The IESG has received a request from the Multiparty Multimedia Session Control WG (mmusic) to consider the following document: - 'Unknown Key Share Attacks on uses of TLS with the Session Description Protocol (SDP)' <draft-ietf-mmusic-sdp-uks-05.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2019-06-19. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document describes unknown key-share attacks on the use of Datagram Transport Layer Security for the Secure Real-Time Transport Protocol (DTLS-SRTP). Similar attacks are described on the use of DTLS-SRTP with the identity bindings used in Web Real-Time Communications (WebRTC) and SIP identity. These attacks are difficult to mount, but they cause a victim to be mislead about the identity of a communicating peer. Simple mitigation techniques are defined for each. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-mmusic-sdp-uks/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-mmusic-sdp-uks/ballot/ No IPR declarations have been submitted directly on this I-D.
