that is suitable for a wide variety of use cases, to be met. However, since RTP is a protocol framework that is
there is no single security mechanism that is suitable for every suitable for a wide variety of use cases, there is no single security
scenario. This memo outlines why this is the case, and discusses how mechanism that is suitable for every scenario. This memo outlines
users of RTP can meet the requirement for strong security. why this is the case and discusses how users of RTP can meet the
requirement for strong security.
This document provides high level guidance on how to handle security This document provides high-level guidance on how to handle security
issues for the various type of components within the RTP framework as issues for the various types of components within the RTP framework
well as the role of the service or application using RTP to ensure as well as the role of the service or application using RTP to ensure
strong security is implemented. This document does not provide the strong security is implemented. This document does not provide the
guidance that an individual implementer, or even specifier of a RTP guidance that an individual implementer, or even specifier of an RTP
application, really can use to determine what security mechanism they application, really can use to determine what security mechanism they
need to use; that is not intended with this document. need to use; that is not intended with this document.
A non-exhaustive list of the RTP security options available at the A non-exhaustive list of the RTP security options available at the
time of this writing is outlined in time of this writing is outlined in [RFC7201]. This document gives
[I-D.ietf-avtcore-rtp-security-options]. This document gives an an overview of the available RTP solutions and provides guidance on
overview of the available RTP solutions, and provides guidance on
their applicability for different application domains. It also their applicability for different application domains. It also
attempts to provide indication of actual and intended usage at time attempts to provide an indication of actual and intended usage at the
of writing as additional input to help with considerations such as time of writing as additional input to help with considerations such
interoperability, availability of implementations etc. as interoperability, availability of implementations, etc.
2. RTP Applications and Deployment Scenarios 2. RTP Applications and Deployment Scenarios
The range of application and deployment scenarios where RTP has been The range of application and deployment scenarios where RTP has been
used includes, but is not limited to, the following: used includes, but is not limited to, the following:
o Point-to-point voice telephony; o Point-to-point voice telephony;
o Point-to-point video conferencing and telepresence; o Point-to-point video conferencing and telepresence;
o Centralised group video conferencing and telepresence, using a o Centralized group video conferencing and telepresence, using a
Multipoint Conference Unit (MCU) or similar central middlebox; Multipoint Conference Unit (MCU) or similar central middlebox;
o Any Source Multicast (ASM) video conferencing using the light- o Any Source Multicast (ASM) video conferencing using the
weight sessions model (e.g., the Mbone conferencing tools); lightweight sessions model (e.g., the Mbone conferencing tools);
o Point-to-point streaming audio and/or video (e.g., on-demand TV or o Point-to-point streaming audio and/or video (e.g., on-demand TV or
movie streaming); movie streaming);
o Source-Specific Multicast (SSM) streaming to large receiver groups o Source-Specific Multicast (SSM) streaming to large receiver groups
(e.g., IPTV streaming by residential ISPs, or the 3GPP Multimedia (e.g., IPTV streaming by residential ISPs or the Third Generation
Broadcast Multicast Service [MBMS]); Partnership Project (3GPP) Multimedia/Broadcast Multicast Service
[T3GPP.26.346]);
o Replicated unicast streaming to a group of receivers; o Replicated unicast streaming to a group of receivers;
o Interconnecting components in music production studios and video o Interconnecting components in music production studios and video
editing suites; editing suites;
o Interconnecting components of distributed simulation systems; and o Interconnecting components of distributed simulation systems; and
o Streaming real-time sensor data (e.g., e-VLBI radio astronomy). o Streaming real-time sensor data (e.g., electronic Very Long
Baseline Interferometry (e-VLBI) radio astronomy).
As can be seen, these scenarios vary from point-to-point sessions to As can be seen, these scenarios vary from point-to-point sessions to
very large multicast groups, from interactive to non-interactive, and very large multicast groups, from interactive to non-interactive, and
from low bandwidth (kilobits per second) telephony to high bandwidth from low bandwidth (kilobits per second) telephony to high bandwidth
(multiple gigabits per second) video and data streaming. While most (multiple gigabits per second) video and data streaming. While most
of these applications run over UDP [RFC0768], some use TCP [RFC0793], of these applications run over UDP [RFC0768], some use TCP [RFC0793]
[RFC4614] or DCCP [RFC4340] as their underlying transport. Some run [RFC4614] or the Datagram Congestion Control Protocol (DCCP)
on highly reliable optical networks, others use low rate unreliable [RFC4340] as their underlying transport. Some run on highly reliable
wireless networks. Some applications of RTP operate entirely within optical networks, while others use low-rate unreliable wireless
a single trust domain, others run inter-domain, with untrusted (and, networks. Some applications of RTP operate entirely within a single
in some cases, potentially unknown) users. The range of scenarios is trust domain, while others run interdomain with untrusted (and, in
wide, and growing both in number and in heterogeneity. some cases, potentially unknown) users. The range of scenarios is
wide and growing both in number and in heterogeneity.
3. RTP Media Security 3. RTP Media Security
The wide range of application scenarios where RTP is used has led to The wide range of application scenarios where RTP is used has led to
the development of multiple solutions for securing RTP media streams the development of multiple solutions for securing RTP media streams
and RTCP control messages, considering different requirements. and RTCP control messages, considering different requirements.
Perhaps the most widely applicable of these security options is the Perhaps the most widely applicable of these security options is the
Secure RTP (SRTP) framework [RFC3711]. This is an application-level Secure RTP (SRTP) framework [RFC3711]. This is an application-level
media security solution, encrypting the media payload data (but not media security solution, encrypting the media payload data (but not
the RTP headers) to provide confidentiality, and supporting source the RTP headers) to provide confidentiality and supporting source
origin authentication as an option. SRTP was carefully designed to origin authentication as an option. SRTP was carefully designed to
be low overhead, including operating on links subject to RTP header be low overhead, including operating on links subject to RTP header
compression, and to support the group communication and third-party compression, and to support the group communication and third-party
performance monitoring features of RTP, across a range of networks. performance monitoring features of RTP across a range of networks.
SRTP is not the only media security solution for RTP, however, and SRTP is not the only media security solution for RTP, however, and
alternatives can be more appropriate in some scenarios, perhaps due alternatives can be more appropriate in some scenarios, perhaps due
to ease of integration with other parts of the complete system. In to ease of integration with other parts of the complete system. In
addition, SRTP does not address all possible security requirements, addition, SRTP does not address all possible security requirements,
and other solutions are needed in cases where SRTP is not suitable. and other solutions are needed in cases where SRTP is not suitable.
For example, ISMAcryp payload-level confidentiality [ISMACrypt2] is For example, ISMACryp payload-level confidentiality [ISMACryp2] is
appropriate for some types of streaming video application, but is not appropriate for some types of streaming video application, but is not
suitable for voice telephony, and uses features that are not provided suitable for voice telephony, and uses features that are not provided
by SRTP. by SRTP.
The range of available RTP security options, and their applicability The range of available RTP security options, and their applicability
to different scenarios, is outlined in to different scenarios, is outlined in [RFC7201]. At the time of
[I-D.ietf-avtcore-rtp-security-options]. At the time of this this writing, there is no media security protocol that is appropriate
writing, there is no media security protocol that is appropriate for for all the environments where RTP is used. Multiple RTP media
all the environments where RTP is used. Multiple RTP media security security protocols are expected to remain in wide use for the
protocols are expected to remain in wide use for the foreseeable foreseeable future.
future.
4. RTP Session Establishment and Key Management 4. RTP Session Establishment and Key Management
A range of different protocols for RTP session establishment and key A range of different protocols for RTP session establishment and key
exchange exist, matching the diverse range of use cases for the RTP exchange exist, matching the diverse range of use cases for the RTP
framework. These mechanisms can be split into two categories: those framework. These mechanisms can be split into two categories: those
that operate in-band on the media path, and those that are out-of- that operate in band on the media path and those that are out of band
band and operate as part of the session establishment signalling and operate as part of the session establishment signaling channel.
channel. The requirements for these two classes of solution are The requirements for these two classes of solutions are different,
different, and a wide range of solutions have been developed in this and a wide range of solutions have been developed in this space.
space.
A more detailed survey of requirements for media security management A more-detailed survey of requirements for media security management
protocols can be found in [RFC5479]. As can be seen from that memo, protocols can be found in [RFC5479]. As can be seen from that memo,
the range of use cases is wide, and there is no single key management the range of use cases is wide, and there is no single key management
protocol that is appropriate for all scenarios. The solutions have protocol that is appropriate for all scenarios. The solutions have
been further diversified by the existence of infrastructure elements, been further diversified by the existence of infrastructure elements,
such as authentication systems, that are tied to the key management. such as authentication systems, that are tied to the key management.
The most important and widely used keying options for RTP sessions at The most important and widely used keying options for RTP sessions at
the time of this writing are described in the time of this writing are described in [RFC7201].
[I-D.ietf-avtcore-rtp-security-options].
5. On the Requirement for Strong Security in Framework protocols 5. On the Requirement for Strong Security in Framework Protocols
The IETF requires that all protocols provide a strong, mandatory to The IETF requires that all protocols provide a strong, mandatory-to-
implement, security solution [RFC3365]. This is essential for the implement security solution [RFC3365]. This is essential for the
overall security of the Internet, to ensure that all implementations overall security of the Internet to ensure that all implementations
of a protocol can interoperate in a secure way. Framework protocols of a protocol can interoperate in a secure way. Framework protocols
offer a challenge for this mandate, however, since they are designed offer a challenge for this mandate, however, since they are designed
to be used by different classes of applications, in a wide range of to be used by different classes of applications in a wide range of
different environments. The different use cases for the framework different environments. The different use cases for the framework
have different security requirements, and implementations designed have different security requirements, and implementations designed
for different environments are generally not expected to interwork. for different environments are generally not expected to interwork.
RTP is an example of a framework protocol with wide applicability. RTP is an example of a framework protocol with wide applicability.
The wide range of scenarios described in Section 2 show the issues The wide range of scenarios described in Section 2 show the issues
that arise in mandating a single security mechanism for this type of that arise in mandating a single security mechanism for this type of
framework. It would be desirable if a single media security framework. It would be desirable if a single media security
solution, and a single key management solution, could be developed, solution, and a single key management solution, could be developed
suitable for applications across this range of use scenarios. The that is suitable for applications across this range of use scenarios.
authors are not aware of any such solution, however, and believe it The authors are not aware of any such solution, however, and believe
is unlikely that any such solution will be developed. In part, this it is unlikely that any such solution will be developed. In part,
is because applications in the different domains are not intended to this is because applications in the different domains are not
interwork, so there is no incentive to develop a single mechanism. intended to interwork, so there is no incentive to develop a single
More importantly, though, the security requirements for the different mechanism. More importantly, though, the security requirements for
usage scenarios vary widely, and an appropriate security mechanism in the different usage scenarios vary widely, and an appropriate
one scenario simply does not work for some other scenarios. security mechanism in one scenario simply does not work for some
other scenarios.
For a framework protocol, it appears that the only sensible solution For a framework protocol, it appears that the only sensible solution
to the strong security requirement of [RFC3365] is to develop and use to the strong security requirement of [RFC3365] is to develop and use
building blocks for the basic security services of confidentiality, building blocks for the basic security services of confidentiality,
integrity protection, authorisation, authentication, and so on. When integrity protection, authorization, authentication, and so on. When
new uses for the framework protocol arise, they need to be studied to new uses for the framework protocol arise, they need to be studied to
determine if the existing security building blocks can satisfy the determine if the existing security building blocks can satisfy the
requirements, or if new building blocks need to be developed. requirements, or if new building blocks need to be developed.
Therefore, when considering the strong and mandatory to implement Therefore, when considering the strong and mandatory-to-implement
security mechanism for a specific class of applications, one has to security mechanism for a specific class of applications, one has to
consider what security building blocks need to be integrated, or if consider what security building blocks need to be integrated, or if
any new mechanisms need to be defined to address specific issues any new mechanisms need to be defined to address specific issues
relating to this new class of application. To maximize relating to this new class of application. To maximize
interoperability it is important that common media security and key interoperability, it is important that common media security and key
management mechanisms are defined for classes of application with management mechanisms are defined for classes of application with
similar requirements. The IETF needs to participate in this similar requirements. The IETF needs to participate in this
selection of security building blocks for each class of applications selection of security building blocks for each class of applications
that use the protocol framework and are expected to interoperate, in that use the protocol framework and are expected to interoperate, in
cases where the IETF has the appropriate knowledge of the class of cases where the IETF has the appropriate knowledge of the class of
applications. applications.
6. Securing the RTP Protocol Framework 6. Securing the RTP Framework
The IETF requires that protocols specify mandatory to implement (MTI) The IETF requires that protocols specify mandatory-to-implement (MTI)
strong security [RFC3365]. This applies to the specification of each strong security [RFC3365]. This applies to the specification of each
interoperable class of application that makes use of RTP. However, interoperable class of application that makes use of RTP. However,
RTP is a framework protocol, so the arguments made in Section 5 also RTP is a framework protocol, so the arguments made in Section 5 also
apply. Given the variability of the classes of application that use apply. Given the variability of the classes of application that use
RTP, and the variety of the currently available security mechanisms RTP, and the variety of the currently available security mechanisms
described in [I-D.ietf-avtcore-rtp-security-options], no one set of described in [RFC7201], no one set of MTI security options can
MTI security options can realistically be specified that apply to all realistically be specified that apply to all classes of RTP
classes of RTP applications. applications.
Documents that define an interoperable class of applications using Documents that define an interoperable class of applications using
RTP are subject to [RFC3365], and so need to specify MTI security RTP are subject to [RFC3365], and thus need to specify MTI security
mechanisms. This is because such specifications do fully specify mechanisms. This is because such specifications do fully specify
interoperable applications that use RTP. Examples of such documents interoperable applications that use RTP. Examples of such documents
under development in the IETF at the time of this writing are the under development in the IETF at the time of this writing are "WebRTC
RTCWEB Security Architecture [I-D.ietf-rtcweb-security-arch] and the Security Architecture" [WebRTC-SEC] and "Real Time Streaming Protocol
Real Time Streaming Protocol 2.0 (RTSP) [I-D.ietf-mmusic-rfc2326bis]. 2.0 (RTSP)" [RTSP]. It is also expected that a similar document will
It is also expected that a similar document will be produced for be produced for voice-over-IP applications using SIP and RTP.
voice-over-IP applications using SIP and RTP.
The RTP framework includes several extension points. Some extensions The RTP framework includes several extension points. Some extensions
can significantly change the behaviour of the protocol, to the extent can significantly change the behavior of the protocol to the extent
that applications using the extension form a separate interoperable that applications using the extension form a separate interoperable
class of applications to those that have not been extended. Other class of applications to those that have not been extended. Other
extension points are defined in such a manner that they can be used extension points are defined in such a manner that they can be used
(largely) independently of the class of applications using RTP. Two (largely) independently of the class of applications using RTP. Two
important extension points that are independent of the class of important extension points that are independent of the class of
applications are RTP Payload Formats and RTP Profiles. applications are RTP payload formats and RTP profiles.
An RTP Payload Format defines how the output of a media codec can be An RTP payload format defines how the output of a media codec can be
used with RTP. At the time of this writing, there are over 70 RTP used with RTP. At the time of this writing, there are over 70 RTP
Payload Formats defined in published RFCs, with more in development. payload formats defined in published RFCs, with more in development.
It is appropriate for an RTP Payload Format to discuss the specific It is appropriate for an RTP payload format to discuss the specific
security implications of using that media codec with RTP. However, security implications of using that media codec with RTP. However,
an RTP Payload Format does not specify an interoperable class of an RTP payload format does not specify an interoperable class of
applications that use RTP since, in the vast majority of cases, a applications that use RTP since, in the vast majority of cases, a
media codec and its associated RTP Payload Format can be used with media codec and its associated RTP payload format can be used with
many different classes of application. As such, an RTP Payload many different classes of application. As such, an RTP payload
Format is neither secure in itself, nor something to which [RFC3365] format is neither secure in itself nor something to which [RFC3365]
applies. Future RTP Payload Format specifications need to explicitly applies. Future RTP payload format specifications need to explicitly
state this, and include a reference to this memo for explanation. It state this and include a reference to this memo for explanation. It
is not appropriate for an RTP Payload Format to mandate the use of is not appropriate for an RTP payload format to mandate the use of
SRTP [RFC3711], or any other security building blocks, since that RTP SRTP [RFC3711], or any other security building blocks, since that RTP
Payload Format might be used by different classes of application that payload format might be used by different classes of application that
use RTP, and that have different security requirements. use RTP and that have different security requirements.
RTP Profiles are larger extensions that adapt the RTP framework for RTP profiles are larger extensions that adapt the RTP framework for
use with particular classes of application. In some cases, those use with particular classes of application. In some cases, those
classes of application might share common security requirements so classes of application might share common security requirements so
that it could make sense for an RTP Profile to mandate particular that it could make sense for an RTP profile to mandate particular
security options and building blocks (the RTP/SAVP profile [RFC3711] security options and building blocks (the RTP/SAVP profile [RFC3711]
is an example of this type of RTP Profile). In other cases, though, is an example of this type of RTP profile). In other cases, though,
an RTP profile is applicable to such a wide range of applications an RTP profile is applicable to such a wide range of applications
that it would not make sense for that profile to mandate particular that it would not make sense for that profile to mandate particular
security building blocks be used (the RTP/AVPF profile [RFC4585] is security building blocks be used (the RTP/AVPF profile [RFC4585] is
an example of this type of RTP Profile, since it provides building an example of this type of RTP profile, since it provides building
blocks that can be used in different styles of application). A new blocks that can be used in different styles of application). A new
RTP Profile specification needs to discuss whether, or not, it makes RTP profile specification needs to discuss whether or not it makes
sense to mandate particular security building blocks that need to be sense to mandate particular security building blocks that need to be
used with all implementations of that profile; however, there is no used with all implementations of that profile; however, there is no
expectation that all RTP Profiles will mandate particular security expectation that all RTP profiles will mandate particular security
solutions. RTP Profiles that do not specify an interoperable usage solutions. RTP profiles that do not specify an interoperable usage
for a particular class of RTP applications are neither secure in for a particular class of RTP applications are neither secure in
themselves, nor something to which [RFC3365] applies; any future RTP themselves nor something to which [RFC3365] applies; any future RTP
Profiles in this category need to explicitly state this with profiles in this category need to explicitly state this with
justification, and include a reference to this memo. justification and include a reference to this memo.
7. Conclusions 7. Conclusions
The RTP framework is used in a wide range of different scenarios, The RTP framework is used in a wide range of different scenarios with
with no common security requirements. Accordingly, neither SRTP no common security requirements. Accordingly, neither SRTP [RFC3711]
[RFC3711], nor any other single media security solution or keying nor any other single media security solution or keying mechanism can
mechanism, can be mandated for all uses of RTP. In the absence of a be mandated for all uses of RTP. In the absence of a single common
single common security solution, it is important to consider what security solution, it is important to consider what mechanisms can be
mechanisms can be used to provide strong and interoperable security used to provide strong and interoperable security for each different
for each different scenario where RTP applications are used. This scenario where RTP applications are used. This will require analysis
will require analysis of each class of application to determine the of each class of application to determine the security requirements
security requirements for the scenarios in which they are to be used, for the scenarios in which they are to be used, followed by the
followed by the selection of a mandatory to implement security selection of MTI security building blocks for that class of
building blocks for that class of application, including the desired application, including the desired RTP traffic protection and key
RTP traffic protection and key-management. A non-exhaustive list of management. A non-exhaustive list of the RTP security options
the RTP security options available at the time of this writing is available at the time of this writing is outlined in [RFC7201]. It
outlined in [I-D.ietf-avtcore-rtp-security-options]. It is expected is expected that each class of application will be supported by a
that each class of application will be supported by a memo describing memo describing what security options are mandatory to implement for
what security options are mandatory to implement for that usage that usage scenario.
scenario.
8. Security Considerations 8. Security Considerations
This entire memo is about mandatory to implement security. This entire memo is about mandatory-to-implement security.
9. IANA Considerations
None.
10. Acknowledgements 9. Acknowledgements
Thanks to Ralph Blom, Hannes Tschofenig, Dan York, Alfred Hoenes, Thanks to Ralph Blom, Hannes Tschofenig, Dan York, Alfred Hoenes,
Martin Ellis, Ali Begen, Keith Drage, Ray van Brandenburg, Stephen Martin Ellis, Ali Begen, Keith Drage, Ray van Brandenburg, Stephen
Farrell, Sean Turner, John Mattsson, and Benoit Claise for their Farrell, Sean Turner, John Mattsson, and Benoit Claise for their
feedback. feedback.
11. Informative References 10. Informative References
[I-D.ietf-avtcore-rtp-security-options] [ISMACryp2] Internet Streaming Media Alliance (ISMA), "ISMA
Westerlund, M. and C. Perkins, "Options for Securing RTP Encryption and Authentication Version 2.0", November
Sessions", draft-ietf-avtcore-rtp-security-options-10 2007, <http://www.oipf.tv/images/site/DOCS/mpegif/ISMA/
(work in progress), January 2014. isma_easpec2.0.pdf>.
[I-D.ietf-mmusic-rfc2326bis] [RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768,
Schulzrinne, H., Rao, A., Lanphier, R., Westerlund, M., August 1980.
and M. Stiemerling, "Real Time Streaming Protocol 2.0
(RTSP)", draft-ietf-mmusic-rfc2326bis-38 (work in
progress), October 2013.
[I-D.ietf-rtcweb-security-arch] [RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC
Rescorla, E., "WebRTC Security Architecture", draft-ietf- 793, September 1981.
rtcweb-security-arch-07 (work in progress), July 2013.
[ISMACrypt2] [RFC3365] Schiller, J., "Strong Security Requirements for Internet
Internet Streaming Media Alliance (ISMA), , "ISMA Engineering Task Force Standard Protocols", BCP 61, RFC
Encryption and Authentication, Version 2.0 release 3365, August 2002.
version", November 2007.
[MBMS] 3GPP, , "Multimedia Broadcast/Multicast Service (MBMS); [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V.
Protocols and codecs TS 26.346", . Jacobson, "RTP: A Transport Protocol for Real-Time
Applications", STD 64, RFC 3550, July 2003.
[RFC0768] Postel, J., "User Datagram Protocol", STD 6, RFC 768, [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and
August 1980. K. Norrman, "The Secure Real-time Transport Protocol
(SRTP)", RFC 3711, March 2004.
[RFC0793] Postel, J., "Transmission Control Protocol", STD 7, RFC [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
793, September 1981. Congestion Control Protocol (DCCP)", RFC 4340, March
2006.
[RFC3365] Schiller, J., "Strong Security Requirements for Internet [RFC4585] Ott, J., Wenger, S., Sato, N., Burmeister, C., and J.
Engineering Task Force Standard Protocols", BCP 61, RFC Rey, "Extended RTP Profile for Real-time Transport
3365, August 2002. Control Protocol (RTCP)-Based Feedback (RTP/AVPF)", RFC
4585, July 2006.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. [RFC4614] Duke, M., Braden, R., Eddy, W., and E. Blanton, "A
Jacobson, "RTP: A Transport Protocol for Real-Time Roadmap for Transmission Control Protocol (TCP)
Applications", STD 64, RFC 3550, July 2003. Specification Documents", RFC 4614, September 2006.
[RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. [RFC5479] Wing, D., Fries, S., Tschofenig, H., and F. Audet,
Norrman, "The Secure Real-time Transport Protocol (SRTP)", "Requirements and Analysis of Media Security Management
RFC 3711, March 2004. Protocols", RFC 5479, April 2009.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram [RFC7201] Westerlund, M. and C. Perkins, "Options for Securing RTP
Congestion Control Protocol (DCCP)", RFC 4340, March 2006. Sessions", RFC 7201, April 2014.
[RFC4585] Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey, [RTSP] Schulzrinne, H., Rao, A., Lanphier, R., Westerlund, M.,
"Extended RTP Profile for Real-time Transport Control and M. Stiemerling, "Real Time Streaming Protocol 2.0
Protocol (RTCP)-Based Feedback (RTP/AVPF)", RFC 4585, July (RTSP)", Work in Progress, February 2014.
2006.
[RFC4614] Duke, M., Braden, R., Eddy, W., and E. Blanton, "A Roadmap [T3GPP.26.346]
for Transmission Control Protocol (TCP) Specification 3GPP, "Multimedia Broadcast/Multicast Service (MBMS);
Documents", RFC 4614, September 2006. Protocols and codecs", 3GPP TS 26.346 10.7.0, March
2013,
<http://www.3gpp.org/ftp/Specs/html-info/26346.htm>.
[RFC5479] Wing, D., Fries, S., Tschofenig, H., and F. Audet, [WebRTC-SEC] Rescorla, E., "WebRTC Security Architecture", Work in
"Requirements and Analysis of Media Security Management Progress, February 2014.
Protocols", RFC 5479, April 2009.
Authors' Addresses Authors' Addresses
Colin Perkins Colin Perkins
University of Glasgow University of Glasgow
School of Computing Science School of Computing Science
Glasgow G12 8QQ Glasgow G12 8QQ
UK United Kingdom
Email: csp@csperkins.org EMail: csp@csperkins.org
URI: http://csperkins.org/ URI: http://csperkins.org/
Magnus Westerlund Magnus Westerlund
Ericsson Ericsson
Farogatan 6 Farogatan 6
Kista SE-164 80 Kista SE-164 80
Sweden Sweden
Email: magnus.westerlund@ericsson.com EMail: magnus.westerlund@ericsson.com
 End of changes. 76 change blocks. 
205 lines changed or deleted 195 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/