Former versions of the draft included the requirement
R15: The media security key management protocol SHOULD allow
endpoints to start with RTP and then upgrade to SRTP.
The current version -03 doesn't contain the requirement.
As quoted from RFC3264 in the draft, after the INVITE with the SDP
offer, the offerer must be prepared to receive media, e.g. for
announcements. I feel it makes sense to support a use case where such
announcements can be sent unencrypted, even if the caller wants to set
up an encrypted call. Obviously, this allows an attack (e.g. sending of
forged announcements), but on the other hand, it may be useful for the
caller to hear the announcements. It could be a local policy of the
calling user agent to drop such media (in order to avoid attacks) or to
play it out. The user agent may also be configured to indicate somehow
whether "the call is secured" or not.
So I suggest to revive R15, maybe in a wording that makes more clear
what use case(s) should be supported.
Peter
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
