idnits 2.17.00 (12 Aug 2021) /tmp/idnits20887/draft-ietf-sipbrandy-osrtp-10.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (June 17, 2019) is 1062 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 SIPBRANDY Working Group A. Johnston 3 Internet-Draft Villanova University 4 Intended status: Informational B. Aboba 5 Expires: December 19, 2019 Microsoft 6 A. Hutton 7 Atos 8 R. Jesske 9 Deutsche Telekom 10 T. Stach 11 Unaffiliated 12 June 17, 2019 14 An Opportunistic Approach for Secure Real-time Transport Protocol 15 (OSRTP) 16 draft-ietf-sipbrandy-osrtp-10 18 Abstract 20 Opportunistic Secure Real-time Transport Protocol (OSRTP) is an 21 implementation of the Opportunistic Security mechanism, as defined in 22 RFC 7435, applied to the Real-time Transport Protocol (RTP). OSRTP 23 allows encrypted media to be used in environments where support for 24 encryption is not known in advance, and not required. OSRTP does not 25 require Session Description Protocol (SDP) extensions or features and 26 is fully backwards compatible with existing implementations using 27 encrypted and authenticated media and implementations that do not 28 encrypt or authenticate media packets. OSRTP is not specific to any 29 key management technique for Secure RTP (SRTP). OSRTP is a 30 transitional approach useful for migrating existing deployments of 31 real-time communications to a fully encrypted and authenticated 32 state. 34 Status of This Memo 36 This Internet-Draft is submitted in full conformance with the 37 provisions of BCP 78 and BCP 79. 39 Internet-Drafts are working documents of the Internet Engineering 40 Task Force (IETF). Note that other groups may also distribute 41 working documents as Internet-Drafts. The list of current Internet- 42 Drafts is at https://datatracker.ietf.org/drafts/current/. 44 Internet-Drafts are draft documents valid for a maximum of six months 45 and may be updated, replaced, or obsoleted by other documents at any 46 time. It is inappropriate to use Internet-Drafts as reference 47 material or to cite them other than as "work in progress." 48 This Internet-Draft will expire on December 19, 2019. 50 Copyright Notice 52 Copyright (c) 2019 IETF Trust and the persons identified as the 53 document authors. All rights reserved. 55 This document is subject to BCP 78 and the IETF Trust's Legal 56 Provisions Relating to IETF Documents 57 (https://trustee.ietf.org/license-info) in effect on the date of 58 publication of this document. Please review these documents 59 carefully, as they describe your rights and restrictions with respect 60 to this document. Code Components extracted from this document must 61 include Simplified BSD License text as described in Section 4.e of 62 the Trust Legal Provisions and are provided without warranty as 63 described in the Simplified BSD License. 65 Table of Contents 67 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 68 1.1. Applicability Statement . . . . . . . . . . . . . . . . . 3 69 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 3 70 3. SDP Offer/Answer Considerations . . . . . . . . . . . . . . . 3 71 3.1. Generating the Initial OSRTP Offer . . . . . . . . . . . 4 72 3.2. Generating the Answer . . . . . . . . . . . . . . . . . . 4 73 3.3. Offerer Processing the Answer . . . . . . . . . . . . . . 4 74 3.4. Modifying the Session . . . . . . . . . . . . . . . . . . 5 75 4. Security Considerations . . . . . . . . . . . . . . . . . . . 5 76 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 77 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 78 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 79 7.1. Normative References . . . . . . . . . . . . . . . . . . 6 80 7.2. Informative References . . . . . . . . . . . . . . . . . 7 81 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 8 83 1. Introduction 85 Opportunistic Security [RFC7435] (OS) is an approach to security that 86 defines a third mode for security between "cleartext" and 87 "comprehensive protection" that allows encryption and authentication 88 of media to be used if supported but will not result in failures if 89 it is not supported. In the context of the transport of secure media 90 streams using RTP and is secured derivatives, cleartext is 91 represented by an RTP [RFC3550] media stream which is negotiated with 92 the RTP/AVP (Audio Video Profile) [RFC3551] or the RTP/AVPF profile 93 [RFC4585], whereas, comprehensive protection is represented by a 94 Secure RTP [RFC3711] stream, negotiated with a secure profile, such 95 as SAVP or SAVPF [RFC5124]. OSRTP allows SRTP to be negotiated with 96 the RTP/AVP profile, with fallback to RTP if SRTP is not supported. 98 There have been some extensions to SDP to allow profiles to be 99 negotiated such as SDP Capabilities Negotiation (capneg) [RFC5939]. 100 However, these approaches are complex and have very limited 101 deployment in communication systems. Other key management protocols 102 for SRTP have been developed which by design use OS, such as ZRTP 103 [RFC6189]. This approach for OSRTP is based on 104 [I-D.kaplan-mmusic-best-effort-srtp] where it was called "best effort 105 SRTP". [I-D.kaplan-mmusic-best-effort-srtp] has a full discussion of 106 the motivation and requirements for opportunistic secure media. 108 OSRTP uses the presence of SRTP keying-related attributes in an SDP 109 offer to indicate support for opportunistic secure media. The 110 presence of SRTP keying-related attributes in the SDP answer 111 indicates that the other party also supports OSRTP and encrypted and 112 authenticated media will be used. OSRTP requires no additional 113 extensions to SDP or new attributes and is defined independently of 114 the key agreement mechanism used. OSRTP is only usable when media is 115 negotiated using the Offer/Answer protocol [RFC3264]. 117 1.1. Applicability Statement 119 OSRTP is a transitional approach that provides a migration path from 120 unencrypted communication (RTP) to fully encrypted communication 121 (SRTP). It is only to be used in existing deployments which are 122 attempting to transition to fully secure communications. New 123 applications and new deployments will not use OSRTP. 125 2. Requirements Language 127 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 128 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 129 "OPTIONAL" in this document are to be interpreted as described in BCP 130 14 [RFC2119] [RFC8174] when, and only when, they appear in all 131 capitals, as shown here. 133 3. SDP Offer/Answer Considerations 135 This section defines the SDP offer/answer considerations for 136 opportunistic security. 138 The procedures are for a specific m= section describing RTP-based 139 media. If an SDP offer or answer contains multiple such m= sections, 140 the procedures are applied to each m= section individually. 142 "Initial OSRTP offer" refers to the offer in which oportunistic 143 security is offered for an m= section for the first time within an 144 SDP session. 146 It is important to note that OSRTP makes no changes, and has no 147 effect on media sessions in which the offer contains a secure profile 148 of RTP, such as SAVP or SAVPF. As discussed in [RFC7435], that is 149 the "comprehensive protection" for media mode. 151 3.1. Generating the Initial OSRTP Offer 153 To indicate support for OSRTP in an SDP offer, the offerer uses the 154 RTP/AVP profile [RFC3551] or the RTP/AVPF profile [RFC4585] but 155 includes SRTP keying attributes. OSRTP is not specific to any key 156 management technique for SRTP and multiple key management techniques 157 can be included on the SDP offer. For example: 159 If the offerer supports DTLS-SRTP key agreement [RFC5763], then an 160 a=fingerprint attribute will be present, or 162 If the offerer supports SDP Security Descriptions key agreement 163 [RFC4568], then an a=crypto attribute will be present, or 165 If the offerer supports ZRTP key agreement [RFC6189], then an 166 a=zrtp-hash attribute will be present. 168 3.2. Generating the Answer 170 To accept OSRTP, an answerer receiving an offer indicating support 171 for OSRTP generates an SDP answer containing SRTP keying attributes 172 which match one of the keying methods in the offer. The answer MUST 173 NOT contain attributes from more than one keying method, even if the 174 offer contained multiple keying method attributes. The selected SRTP 175 key management approach is followed and SRTP media is used for this 176 session. If the SRTP key management fails for any reason, the media 177 session MUST fail. To decline OSRTP, the answerer generates an SDP 178 answer omitting SRTP keying attributes, and the media session 179 proceeds with RTP with no encryption or authentication used. 181 3.3. Offerer Processing the Answer 183 If the offerer of OSRTP receives an SDP answer which does not contain 184 SRTP keying attributes, then the media session proceeds with RTP. If 185 the SDP answer contains SRTP keying attributes then the associated 186 SRTP key management approach is followed and SRTP media is used for 187 this session. If the SRTP key management fails, the media session 188 MUST fail. 190 3.4. Modifying the Session 192 When an offerer generates a subsequent SDP offer it should do so 193 following the principles of [RFC6337] meaning that the decision to 194 create the new SDP offer should not be influenced by what was 195 previously negotiated. For example if a previous OSRTP offer did not 196 result in SRTP being established the offerer may try again and 197 generate a new OSRTP offer as specified in section 3.1. 199 4. Security Considerations 201 The security considerations of [RFC4568] apply to OSRTP, as well as 202 the security considerations of the particular SRTP key agreement 203 approach used. However, the authentication requirements of a 204 particular SRTP key agreement approach are relaxed when that key 205 agreement is used with OSRTP, which is consistent with the 206 Opportunistic Security approach described [RFC7435]. For example: 208 For DTLS-SRTP key agreement [RFC5763], an authenticated signaling 209 channel does not need to be used with OSRTP if it is not 210 available. 212 For SDP Security Descriptions key agreement [RFC4568], an 213 authenticated signaling channel does not need to be used with 214 OSRTP if it is not available, although an encrypted signaling 215 channel MUST still be used. 217 For ZRTP key agreement [RFC6189], the security considerations are 218 unchanged, since ZRTP does not rely on the security of the 219 signaling channel. 221 While OSRTP does not require authentication of the key-agreement 222 mechanism, it does need to avoid exposing SRTP keys to eavesdroppers, 223 since this could enable passive attacks against SRTP. Section 8.3 of 224 [RFC4568] requires that any messages that contain SRTP keys be 225 encrypted, and further says that encryption "SHOULD" provide end-to- 226 end confidentiality protection if intermediaries that could inspect 227 the SDP message are present. At the time of this writing, it is 228 understood that the [RFC4568] requirement for end-to-end 229 confidentiality protection is commonly ignored. Therefore, if OSRTP 230 is used with SDP Security Descriptions, any such intermediaries 231 (e.g., SIP proxies) must be assumed to have access to the SRTP keys. 233 As discussed in [RFC7435], OSRTP is used in cases where support for 234 encryption by the other party is not known in advance, and not 235 required. For cases where it is known that the other party supports 236 SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a 237 secure profile of RTP is used in the offer. 239 5. IANA Considerations 241 This document has no actions for IANA. 243 6. Acknowledgements 245 This document is dedicated to our friend and colleague Francois Audet 246 who is greatly missed in our community. His work on improving 247 security in SIP and RTP provided the foundation for this work. 249 Thanks to Eric Rescorla, Martin Thomson, Christer Holmberg, and 250 Richard Barnes for their comments. 252 7. References 254 7.1. Normative References 256 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 257 Requirement Levels", BCP 14, RFC 2119, 258 DOI 10.17487/RFC2119, March 1997, 259 . 261 [RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model 262 with Session Description Protocol (SDP)", RFC 3264, 263 DOI 10.17487/RFC3264, June 2002, 264 . 266 [RFC3550] Schulzrinne, H., Casner, S., Frederick, R., and V. 267 Jacobson, "RTP: A Transport Protocol for Real-Time 268 Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, 269 July 2003, . 271 [RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and 272 Video Conferences with Minimal Control", STD 65, RFC 3551, 273 DOI 10.17487/RFC3551, July 2003, 274 . 276 [RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E., and K. 277 Norrman, "The Secure Real-time Transport Protocol (SRTP)", 278 RFC 3711, DOI 10.17487/RFC3711, March 2004, 279 . 281 [RFC4568] Andreasen, F., Baugher, M., and D. Wing, "Session 282 Description Protocol (SDP) Security Descriptions for Media 283 Streams", RFC 4568, DOI 10.17487/RFC4568, July 2006, 284 . 286 [RFC4585] Ott, J., Wenger, S., Sato, N., Burmeister, C., and J. Rey, 287 "Extended RTP Profile for Real-time Transport Control 288 Protocol (RTCP)-Based Feedback (RTP/AVPF)", RFC 4585, 289 DOI 10.17487/RFC4585, July 2006, 290 . 292 [RFC5124] Ott, J. and E. Carrara, "Extended Secure RTP Profile for 293 Real-time Transport Control Protocol (RTCP)-Based Feedback 294 (RTP/SAVPF)", RFC 5124, DOI 10.17487/RFC5124, February 295 2008, . 297 [RFC5763] Fischl, J., Tschofenig, H., and E. Rescorla, "Framework 298 for Establishing a Secure Real-time Transport Protocol 299 (SRTP) Security Context Using Datagram Transport Layer 300 Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May 301 2010, . 303 [RFC6189] Zimmermann, P., Johnston, A., Ed., and J. Callas, "ZRTP: 304 Media Path Key Agreement for Unicast Secure RTP", 305 RFC 6189, DOI 10.17487/RFC6189, April 2011, 306 . 308 [RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection 309 Most of the Time", RFC 7435, DOI 10.17487/RFC7435, 310 December 2014, . 312 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 313 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 314 May 2017, . 316 7.2. Informative References 318 [I-D.kaplan-mmusic-best-effort-srtp] 319 Audet, F. and H. Kaplan, "Session Description Protocol 320 (SDP) Offer/Answer Negotiation For Best-Effort Secure 321 Real-Time Transport Protocol", draft-kaplan-mmusic-best- 322 effort-srtp-01 (work in progress), October 2006. 324 [RFC5939] Andreasen, F., "Session Description Protocol (SDP) 325 Capability Negotiation", RFC 5939, DOI 10.17487/RFC5939, 326 September 2010, . 328 [RFC6337] Okumura, S., Sawada, T., and P. Kyzivat, "Session 329 Initiation Protocol (SIP) Usage of the Offer/Answer 330 Model", RFC 6337, DOI 10.17487/RFC6337, August 2011, 331 . 333 Authors' Addresses 335 Alan Johnston 336 Villanova University 337 Villanova, PA 338 USA 340 Email: alan.b.johnston@gmail.com 342 Bernard Aboba 343 Microsoft 344 One Microsoft Way 345 Redmond, WA 98052 346 USA 348 Email: bernard.aboba@gmail.com 350 Andrew Hutton 351 Atos 352 Mid City Place 353 London WC1V 6EA 354 UK 356 Email: andrew.hutton@atos.net 358 Roland Jesske 359 Deutsche Telekom 360 Heinrich-Hertz-Strasse 3-7 361 Darmstadt 64295 362 Germany 364 Email: R.Jesske@telekom.de 366 Thomas Stach 367 Unaffiliated 369 Email: thomass.stach@gmail.com