| draft-ietf-perc-double-06.txt | draft-ietf-perc-double-07.txt | |||
|---|---|---|---|---|
| Network Working Group C. Jennings | Network Working Group C. Jennings | |||
| Internet-Draft P. Jones | Internet-Draft P. Jones | |||
| Intended status: Standards Track R. Barnes | Intended status: Standards Track R. Barnes | |||
| Expires: February 9, 2018 Cisco Systems | Expires: March 5, 2018 Cisco Systems | |||
| A. Roach | A. Roach | |||
| Mozilla | Mozilla | |||
| August 8, 2017 | September 1, 2017 | |||
| SRTP Double Encryption Procedures | SRTP Double Encryption Procedures | |||
| draft-ietf-perc-double-06 | draft-ietf-perc-double-07 | |||
| Abstract | Abstract | |||
| In some conferencing scenarios, it is desirable for an intermediary | In some conferencing scenarios, it is desirable for an intermediary | |||
| to be able to manipulate some RTP parameters, while still providing | to be able to manipulate some RTP parameters, while still providing | |||
| strong end-to-end security guarantees. This document defines SRTP | strong end-to-end security guarantees. This document defines SRTP | |||
| procedures that use two separate but related cryptographic operations | procedures that use two separate but related cryptographic operations | |||
| to provide hop-by-hop and end-to-end security guarantees. Both the | to provide hop-by-hop and end-to-end security guarantees. Both the | |||
| end-to-end and hop-by-hop cryptographic algorithms can utilize an | end-to-end and hop-by-hop cryptographic algorithms can utilize an | |||
| authenticated encryption with associated data scheme or take | authenticated encryption with associated data scheme or take | |||
| skipping to change at page 1, line 40 ¶ | skipping to change at page 1, line 40 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on February 9, 2018. | This Internet-Draft will expire on March 5, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 9, line 23 ¶ | skipping to change at page 9, line 23 ¶ | |||
| 7.2. RED | 7.2. RED | |||
| TODO - Add text to explain how to use RED as described in Option A of | TODO - Add text to explain how to use RED as described in Option A of | |||
| slides presented at IETF 99. | slides presented at IETF 99. | |||
| 7.3. FEC | 7.3. FEC | |||
| When using Flex FEC [I-D.ietf-payload-flexible-fec-scheme] with | When using Flex FEC [I-D.ietf-payload-flexible-fec-scheme] with | |||
| double, the negotiation of double for the crypto is the out of band | double, the negotiation of double for the crypto is the out of band | |||
| signaling that indicates that the repair packets MUST use the order | signalling that indicates that the repair packets MUST use the order | |||
| of operations of SRTP followed by FEC when encrypting. This is to | of operations of SRTP followed by FEC when encrypting. This is to | |||
| ensure that the original media is not reveled to the Media | ensure that the original media is not revealed to the Media | |||
| Distributor but at the same time allow the Media Distributor to | Distributor but at the same time allow the Media Distributor to | |||
| repair media. When encrypting a packet that contains the Flex FEC | repair media. When encrypting a packet that contains the Flex FEC | |||
| data, which is already encrypted, it MUST be encrypted in repair mode | data, which is already encrypted, it MUST be encrypted in repair mode | |||
| packet. | packet. | |||
| The algorithm recommend in [I-D.ietf-rtcweb-fec] for repair of video | The algorithm recommend in [I-D.ietf-rtcweb-fec] for repair of video | |||
| is Flex FEC [I-D.ietf-payload-flexible-fec-scheme]. Note that for | is Flex FEC [I-D.ietf-payload-flexible-fec-scheme]. Note that for | |||
| interoperability with WebRTC, [I-D.ietf-rtcweb-fec] recommends not | interoperability with WebRTC, [I-D.ietf-rtcweb-fec] recommends not | |||
| using additional FEC only m-line in SDP for the repair packets. | using additional FEC only m-line in SDP for the repair packets. | |||
| 7.4. DTMF | 7.4. DTMF | |||
| When DTMF is sent with [RFC4733], it is end-to-end encrypted and the | When DTMF is sent with [RFC4733], it is end-to-end encrypted and the | |||
| relay can not read it so it can not be used to controll the relay. | relay can not read it so it can not be used to control the relay. | |||
| Other out of band methods to controll the relay need to be used | Other out of band methods to control the relay need to be used | |||
| instead. | instead. | |||
| 8. Recommended Inner and Outer Cryptographic Algorithms | 8. Recommended Inner and Outer Cryptographic Algorithms | |||
| This specification recommends and defines AES-GCM as both the inner | This specification recommends and defines AES-GCM as both the inner | |||
| and outer cryptographic algorithms, identified as | and outer cryptographic algorithms, identified as | |||
| DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM and | DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM and | |||
| DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM. These algorithm provide | DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM. These algorithm provide | |||
| for authenticated encryption and will consume additional processing | for authenticated encryption and will consume additional processing | |||
| time double-encrypting for hop-by-hop and end-to-end. However, the | time double-encrypting for hop-by-hop and end-to-end. However, the | |||
| skipping to change at page 12, line 47 ¶ | skipping to change at page 12, line 47 ¶ | |||
| auth_tag_length: N/A | auth_tag_length: N/A | |||
| maximum lifetime: at most 2^31 SRTCP packets and | maximum lifetime: at most 2^31 SRTCP packets and | |||
| at most 2^48 SRTP packets | at most 2^48 SRTP packets | |||
| The first half of the key and salt is used for the inner (end-to-end) | The first half of the key and salt is used for the inner (end-to-end) | |||
| algorithm and the second half is used for the outer (hop-by-hop) | algorithm and the second half is used for the outer (hop-by-hop) | |||
| algorithm. | algorithm. | |||
| 11. Acknowledgments | 11. Acknowledgments | |||
| Many thanks to Richard Barnes for sending significant text for this | Thank you for reviews and improvements to this specification from | |||
| specification. Thank you for reviews and improvements from David | Alex Gouaillard, David Benham, Magnus Westerlund, Nils Ohlmeier, Paul | |||
| Benham, Paul Jones, Suhas Nandakumar, Nils Ohlmeier, and Magnus | Jones, Roni Even, and Suhas Nandakumar. In addition, thank you to | |||
| Westerlund. | Sergio Garcia Murillo proposed the change of transporting the OHB | |||
| information in the RTP payload instead of the RTP header. | ||||
| 12. References | 12. References | |||
| 12.1. Normative References | 12.1. Normative References | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ | Requirement Levels", BCP 14, RFC 2119, | |||
| RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, <https://www.rfc- | |||
| <http://www.rfc-editor.org/info/rfc2119>. | editor.org/info/rfc2119>. | |||
| [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. | [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. | |||
| Norrman, "The Secure Real-time Transport Protocol (SRTP)", | Norrman, "The Secure Real-time Transport Protocol (SRTP)", | |||
| RFC 3711, DOI 10.17487/RFC3711, March 2004, | RFC 3711, DOI 10.17487/RFC3711, March 2004, | |||
| <http://www.rfc-editor.org/info/rfc3711>. | <https://www.rfc-editor.org/info/rfc3711>. | |||
| [RFC5285] Singer, D. and H. Desineni, "A General Mechanism for RTP | [RFC5285] Singer, D. and H. Desineni, "A General Mechanism for RTP | |||
| Header Extensions", RFC 5285, DOI 10.17487/RFC5285, July | Header Extensions", RFC 5285, DOI 10.17487/RFC5285, July | |||
| 2008, <http://www.rfc-editor.org/info/rfc5285>. | 2008, <https://www.rfc-editor.org/info/rfc5285>. | |||
| [RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer | [RFC5764] McGrew, D. and E. Rescorla, "Datagram Transport Layer | |||
| Security (DTLS) Extension to Establish Keys for the Secure | Security (DTLS) Extension to Establish Keys for the Secure | |||
| Real-time Transport Protocol (SRTP)", RFC 5764, DOI | Real-time Transport Protocol (SRTP)", RFC 5764, | |||
| 10.17487/RFC5764, May 2010, | DOI 10.17487/RFC5764, May 2010, <https://www.rfc- | |||
| <http://www.rfc-editor.org/info/rfc5764>. | editor.org/info/rfc5764>. | |||
| [RFC6904] Lennox, J., "Encryption of Header Extensions in the Secure | [RFC6904] Lennox, J., "Encryption of Header Extensions in the Secure | |||
| Real-time Transport Protocol (SRTP)", RFC 6904, DOI | Real-time Transport Protocol (SRTP)", RFC 6904, | |||
| 10.17487/RFC6904, April 2013, | DOI 10.17487/RFC6904, April 2013, <https://www.rfc- | |||
| <http://www.rfc-editor.org/info/rfc6904>. | editor.org/info/rfc6904>. | |||
| [RFC7714] McGrew, D. and K. Igoe, "AES-GCM Authenticated Encryption | [RFC7714] McGrew, D. and K. Igoe, "AES-GCM Authenticated Encryption | |||
| in the Secure Real-time Transport Protocol (SRTP)", RFC | in the Secure Real-time Transport Protocol (SRTP)", | |||
| 7714, DOI 10.17487/RFC7714, December 2015, | RFC 7714, DOI 10.17487/RFC7714, December 2015, | |||
| <http://www.rfc-editor.org/info/rfc7714>. | <https://www.rfc-editor.org/info/rfc7714>. | |||
| 12.2. Informative References | 12.2. Informative References | |||
| [I-D.ietf-payload-flexible-fec-scheme] | [I-D.ietf-payload-flexible-fec-scheme] | |||
| Singh, V., Begen, A., Zanaty, M., and G. Mandyam, "RTP | Singh, V., Begen, A., Zanaty, M., and G. Mandyam, "RTP | |||
| Payload Format for Flexible Forward Error Correction | Payload Format for Flexible Forward Error Correction | |||
| (FEC)", draft-ietf-payload-flexible-fec-scheme-05 (work in | (FEC)", draft-ietf-payload-flexible-fec-scheme-05 (work in | |||
| progress), July 2017. | progress), July 2017. | |||
| [I-D.ietf-perc-dtls-tunnel] | [I-D.ietf-perc-dtls-tunnel] | |||
| skipping to change at page 14, line 23 ¶ | skipping to change at page 14, line 23 ¶ | |||
| "Encrypted Key Transport for DTLS and Secure RTP", draft- | "Encrypted Key Transport for DTLS and Secure RTP", draft- | |||
| ietf-perc-srtp-ekt-diet-05 (work in progress), June 2017. | ietf-perc-srtp-ekt-diet-05 (work in progress), June 2017. | |||
| [I-D.ietf-rtcweb-fec] | [I-D.ietf-rtcweb-fec] | |||
| Uberti, J., "WebRTC Forward Error Correction | Uberti, J., "WebRTC Forward Error Correction | |||
| Requirements", draft-ietf-rtcweb-fec-06 (work in | Requirements", draft-ietf-rtcweb-fec-06 (work in | |||
| progress), July 2017. | progress), July 2017. | |||
| [RFC4588] Rey, J., Leon, D., Miyazaki, A., Varsa, V., and R. | [RFC4588] Rey, J., Leon, D., Miyazaki, A., Varsa, V., and R. | |||
| Hakenberg, "RTP Retransmission Payload Format", RFC 4588, | Hakenberg, "RTP Retransmission Payload Format", RFC 4588, | |||
| DOI 10.17487/RFC4588, July 2006, | DOI 10.17487/RFC4588, July 2006, <https://www.rfc- | |||
| <http://www.rfc-editor.org/info/rfc4588>. | editor.org/info/rfc4588>. | |||
| [RFC4733] Schulzrinne, H. and T. Taylor, "RTP Payload for DTMF | [RFC4733] Schulzrinne, H. and T. Taylor, "RTP Payload for DTMF | |||
| Digits, Telephony Tones, and Telephony Signals", RFC 4733, | Digits, Telephony Tones, and Telephony Signals", RFC 4733, | |||
| DOI 10.17487/RFC4733, December 2006, | DOI 10.17487/RFC4733, December 2006, <https://www.rfc- | |||
| <http://www.rfc-editor.org/info/rfc4733>. | editor.org/info/rfc4733>. | |||
| [RFC6465] Ivov, E., Ed., Marocco, E., Ed., and J. Lennox, "A Real- | [RFC6465] Ivov, E., Ed., Marocco, E., Ed., and J. Lennox, "A Real- | |||
| time Transport Protocol (RTP) Header Extension for Mixer- | time Transport Protocol (RTP) Header Extension for Mixer- | |||
| to-Client Audio Level Indication", RFC 6465, DOI 10.17487/ | to-Client Audio Level Indication", RFC 6465, | |||
| RFC6465, December 2011, | DOI 10.17487/RFC6465, December 2011, <https://www.rfc- | |||
| <http://www.rfc-editor.org/info/rfc6465>. | editor.org/info/rfc6465>. | |||
| Appendix A. Encryption Overview | Appendix A. Encryption Overview | |||
| The following figure shows a double encrypted SRTP packet. The sides | The following figure shows a double encrypted SRTP packet. The sides | |||
| indicate the parts of the packet that are encrypted and authenticated | indicate the parts of the packet that are encrypted and authenticated | |||
| by the hob-by-hop and end-to-end operations. | by the hob-by-hop and end-to-end operations. | |||
| 0 1 2 3 | 0 1 2 3 | |||
| 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 | |||
| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+<+ | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+<+ | |||
| End of changes. 17 change blocks. | ||||
| 33 lines changed or deleted | 34 lines changed or added | |||
This html diff was produced by rfcdiff 1.45. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||