View
217
Download
0
Category
Preview:
Citation preview
IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 1
draft-wing-avt-dtls-srtp-key-transport-01
Dan Wing, dwing@cisco.com
MSEC Working Group
DTLS-SRTP Key Transport
IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 2
Overview
• IETF68 (Prague), RTPSEC BoF selected DTLS-SRTP as the preferred SRTP keying mechanism
• Only unicast, point-to-point was in scope
• DTLS-SRTP Key Transport allows efficient SRTP operation for– Several unicast conferencing scenarios– Multicast
IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 3
Why Consider DTLS-SRTP for Multicast?
• DTLS-SRTP works for group of 2
• GDOI-SRTP is overkill for a group of 3– Useful for a larger group
• DTLS-SRTP-Key-Transport allows optimizing SRTP keying for ‘small groups’
IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 4
Operation of DTLS-SRTP Key Transport
for Multicast
IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 5
DTLS-SRTP-Key-Transport
• DTLS-SRTP-Key-Transport is negotiated during TLS handshake
• DTLS-SRTP session stays up for duration of call
• SRTP key is sent within the DTLS session itself– As a new TLS content-type
IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 6
DTLS session with each listener
1. Each listener establishes unicast DTLS-SRTP session with speaker
2. Speaker uses DTLS-SRTP Key Transport to tell every listener the same SRTP key
speaker
Listener 1
Listener 2
Listener 3
DTLS-SRTP, transport speaker’s SRTP key “A”
IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 7
SRTP multicasting
• SRTP packets are then multicasted to listeners
speaker
Listener 1
Listener 2
Listener 3
SRTP packet, key “A”
IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 8
DTLS-SRTP-Key-Transport
• DTLS-SRTP-Key-Transport is negotiated during TLS handshake
• DTLS-SRTP session stays up for duration of call
• SRTP key is sent within the DTLS session itself– As a new TLS content-type
IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 9
Questions
draft-wing-avt-dtls-srtp-key-transport-01
Dan Wing, dwing@cisco.com
Recommended