[VOIPSEC] Key Negotiation for SRTP

Lakshminath Dondeti ldondeti at qualcomm.com
Mon Aug 29 16:19:28 CDT 2005 

Hi,

Some notes inline:

At 01:40 PM 8/27/2005, Christian Stredicke wrote:
>We have implemented TLS, SRTP and the DH mode of MIKEY. Our experience
>is that MIKEY as complicated as TLS, therefore my opinion is to skip the
>whole MIKEY stuff and go for sdescriptions secured by using a TLS
>transport layer (and get the NAT/fragementation problems solved on a
>silver tablet on top).

MIKEY is definitely not as complicated as TLS.  MIKEY and TLS do share 
authentication infrastructure requirements, crypto algorithms, and they are 
both key management protocols (TLS also has a security encapsulation 
layer).  TLS is a general purpose key management protocol with ciphersuite 
negotiation, rekeying, plus it supports security encapsulation.


>This approach has at least two big advantages:
>
>(1) Many people can use openssl to implement TLS, that should make it
>much easier to support it, AFAIK there is nothing comparable available
>for MIKEY.

MIKEY is a newer protocol, but there is atleast 1 open implementation:
http://minisip.org/source/libmikey-0.4.0.tar.gz

Others' source code is available as well.  I have also seen at least 2 
toolkits.


>(2) There is no CPU juice necessary when the phone must pick up the call
>immediately. Sounds like a silly problem, but it is a hard real-life
>experience problem. Embedded systems have to be careful with CPU bursts.

If a device can do TLS, it has more than sufficient processing power for MIKEY.


>IMHO the proxy/end-to-end concerns as not so serious. In real life, you
>will talk to your operator or office directly and you must trust him
>anyway. It is just like with the emails. If some day end-to-end becomes
>necessary, you still have S/MIME.

I am reading your example as signaling security is not an end-to-end 
concern.  Do you think that we don't need bearer path security for end2end 
voice communication?  Ever?


>Some people argue that SIP operators cannot move to TLS or even TCP.
>First thing I would say is get rid of your hobby software. Operators
>should upgrade their stuff and use TLS. If you operate an Email service
>without TLS today, you have a big customer leakage problem anyway. That
>will sooner or later also happen with SIP. Lets make it sooner and make
>everybody's life easier.

The TCP and TLS argument is a different one, and one that I have followed 
from a comfortable distance :-).  Q: Are you saying TCP is needed for 
TLS?  There is DTLS now, so perhaps the reasoning should be based on 
transport features and not security protocol availability.

Good discussions in this thread!

best,
Lakshminath


>CS
>
> > -----Original Message-----
> > From: Voipsec-bounces at voipsa.org
> > [mailto:Voipsec-bounces at voipsa.org] On Behalf Of Lakshminath Dondeti
> > Sent: Saturday, August 27, 2005 12:17 AM
> > To: Voipsec at voipsa.org
> > Subject: Re: [VOIPSEC] Key Negotiation for SRTP
> >
> > A summary of my thoughts on this at the moment:
> >
> > There are really two standards-based options, and both involve SDP.
> >
> > 1) sdescriptions:  Amounts to just sending the key in the
> > clear (base-64
> > encoded) via SDP, and so needs a secure channel.  There are
> > two options there again and one is hop-by-hop security using
> > TLS and the other is S/MIME.  The question in my mind is
> > whether sdescriptions is a long-term solution (more on that later).
> >
> > 2) MIKEY via SDP (sdp-keymgmt I-D):  There are several
> > options, but it is not too difficult to distill them down.
> > I'd use one of the RSA options (I have further thoughts on
> > how to reconcile the one in the RFC and the one I am
> > co-authoring, but that is still being discussed.  We may have
> > written it in the I-D, otherwise contact me offline) and use
> > the amortization technique suggested in 3830 and use the PSK
> > mode where a PSK is already established (no need to manually
> > set up PSKs if you don't want to).
> >
> > There is also another dimension to this.  Granted
> > sdescriptions is a decent near-term solution to get going,
> > but when we think about the upgrade path, TLS, S/MIME are on
> > the horizon, and IMO MIKEY.
> >
> > If a deployment starts out with MIKEY-NULL, your upgrade path
> > is much simpler.
> >
> > Anyway,  hope that helps.
> >
> > best regards,
> > Lakshminath
> >
> >
> > _______________________________________________
> > Voipsec mailing list
> > Voipsec at voipsa.org
> > http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> >
> >
> >

More information about the Voipsec mailing list