I'm not sure I agree with the logic. It seems to me when e2e security of media, then DTS-SRTP (for UDP) and TLS (for TCP) makes perfect sense.
If we allow transcoding, then I don't see the point in e2e security, since it obviously is not e2e. I don't understand what ICE gives you in this case. If we need transcoding, then we might want instead to have a security mechanism with the transcoder instead. For example, we could use DTLS-SRTP where Alice is using the 4474-like mechanism, but the transcoder is using it's own cert (instead of a self-signed one). That cert's credentials would already be provisioned in Alice's device. That would seem like a simple way to do this. > -----Original Message----- > From: Dan Wing [mailto:[email protected]] > Sent: Friday, April 03, 2009 10:44 > To: Audet, Francois (SC100:3055); 'Dean Willis'; 'Jiri Kuthan' > Cc: 'SIP List'; 'Uzelac,Adam' > Subject: RE: [Sip] francois' comments and why RFC4474 not > used in the field > > > > All 5 techniques described in > > > > > > http://tools.ietf.org/html/draft-wing-sip-identity-media-02#section-4 > > > accomplish that using TLS, DTLS-SRTP, ICE, HIP, or ZRTP -- any of > > > those choices has different tradeoffs. > > > > I'm puzzled by why we would do anything but the DTLS-SRTP > (and TLS for > > TCP traffic). > > I also prefer TLS. RFC4474 doesn't require TLS, so ICE is in > the draft to demonstrate it is possible to have identity even > through a translator and have identity with just RTP (RFC4474 > provides identity with just RTP). > > However, if we used TLS/DTLS-SRTP for identity it would (a) > break transcoding (as discussed) and (b) require deploying > SRTP. If doubt we are willing to do > (a) and (b). > > -d > > _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [email protected] for questions on current sip Use [email protected] for new developments on the application of sip
