On Sun, 23 Dec 2007, Eric Rescorla wrote:
On Tue, 18 Dec 2007, Eric Rescorla wrote:
At Mon, 17 Dec 2007 17:30:24 -0500,
Philip Matthews wrote:
In all three proposals, media packets would flow directly between the
X and Y, and not hop-by-hop around the overlay. So when ESP was used,
there would be no need to use STRP for media, or TLS or DTLS for
signaling.
This is arguably a bug, not a feature.
SRTP was explicitly designed to have very low overhead: just the
bits of the authentication tag itself, with no header, etc. The
rationale for this design was that RTP packets tend to be very
small and so the overhead for the header, IV, etc. was significant.
In cases where that type of constraint applies, then wrapping the
RTP in ESP would be bad.
I think the difference is around 18 bytes:
http://dasan.sejong.ac.kr/~wisa04/ppt/1A1.ppt
In practice, the difference is insignificant according to these results:
Bilien et at: Secure VoIP: call establishment and media protection:
http://www.minisip.org/publications/secvoip-minisip-camera.pdf
I don't see that this paper is at all relevant to the question of whether 18
bytes of per-packet overhead is significant. In any case, if you want
to argue this point, I would advise you to take it up in AVT, since
low overhead was one of the principal design considerations for
SRTP.
I find this answer unsatisfying for three reasons. First, I don't think
that the SRTP has been fixed for this working group unless I have
mistaken. Secondly, I find the paper highly relevant to the original
discussion. Thirdly, SRTP RFC does not discuss the differences between
IPsec and SRTP, but merely mentions it in one sentence. Looking forward
for more accurate references to SRTP, preferably with some performance
results.
--
Miika Komu http://www.iki.fi/miika/
_______________________________________________
P2PSIP mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/p2psip
