[VOIPSEC] SRTP Key Exchange
Nathan Allen Stratton
nathan at robotics.net
Mon Feb 14 09:22:36 CST 2005
On Mon, 14 Feb 2005, Ahmar Ghaffar wrote:
> The approach we are following is very similar to the
> draft-ietf-mmusic-kmgmt-ext-13.txt. We think that this approach is much
> more robust than establishing a non-secure call first and then using
> INFO method for key exchange, like some other vendors out there are
> doing at the moment.
I totally agree, how hard would it be to implement mmusic-kmgmt so that
you could inter operate with other vendors?
> For key negotiation, we pass the SRTP keys in a header k: (ala
> Microsoft Messenger). The actual keys are then generated using AES in
> counter mode (AES-CM) according to the RFC. When used with TLS for SIP
> signaling (SIPS), this approach provides perfect security because the
How are the AES keys that are exchange as k: created? Do you have a doc
you can share that I can point other vendors to so that secure calls would
be compatible with SNOM?
> keys can be sent as base64 encoding without being compromised, largely
> because the SDP will be encrypted anyway. This method is also more
> practical because it doesn't add any extra overhead, as the key exchange
> takes place in the normal course of an SDP negotiation for a call
> (INVITE/200 OK). This method can be extended to fully conform to the
> draft-ietf-mmusic-kmgmt-ext-13.txt once it gets accepted by the IETF.
> The UA can then send the different cipher modes it supports along with
> the keying material.
Why not support mmusic-kmgmt today so at least there would be something I
could point other vendors today to and be able to pass calls between
devices. What would the SDP look like? I assume you would not use the
already defined MIKEY.
><>
Nathan Stratton BroadVoice, Inc.
nathan at robotics.net Talk IS Cheap
http://www.robotics.net http://www.broadvoice.com
More information about the Voipsec
mailing list