[VOIPSEC] Secure Real-time Transport Protocol (SRTP)

Mani, Mahalingam (Mahalingam) mmani at avaya.com
Wed Mar 23 17:34:43 CST 2005 

SRTP was approved as proposed std. after mid-2004 in IETF (RFC3711).
implementations are available. The main issue, as pointed out, has been
on the non-specificity of the more important key-exchange/distribution.

1. There has been a lot of handwaving to use MIKEY (non-trivial protocol
to use in a simple framework) - which has got approved around the same
time as a proposed std. (RFC3830)
2. sdescriptions draft (not a proposed std.) suggests use of hop-by-hop
secure signaling path for end-end key exchange. Of course, it includes
an out-of-band proposal to use S/MIME/end-end IPsec/end-end TLS to
overcome trust limitations of the main proposal.
3. There may be ways to supplement this with end-end approaches - that
may force the need for end-entity certificates for SIP-peers that are
widely published. A non-trivial infrastructure requirement for
user-certificates.

This is a problem area that VoIPSA can and should provide a position to
promote (a) much-called-for interoperability before it starts getting to
be serious (b) a reliable end-end secure key exchange for SRTP (even
when using SIP/UDP whether or not that be used as the key-exchange
channel per se).

-mani
======
-----Original Message-----
From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
Behalf Of Brian Rosen
Sent: Wednesday, March 23, 2005 1:44 PM
To: Ian.Cuthbertson at nokia.com; Voipsec at voipsa.org
Subject: RE: [VOIPSEC] Secure Real-time Transport Protocol (SRTP)

There is not much deployment yet.
One of the reasons is confusion on key exchanges.
Another is there is not (yet) much demand.

Brian

> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org]
On
> Behalf Of Ian.Cuthbertson at nokia.com
> Sent: Wednesday, March 23, 2005 12:10 PM
> To: Voipsec at voipsa.org
> Subject: [VOIPSEC] Secure Real-time Transport Protocol (SRTP)
> 
> Hi,
> 
> Does anyone have a take on how widely deployed SRTP is in the real
> world? Are all vendors offing solutions which include this (gateway,
> handset etc)? Which key exchange methods do they support?
> 
> Thanks, Ian
> 
> 
> 
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
> 




_______________________________________________
Voipsec mailing list
Voipsec at voipsa.org
http://voipsa.org/mailman/listinfo/voipsec_voipsa.org

More information about the Voipsec mailing list