Hi, Scott Brim invoked me as the author of RTSP 2.0. So I hope can shed some light on the below questions.
> > > On 21/05/14 07:27, Christian Huitema wrote: >> I am currently taking a look at RFC 2326: Real Time Streaming Protocol. The >> design of RTSP/1.0 is pretty close to that of HTTP/1.0, with very similar >> security and privacy considerations, but RTSP did not evolve as quickly as >> HTTP. In particular, I cannot find a profile for running RTSP over SSL or >> TLS in the RFC series. Is that defined elsewhere? RTSP 1.0 has a registered port (332) for RTSP over TLS as well as a URI scheme "rtsps". To my understanding RTSP 1.0 over TLS is fairly commonly implemented. However, you are correct that there is no RFC specifying this mode. It was all done by individual registration and without any specification. > > I recall commenting on RTSP and TLS when we did IESG review of that. > Main comment I had (that I recall;-) was there's no equivalent of > HTTP CONNECT. In RTSP 2.0 you have a specification for RTSP 2.0 over TLS. That also include a possibility for hop by hop TLS security where user can accept the proxies being used in the chain. Stephen is correct that neither RTSP 1.0 or 2.0 does define a method for connecting TLS through a proxy, i.e. the equivalent to HTTP Connect. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: [email protected] ---------------------------------------------------------------------- _______________________________________________ ietf-privacy mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-privacy
