9
IETF71, Philadelphia, March draft-wing-avt-dtls-srtp-key- 1 draft-wing-avt-dtls-srtp-key- transport-01 Dan Wing, [email protected] MSEC Working Group DTLS-SRTP Key Transport

IETF71, Philadelphia, March 2008draft-wing-avt-dtls-srtp-key-transport-011 Dan Wing, [email protected] MSEC Working Group DTLS-SRTP Key Transport

Embed Size (px)

Citation preview

Page 1: IETF71, Philadelphia, March 2008draft-wing-avt-dtls-srtp-key-transport-011 Dan Wing, dwing@cisco.com MSEC Working Group DTLS-SRTP Key Transport

IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 1

draft-wing-avt-dtls-srtp-key-transport-01

Dan Wing, [email protected]

MSEC Working Group

DTLS-SRTP Key Transport

Page 2: IETF71, Philadelphia, March 2008draft-wing-avt-dtls-srtp-key-transport-011 Dan Wing, dwing@cisco.com MSEC Working Group DTLS-SRTP Key Transport

IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 2

Overview

• IETF68 (Prague), RTPSEC BoF selected DTLS-SRTP as the preferred SRTP keying mechanism

• Only unicast, point-to-point was in scope

• DTLS-SRTP Key Transport allows efficient SRTP operation for– Several unicast conferencing scenarios– Multicast

Page 3: IETF71, Philadelphia, March 2008draft-wing-avt-dtls-srtp-key-transport-011 Dan Wing, dwing@cisco.com MSEC Working Group DTLS-SRTP Key Transport

IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 3

Why Consider DTLS-SRTP for Multicast?

• DTLS-SRTP works for group of 2

• GDOI-SRTP is overkill for a group of 3– Useful for a larger group

• DTLS-SRTP-Key-Transport allows optimizing SRTP keying for ‘small groups’

Page 4: IETF71, Philadelphia, March 2008draft-wing-avt-dtls-srtp-key-transport-011 Dan Wing, dwing@cisco.com MSEC Working Group DTLS-SRTP Key Transport

IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 4

Operation of DTLS-SRTP Key Transport

for Multicast

Page 5: IETF71, Philadelphia, March 2008draft-wing-avt-dtls-srtp-key-transport-011 Dan Wing, dwing@cisco.com MSEC Working Group DTLS-SRTP Key Transport

IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 5

DTLS-SRTP-Key-Transport

• DTLS-SRTP-Key-Transport is negotiated during TLS handshake

• DTLS-SRTP session stays up for duration of call

• SRTP key is sent within the DTLS session itself– As a new TLS content-type

Page 6: IETF71, Philadelphia, March 2008draft-wing-avt-dtls-srtp-key-transport-011 Dan Wing, dwing@cisco.com MSEC Working Group DTLS-SRTP Key Transport

IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 6

DTLS session with each listener

1. Each listener establishes unicast DTLS-SRTP session with speaker

2. Speaker uses DTLS-SRTP Key Transport to tell every listener the same SRTP key

speaker

Listener 1

Listener 2

Listener 3

DTLS-SRTP, transport speaker’s SRTP key “A”

Page 7: IETF71, Philadelphia, March 2008draft-wing-avt-dtls-srtp-key-transport-011 Dan Wing, dwing@cisco.com MSEC Working Group DTLS-SRTP Key Transport

IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 7

SRTP multicasting

• SRTP packets are then multicasted to listeners

speaker

Listener 1

Listener 2

Listener 3

SRTP packet, key “A”

Page 8: IETF71, Philadelphia, March 2008draft-wing-avt-dtls-srtp-key-transport-011 Dan Wing, dwing@cisco.com MSEC Working Group DTLS-SRTP Key Transport

IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 8

DTLS-SRTP-Key-Transport

• DTLS-SRTP-Key-Transport is negotiated during TLS handshake

• DTLS-SRTP session stays up for duration of call

• SRTP key is sent within the DTLS session itself– As a new TLS content-type

Page 9: IETF71, Philadelphia, March 2008draft-wing-avt-dtls-srtp-key-transport-011 Dan Wing, dwing@cisco.com MSEC Working Group DTLS-SRTP Key Transport

IETF71, Philadelphia, March 2008 draft-wing-avt-dtls-srtp-key-transport-01 9

Questions

draft-wing-avt-dtls-srtp-key-transport-01

Dan Wing, [email protected]