We've gotten stuck on a fine point in DTLS-SRTP.
The current draft-ietf-sip-dtls-srtp-framework-01 uses an RFC 4474
Identity header to preserve the integrity of the media key's
fingerprint, thereby detecting a certain class of MITM attack.
However, RFC 4474 Identity headers are of questionable validity when
used with protocol gateways or B2BUAs. More or less, they're capable
of asserting the identity of the gateway, not the identity of the
calling party. But the recipient has no real way to figure out which
is which.
We've debated at some length, and with no good result, about whether
we should try and fix RFC 4474. We've had some suggestions that may
work for B2BUAs, and some other suggestions that may work for
gateways, but we certainly don't have a consensus.
That leaves our chartered deliverable of DTLS-SRTP hanging, and the
milestone has gone past months ago.
Here's a proposal:
We add a caveat about the limitation of RFC 4474 to draft-ietf-sip-
dtls-srtp-framework and go ahead and advance that specification. If
somebody later decides to fix RFC 4474, they can do so, and if
necessary update DTLS-SRTP if needed.
Does that work for everybody?
If we agree to it, I suggest that we move the date for WGLC of draft-
ietf-sip-dtls-srtp-framework to July 2008, and move the milestone for
delivery of that doc to the IESG into September.
--
Dean
_______________________________________________
Sip mailing list https://www.ietf.org/mailman/listinfo/sip
This list is for NEW development of the core SIP Protocol
Use [EMAIL PROTECTED] for questions on current sip
Use [EMAIL PROTECTED] for new developments on the application of sip
