From: "Cullen Jennings (fluffy)" <fluffy(_at_)cisco(_dot_)com>
So lets be blunt here - this document is about justifying that RTP
will not have any MTI security. I will note that
rtp-security-options also does not add any MTI security requirements
to RTP.
I believe that people are confusing two similar questions:
1. Is there a single mandatory-to-implement security system for *all*
RTP uses?
2. Are all RTP uses required to specify mandatory-to-implement
security (although different RTP use situations may mandate
different security systems)?
As far as I can see, draft-ietf-avt-srtp-not-mandatory-14.txt says
that the answer to question 1 is "No". As far as I can see, Cullen is
arguing that the answer to question 2 is "Yes". These are not
contradictory positions.
There is, of course, an implementation cost if we do not mandate the
same security solution for all RTP uses.
Dale