[VOIPSEC] Key Negotiation for SRTP (Ahmar Ghaffar)

Ahmar Ghaffar ghaffar at snom.de
Fri Aug 26 07:51:35 PDT 2005



Looking at the new MIKEY mode your mentioned helps me understand why things
never get done at IETF and why there are always loose ends. Mr. A proposes
something with ambiguities and then Mr. B proposes something claiming to be
better with little tweaks to A's proposal. This draft is more or less like
the public-key mode of MIKEY, and doesn't really solve the latency issue.
You still have to do number crunching here. So if number crunching is to be
done anyway then in my opinion its better to have secure SIP signaling via
TLS/SSL and send the encryption keys in clear text with other SRTP
parameters (key lifetime, MKI etc) in SDP. The SDP description draft for
SRTP from Cisco (draft-ietf-mmusic-sdescriptions-11.txt) looks really
promising in this regard and this is the direction in which everybody should
be moving.






More information about the Voipsec mailing list