I just submitted -04 of the media security requirements draft. This
re-introduces the old R15 requirement (now called R-ALLOW-RTP), as was agreed
in Philadelphia. New text is:
"4.8. Upgrading to SRTP
The discussion in this section relates to the requirement R-ALLOW-
RTP.
Legitimate RTP media can be sent to an endpoint for announcements,
colorful ringback tones (e.g., music), advertising, or normal call
progress tones. The RTP may be received before an associated SDP
answer. For details on various scenarios, see
[I-D.stucker-sipping-early-media-coping].
While receiving such RTP exposes the calling party to a risk of
receiving malicious RTP from an attacker, SRTP endpoints will need to
receive and play out RTP media in order to be compatible with
deployed systems that send RTP to calling parties."
...
"R-ALLOW-RTP: A solution SHOULD be described which allows RTP media
to be received by the calling party until SRTP has been
negotiated with the answerer, after which SRTP is preferred
over RTP."
-04 also includes changes from EKR and Matt Lepinski
as summarized in
<http://www.ietf.org/mail-archive/web/sip/current/msg22503.html>.
New version:
http://www.ietf.org/internet-drafts/draft-ietf-sip-media-security-requirements
-04.txt
Diffs from -03 are at http://tinyurl.com/229wq8
-d
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
