| draft-ietf-perc-double-11.txt | draft-ietf-perc-double-12.txt | |||
|---|---|---|---|---|
| Network Working Group C. Jennings | Network Working Group C. Jennings | |||
| Internet-Draft P. Jones | Internet-Draft P. Jones | |||
| Intended status: Standards Track R. Barnes | Intended status: Standards Track R. Barnes | |||
| Expires: January 9, 2020 Cisco Systems | Expires: March 1, 2020 Cisco Systems | |||
| A. Roach | A. Roach | |||
| Mozilla | Mozilla | |||
| July 8, 2019 | August 29, 2019 | |||
| SRTP Double Encryption Procedures | SRTP Double Encryption Procedures | |||
| draft-ietf-perc-double-11 | draft-ietf-perc-double-12 | |||
| Abstract | Abstract | |||
| In some conferencing scenarios, it is desirable for an intermediary | In some conferencing scenarios, it is desirable for an intermediary | |||
| to be able to manipulate some parameters in Real Time Protocol (RTP) | to be able to manipulate some parameters in Real Time Protocol (RTP) | |||
| packets, while still providing strong end-to-end security guarantees. | packets, while still providing strong end-to-end security guarantees. | |||
| This document defines a cryptographic transform for the Secure Real | This document defines a cryptographic transform for the Secure Real | |||
| Time Protocol (SRTP) that uses two separate but related cryptographic | Time Protocol (SRTP) that uses two separate but related cryptographic | |||
| operations to provide hop-by-hop and end-to-end security guarantees. | operations to provide hop-by-hop and end-to-end security guarantees. | |||
| Both the end-to-end and hop-by-hop cryptographic algorithms can | Both the end-to-end and hop-by-hop cryptographic algorithms can | |||
| skipping to change at page 1, line 42 ¶ | skipping to change at page 1, line 42 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 9, 2020. | This Internet-Draft will expire on March 1, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 27 ¶ | skipping to change at page 2, line 27 ¶ | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Cryptographic Context . . . . . . . . . . . . . . . . . . . . 4 | 3. Cryptographic Context . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.1. Key Derivation . . . . . . . . . . . . . . . . . . . . . 5 | 3.1. Key Derivation . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Original Header Block . . . . . . . . . . . . . . . . . . . . 5 | 4. Original Header Block . . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. RTP Operations . . . . . . . . . . . . . . . . . . . . . . . 6 | 5. RTP Operations . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 5.1. Encrypting a Packet . . . . . . . . . . . . . . . . . . . 7 | 5.1. Encrypting a Packet . . . . . . . . . . . . . . . . . . . 7 | |||
| 5.2. Relaying a Packet . . . . . . . . . . . . . . . . . . . . 8 | 5.2. Relaying a Packet . . . . . . . . . . . . . . . . . . . . 8 | |||
| 5.3. Decrypting a Packet . . . . . . . . . . . . . . . . . . . 9 | 5.3. Decrypting a Packet . . . . . . . . . . . . . . . . . . . 9 | |||
| 6. RTCP Operations . . . . . . . . . . . . . . . . . . . . . . . 10 | 6. RTCP Operations . . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 7. Use with Other RTP Mechanisms . . . . . . . . . . . . . . . . 10 | 7. Use with Other RTP Mechanisms . . . . . . . . . . . . . . . . 11 | |||
| 7.1. RTP Retransmission (RTX) . . . . . . . . . . . . . . . . 11 | 7.1. RTP Retransmission (RTX) . . . . . . . . . . . . . . . . 11 | |||
| 7.2. Redundant Audio Data (RED) . . . . . . . . . . . . . . . 11 | 7.2. Redundant Audio Data (RED) . . . . . . . . . . . . . . . 11 | |||
| 7.3. Forward Error Correction (FEC) . . . . . . . . . . . . . 12 | 7.3. Forward Error Correction (FEC) . . . . . . . . . . . . . 12 | |||
| 7.4. DTMF . . . . . . . . . . . . . . . . . . . . . . . . . . 12 | 7.4. DTMF . . . . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 8. Recommended Inner and Outer Cryptographic Algorithms . . . . 12 | 8. Recommended Inner and Outer Cryptographic Algorithms . . . . 12 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | 9. Security Considerations . . . . . . . . . . . . . . . . . . . 13 | |||
| 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 | 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 10.1. DTLS-SRTP . . . . . . . . . . . . . . . . . . . . . . . 14 | 10.1. DTLS-SRTP . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 | 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 15 | |||
| 12.1. Normative References . . . . . . . . . . . . . . . . . . 15 | 12.1. Normative References . . . . . . . . . . . . . . . . . . 15 | |||
| 12.2. Informative References . . . . . . . . . . . . . . . . . 16 | 12.2. Informative References . . . . . . . . . . . . . . . . . 16 | |||
| Appendix A. Encryption Overview . . . . . . . . . . . . . . . . 17 | Appendix A. Encryption Overview . . . . . . . . . . . . . . . . 17 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 1. Introduction | 1. Introduction | |||
| skipping to change at page 7, line 34 ¶ | skipping to change at page 7, line 34 ¶ | |||
| 3. Form a synthetic RTP packet with the following contents: | 3. Form a synthetic RTP packet with the following contents: | |||
| * Header: The RTP header of the original packet with the | * Header: The RTP header of the original packet with the | |||
| following modifications: | following modifications: | |||
| * The X bit is set to zero | * The X bit is set to zero | |||
| * The header is truncated to remove any extensions (i.e., keep | * The header is truncated to remove any extensions (i.e., keep | |||
| only the first 12 + 4 * CC bytes of the header) | only the first 12 + 4 * CC bytes of the header) | |||
| * Payload: The RTP payload of the original packet | * Payload: The RTP payload of the original packet (including | |||
| padding when present) | ||||
| 4. Apply the inner cryptographic algorithm to the synthetic RTP | 4. Apply the inner cryptographic algorithm to the synthetic RTP | |||
| packet from the previous step. | packet from the previous step. | |||
| 5. Replace the header of the protected RTP packet with the header of | 5. Replace the header of the protected RTP packet with the header of | |||
| the original packet (to restore any header extensions and reset | the original packet (to restore any header extensions and reset | |||
| the X bit), and append an empty OHB (0x00) to the encrypted | the X bit), and append an empty OHB (0x00) to the encrypted | |||
| payload (with the authentication tag) obtained from the step 4. | payload (with the authentication tag) obtained from the step 4. | |||
| 6. Apply the outer cryptographic algorithm to the RTP packet. If | 6. Apply the outer cryptographic algorithm to the RTP packet. If | |||
| skipping to change at page 16, line 33 ¶ | skipping to change at page 16, line 33 ¶ | |||
| [I-D.ietf-perc-private-media-framework] | [I-D.ietf-perc-private-media-framework] | |||
| Jones, P., Benham, D., and C. Groves, "A Solution | Jones, P., Benham, D., and C. Groves, "A Solution | |||
| Framework for Private Media in Privacy Enhanced RTP | Framework for Private Media in Privacy Enhanced RTP | |||
| Conferencing (PERC)", draft-ietf-perc-private-media- | Conferencing (PERC)", draft-ietf-perc-private-media- | |||
| framework-12 (work in progress), June 2019. | framework-12 (work in progress), June 2019. | |||
| [I-D.ietf-perc-srtp-ekt-diet] | [I-D.ietf-perc-srtp-ekt-diet] | |||
| Jennings, C., Mattsson, J., McGrew, D., Wing, D., and F. | Jennings, C., Mattsson, J., McGrew, D., Wing, D., and F. | |||
| Andreasen, "Encrypted Key Transport for DTLS and Secure | Andreasen, "Encrypted Key Transport for DTLS and Secure | |||
| RTP", draft-ietf-perc-srtp-ekt-diet-09 (work in progress), | RTP", draft-ietf-perc-srtp-ekt-diet-10 (work in progress), | |||
| October 2018. | July 2019. | |||
| [I-D.ietf-rtcweb-fec] | [I-D.ietf-rtcweb-fec] | |||
| Uberti, J., "WebRTC Forward Error Correction | Uberti, J., "WebRTC Forward Error Correction | |||
| Requirements", draft-ietf-rtcweb-fec-09 (work in | Requirements", draft-ietf-rtcweb-fec-10 (work in | |||
| progress), July 2019. | progress), July 2019. | |||
| [RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V., | [RFC2198] Perkins, C., Kouvelas, I., Hodson, O., Hardman, V., | |||
| Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse- | Handley, M., Bolot, J., Vega-Garcia, A., and S. Fosse- | |||
| Parisis, "RTP Payload for Redundant Audio Data", RFC 2198, | Parisis, "RTP Payload for Redundant Audio Data", RFC 2198, | |||
| DOI 10.17487/RFC2198, September 1997, | DOI 10.17487/RFC2198, September 1997, | |||
| <https://www.rfc-editor.org/info/rfc2198>. | <https://www.rfc-editor.org/info/rfc2198>. | |||
| [RFC4588] Rey, J., Leon, D., Miyazaki, A., Varsa, V., and R. | [RFC4588] Rey, J., Leon, D., Miyazaki, A., Varsa, V., and R. | |||
| Hakenberg, "RTP Retransmission Payload Format", RFC 4588, | Hakenberg, "RTP Retransmission Payload Format", RFC 4588, | |||
| End of changes. 9 change blocks. | ||||
| 10 lines changed or deleted | 11 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||