[Asterisk-Dev] Re: libsrtp

[James H. Cloos Jr.]

>>>>> "Rich" == Rich Murphey <Rich at WhiteOakLabs.com> writes:

Rich> RFC 3711 doesn't specify the method for establishing the shared
Rich> srtp session key.  Likewise, libsrtp appears to require that the
Rich> two endpoints have already established a shared key.

Rich> Does anyone know of any voip standards for key exchange?

AFAICT it is still at the draft stage, but the mmusic ietf group has
this draft available:

draft-ietf-mmusic-kmgmt-ext-11.txt

which I believe is the [KEYMGT] reference in rfc 3711.

There is also:

draft-ietf-mmusic-sdescriptions-04.txt

which may be relevant.


The first extends SDP and RTSP to allow key management; it also notes
that there already is a k= field that is intended to contain a key
for the media stream, but notes that the single field is not enough
for a full key management protocol.

It does not however specify a key management protocol, just how to
use one.  MIKEY is suggested, as it is designed for real-time use:

draft-ietf-msec-mikey-08.txt

The sdescriptions draft seems to be essentially a competing draft to
kmgmt.  In some ways it may be easier to support in * (at least w/o
relying on outside libraries).  OTOH, it looks like kmgmt plus mikey
can provide better support for eg conferences.

I also suspect that iax should use something like mikey for its key
management, now that I've read through the draft.

srtp came out of avt, the rest are obvious from their filenames.

cf:

avt at ietf.org
mmusic at ietf.org
msec at securemulticast.org

subscribe to each by mailing foo-request at bar for each foo at bar with
body and subject of subscribe; archives are at:

http://www.ietf.org/mail-archive/working-groups/avt/current/maillist.html
http://www.ietf.org/mail-archive/working-groups/mmusic/current/maillist.html
http://www.pairlist.net/pipermail/msec/


-JimC
-- 
James H. Cloos, Jr. <cloos at jhcloos.com> <http://jhcloos.com/voip>