Re: [Sip-implementors] Way to Secure RTP as per RFC 4568

Tue, 07 Nov 2017 09:38:24 -0800 

On Tuesday, November 7 2017, "Aman" wrote to "sip-implementors" saying:

> Hi All,
> 
> Is sending the crypto attribute to secure the RTP with the media line
> saying "RTP/AVP" is correct way to demonstrate remote end point to choose
> if they want to have a secure RTP or non-secure RTP as per the RFC 4568?

This is known as "opportunistic SRTP".  It has been fairly common practice
for over a decade, but is only now being formally standardized by the IETF.

See https://tools.ietf.org/html/draft-ietf-mmusic-opportunistic-negotiation-01 
and https://tools.ietf.org/html/draft-ietf-sipbrandy-osrtp-02 for the 
current work (the latter also includes some discussion of the history), and 
https://tools.ietf.org/html/draft-kaplan-mmusic-best-effort-srtp-01 for the 
original proposal from 2006.

> I mean is following a correct SDP offer,
> 
> v=0
> o=jdoe 2890844526 2890842807 IN IP4 10.47.16.5
> s=SDP Seminar
> i=A Seminar on the session description protocol
> u=http://www.example.com/seminars/sdp.pdf
> e=j....@example.com (Jane Doe)
> c=IN IP4 161.44.17.12/127
> t=2873397496 2873404696
> m=video 51372 RTP/AVP 31
> a=crypto:1 AES_CM_128_HMAC_SHA1_80
>  inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
> m=audio 49170 RTP/AVP 0
> a=crypto:1 AES_CM_128_HMAC_SHA1_32
>  inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
> m=application 32416 udp wb
> a=orient:portrait
> 
> If yes, so answerer can decide if they want to have a secure RTP or not.
> 
> but as per RFC 4568 section 6, it is not, but I have seen some call-agents
> sending offer as above.
> 
> ...
> 
> SRTP security descriptions MUST only be used with the SRTP transport
>    (e.g., "RTP/SAVP" or "RTP/SAVPF").  The following specifies security
>    descriptions for the "RTP/SAVP" profile, defined in [RFC3711
> <https://tools.ietf.org/html/rfc3711>].
>    However, it is expected that other secure RTP profiles (e.g.,
>    "RTP/SAVPF") can use the same descriptions, which are in accordance
>    with the SRTP protocol specification [RFC3711
> <https://tools.ietf.org/html/rfc3711>].
> 
> ...

-- 
Jonathan Lennox
len...@cs.columbia.edu
_______________________________________________
Sip-implementors mailing list
Sip-implementors@lists.cs.columbia.edu
https://lists.cs.columbia.edu/mailman/listinfo/sip-implementors

Reply via email to