[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Evaluation: draft-ietf-avt-srtp - The Secure Real-time Transport Protocol to Proposed Standard

Last Call to expire on: 2003-5-22

	Please return the full line with your position.

                    Yes    No-Objection  Discuss *  Abstain  


Harald Alvestrand   [   ]     [   ]       [   ]      [   ] 
Steve Bellovin      [   ]     [   ]       [   ]      [   ] 
Randy Bush          [   ]     [   ]       [   ]      [   ] 
Bill Fenner         [   ]     [   ]       [   ]      [   ] 
Ned Freed           [   ]     [   ]       [   ]      [   ] 
Ted Hardie          [   ]     [   ]       [   ]      [   ] 
Russ Housley        [   ]     [   ]       [   ]      [   ] 
Allison Mankin      [ X ]     [   ]       [   ]      [   ] 
Thomas Narten       [   ]     [   ]       [   ]      [   ] 
Erik Nordmark       [   ]     [   ]       [   ]      [   ]
Jon Peterson        [   ]     [   ]       [   ]      [   ] 
Bert Wijnen         [   ]     [   ]       [   ]      [   ]
Alex Zinin          [   ]     [   ]       [   ]      [   ] 


 2/3 (9) Yes or No-Objection opinions needed to pass. 
 
 * Indicate reason if 'Discuss'.
 
^L
To: IETF-Announce:;
Dcc: *******
Cc: RFC Editor <rfc-editor@isi.edu>,
 Internet Architecture Board <iab@iab.org>, avt@ietf.org
From: The IESG <iesg-secretary@ietf.org>
Subject: Protocol Action: The Secure Real-time Transport Protocol to 
	   Proposed Standard
-------------

The IESG has approved the Internet-Draft 'The Secure Real-time
Transport Protocol' <draft-ietf-avt-srtp-08.txt> as a Proposed
Standard. This document is the product of the Audio/Video Transport
Working Group. The IESG contact persons are Allison Mankin and Jon
Peterson.


Technical Summary

This specification defines a profile for the Real-time Transport Protocol
(RTP) and Real-time Transport Control Protocol (RTCP) called the Secure
Real-time Transport Protocol (SRTP).

The security goals for SRTP are to ensure:
       
      * the confidentiality of the RTP and RTCP payloads, and
       
      * the integrity of the entire RTP and RTCP packets, together with
          protection against replayed packets.
       
      These security services are optional and independent from each
      other, except that SRTCP integrity protection is mandatory
      (malicious or erroneous alteration of RTCP messages could disrupt
      the processing of the RTP stream).
       
      Other, functional, goals for the protocol are:
       
      * a framework that permits upgrading with new cryptographic
          transforms,
       
      * low bandwidth cost, i.e., a framework preserving RTP header
          compression efficiency,
       
    The provision of integrity is strongly recommended for most applications
    of SRTP. The mandatory to implement transform for this profile is AES
    counter mode, and there are risks associated with not using cryptographic
    integrity with it (see Section 9.5).

Working Group Summary

    The initial drafts had a default in which integrity services were not
    the norm and in which SRTCP did not have mandatory integrity protection.
    There was a lengthy security review to ensure that the authentication tag
    is recommended to most RTP recommendations.

Protocol Quality

  The specification was reviewed for the IESG by Eric Rescorla and Allison
  Mankin. Implementations that tested the specification were discussed by
  the working group.