Eric Rescorla <[EMAIL PROTECTED]> writes:

>I don't propose to get into an extended debate about whether it is better to
>use SRTP or to use generic DTLS. That debate has already happened in IETF and
>SRTP is what the VoIP vendors are doing. However, the good news here is that
>you can use DTLS to key SRTP (draft-ietf-avt-dtls-srtp), so there's no need
>to invent a new key management scheme.

Hmm, given this X-to-key-Y pattern (your DTLS-for-SRTP example, as well as
OpenVPN using ESP with TLS keying), I wonder if it's worth unbundling the key
exchange from the transport?  At the moment there's (at least):

  TLS-keying --+-- TLS transport
               |
               +-- DTLS transport
               |
               +-- IPsec (ESP) transport
               |
               +-- SRTP transport
               |
               +-- Heck, SSH transport if you really want

Is the TLS handshake the universal impedance-matcher of secure-session
mechanisms?

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to