At Mon, 24 Dec 2007 00:02:22 +0200 (EET), Miika Komu wrote: > > On Sun, 23 Dec 2007, Eric Rescorla wrote: > > >> On Tue, 18 Dec 2007, Eric Rescorla wrote: > >> > >>> At Mon, 17 Dec 2007 17:30:24 -0500, > >>> Philip Matthews wrote: > >>>> In all three proposals, media packets would flow directly between the > >>>> X and Y, and not hop-by-hop around the overlay. So when ESP was used, > >>>> there would be no need to use STRP for media, or TLS or DTLS for > >>>> signaling. > >>> > >>> This is arguably a bug, not a feature. > >>> > >>> SRTP was explicitly designed to have very low overhead: just the > >>> bits of the authentication tag itself, with no header, etc. The > >>> rationale for this design was that RTP packets tend to be very > >>> small and so the overhead for the header, IV, etc. was significant. > >>> In cases where that type of constraint applies, then wrapping the > >>> RTP in ESP would be bad. > >> > >> I think the difference is around 18 bytes: > >> > >> http://dasan.sejong.ac.kr/~wisa04/ppt/1A1.ppt > >> > >> In practice, the difference is insignificant according to these results: > >> > >> Bilien et at: Secure VoIP: call establishment and media protection: > >> http://www.minisip.org/publications/secvoip-minisip-camera.pdf > > > > I don't see that this paper is at all relevant to the question of whether 18 > > bytes of per-packet overhead is significant. In any case, if you want > > to argue this point, I would advise you to take it up in AVT, since > > low overhead was one of the principal design considerations for > > SRTP. > > I find this answer unsatisfying for three reasons.
I wasn't aware it was my job to satisfy you. > First, I don't think > that the SRTP has been fixed for this working group unless I have > mistaken. Sure. Go ahead and explain to the RAI, SEC, and TSV ADs and the AVT chairs that you propose that RTP security for P2PSIP will be using a different set of security mechanisms from those used for ordinary SIP-based VoIP. Let me know what they say. > Secondly, I find the paper highly relevant to the original > discussion. Thirdly, SRTP RFC does not discuss the differences between > IPsec and SRTP, but merely mentions it in one sentence. Looking forward > for more accurate references to SRTP, preferably with some performance > results. As I recall, this was extensively discussed on the AVT mailing list during the period when RTP was being designed. As I said in my previous message, this is primarily a topic for the AVT WG. -Ekr _______________________________________________ P2PSIP mailing list [email protected] https://www1.ietf.org/mailman/listinfo/p2psip
