ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [AVTCORE] Last Call: <draft-ietf-avt-srtp-not-mandatory-14.txt> (Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution) to Informational RFC

2013-12-10 13:16:59
from [Dale R. Worley] [Permanent Link] 
From: "Cullen Jennings (fluffy)" <fluffy(_at_)cisco(_dot_)com>



So lets be blunt here - this document is about justifying that RTP
will not have any MTI security. I will note that
rtp-security-options also does not add any MTI security requirements
to RTP.


I believe that people are confusing two similar questions:

1. Is there a single mandatory-to-implement security system for *all*
   RTP uses?

2. Are all RTP uses required to specify mandatory-to-implement
   security (although different RTP use situations may mandate
   different security systems)?

As far as I can see, draft-ietf-avt-srtp-not-mandatory-14.txt says
that the answer to question 1 is "No".  As far as I can see, Cullen is
arguing that the answer to question 2 is "Yes".  These are not
contradictory positions.

There is, of course, an implementation cost if we do not mandate the
same security solution for all RTP uses.

Dale
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [perpass] comments and questions for the group on draft-farrell-perpass-attack-02, Alissa Cooper
Next by Date:  Re: https at ietf.org, Doug Barton
Previous by Thread:  Re: [AVTCORE] Last Call: <draft-ietf-avt-srtp-not-mandatory-14.txt> (Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution) to Informational RFC, Richard Barnes
Next by Thread:  Re: [AVTCORE] Last Call: <draft-ietf-avt-srtp-not-mandatory-14.txt> (Securing the RTP Protocol Framework: Why RTP Does Not Mandate a Single Media Security Solution) to Informational RFC, Pete Resnick
Indexes:  [Date] [Thread] [Top] [All Lists]