DISPATCH Working Group A. Johnston
Internet-Draft Avaya
Intended status: Standards Track B. Aboba
Expires: January 22, 2016 Microsoft
A. Hutton
L. Liess
Deutsche Telekom
T. Stach
July 21, 2015

An Opportunistic Approach for Secure Real-time Transport Protocol (OSRTP)


Opportunistic Secure Real-time Transport Protocol (OSRTP) allows encrypted media to be used in environments where support for encryption is not known in advance, and not required. OSRTP is an implementation of Opportunistic Security, as defined in RFC 7435. OSRTP does not require advanced SDP extensions or features and is fully backwards compatible with existing secure and insecure implementations. OSRTP is not specific to any key management technique for SRTP.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at http://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on January 22, 2016.

Copyright Notice

Copyright (c) 2015 IETF Trust and the persons identified as the document authors. All rights reserved.

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.

Table of Contents

1. Introduction

Opportunistic Security [RFC7435] (OS) is an approach to security that defines a third mode for security between "cleartext" and "comprehensive protection" that allows encryption and authentication to be used if supported but will not result in failures if it is not supported. In terms of secure media, cleartext is RTP [RFC3550] media which is negotiated with the AVP (Audio Video Profile) profile defined [RFC3551]. Comprehensive protection is Secure RTP [RFC3711], negotiated with a secure profile, such as SAVP or SAVPF [RFC5124]. OSRTP allows SRTP to be negotiated with the AVP profile, with fallback to RTP if SRTP is not supported.

There have been some extensions to SDP to allow profiles to be negotiated; however, these approaches are complex and have very limited deployment in communication systems. Other key management protocols for SRTP have been developed which by design use OS, such as ZRTP [RFC6189]. This approach for OSRTP is based on [I-D.kaplan-mmusic-best-effort-srtp] where it was called "best effort SRTP". [I-D.kaplan-mmusic-best-effort-srtp] has a full discussion of the motivation and requirements for opportunistic secure media.

OSRTP uses the presence of SRTP keying-related attributes in an SDP offer to indicate support for opportunistic secure media. The presence of SRTP keying-related attributes in the SDP answer indicates that the other party also supports OSRTP and encrypted and authenticated media will be used. OSRTP requires no additional extensions to SDP or new attributes and is defined independently of the key agreement mechanism used. OSRTP is only usable when media is negotiated using the Offer/Answer protocol [RFC3264].

2. Requirements Language

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119].

3. Definition of Opportunistic Security for SRTP

To indicate support for OSRTP in an SDP offer, the offerer uses the AVP profile [RFC3551] but includes SRTP keying attributes. OSRTP is not specific to any key management technique for SRTP. For example:

To accept OSRTP, an answerer receiving an offer indicating support for OSRTP generates an SDP answer containing SRTP keying attributes which match one of the keying methods in the offer. The answer MUST NOT contain attributes from more than one keying method, even if the offer contained multiple keying method attributes. The selected SRTP key management approach is followed and SRTP media is used for this session. If the SRTP key management fails for any reason, the media session MUST fail. To decline OSRTP, the answerer generates an SDP answer omitting SRTP keying attributes, and the media session proceeds with RTP with no encryption or authentication used.

If the offerer of OSRTP receives an SDP answer which does not contain SRTP keying attributes, then the media session proceeds with RTP. If the SDP answer contains SRTP keying attributes, then that particular SRTP key management approach is followed and SRTP media is used for this session. If the SRTP key management fails, the media session MUST fail.

It is important to note that OSRTP makes no changes, and has no effect on media sessions in which the offer contains a secure profile of RTP, such as SAVP or SAVPF. As discussed in [RFC7435], this is the "comprehensive protection" for media mode.

4. Security Considerations

The security considerations of [RFC7435] apply to OSRTP, as well as the security considerations of the particular SRTP key agreement approach used. However, the authentication requirements of a particular SRTP key agreement approach are relaxed when that key agreement is used with OSRTP. For example:

As discussed in [RFC7435], OSRTP is used in cases where support for encryption by the other party is not known in advance, and not required. For cases where it is known that the other party supports SRTP or SRTP needs to be used, OSRTP MUST NOT be used. Instead, a secure profile of RTP is used in the offer.

5. Implementation Status

Note to RFC Editor: Please remove this entire section prior to publication, including the reference to [RFC6982].

This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in [RFC6982]. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist.

According to [RFC6982], "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".

There are implementations of [I-D.kaplan-mmusic-best-effort-srtp] in deployed products by Microsoft and Unify. The IMTC "Best Practices for SIP Security" document [IMTC-SIP] recommends this approach. The SIP Forum plans to include support in the SIPconnect 2.0 SIP trunking recommendation [SIPCONNECT] which is under development. There are many deployments of ZRTP [RFC6189].

6. Acknowledgements

This document is dedicated to our friend and colleague Francois Audet who is greatly missed in our community. His work on improving security in SIP and RTP provided the foundation for this work.

Thanks to Eric Rescorla, Martin Thomson, and Richard Barnes for their comments.

7. References

7.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997.
[RFC3264] Rosenberg, J. and H. Schulzrinne, "An Offer/Answer Model with Session Description Protocol (SDP)", RFC 3264, DOI 10.17487/RFC3264, June 2002.
[RFC3550] Schulzrinne, H., Casner, S., Frederick, R. and V. Jacobson, "RTP: A Transport Protocol for Real-Time Applications", STD 64, RFC 3550, DOI 10.17487/RFC3550, July 2003.
[RFC3551] Schulzrinne, H. and S. Casner, "RTP Profile for Audio and Video Conferences with Minimal Control", STD 65, RFC 3551, DOI 10.17487/RFC3551, July 2003.
[RFC3711] Baugher, M., McGrew, D., Naslund, M., Carrara, E. and K. Norrman, "The Secure Real-time Transport Protocol (SRTP)", RFC 3711, DOI 10.17487/RFC3711, March 2004.
[RFC4567] Arkko, J., Lindholm, F., Naslund, M., Norrman, K. and E. Carrara, "Key Management Extensions for Session Description Protocol (SDP) and Real Time Streaming Protocol (RTSP)", RFC 4567, DOI 10.17487/RFC4567, July 2006.
[RFC4568] Andreasen, F., Baugher, M. and D. Wing, "Session Description Protocol (SDP) Security Descriptions for Media Streams", RFC 4568, DOI 10.17487/RFC4568, July 2006.
[RFC5124] Ott, J. and E. Carrara, "Extended Secure RTP Profile for Real-time Transport Control Protocol (RTCP)-Based Feedback (RTP/SAVPF)", RFC 5124, DOI 10.17487/RFC5124, February 2008.
[RFC5763] Fischl, J., Tschofenig, H. and E. Rescorla, "Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS)", RFC 5763, DOI 10.17487/RFC5763, May 2010.
[RFC6189] Zimmermann, P., Johnston, A. and J. Callas, "ZRTP: Media Path Key Agreement for Unicast Secure RTP", RFC 6189, DOI 10.17487/RFC6189, April 2011.
[RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection Most of the Time", RFC 7435, DOI 10.17487/RFC7435, December 2014.

7.2. Informative References

, ", "
[I-D.kaplan-mmusic-best-effort-srtp] Audet, F. and H. Kaplan, "Session Description Protocol (SDP) Offer/Answer Negotiation For Best-Effort Secure Real-Time Transport Protocol", Internet-Draft draft-kaplan-mmusic-best-effort-srtp-01, October 2006.
[IMTC-SIP]Best Practices for SIP Security", IMTC SIP Parity Group http://www.imtc.org/uc/sip-parity-activity-group/, 2011.
[RFC6982] Sheffer, Y. and A. Farrel, Improving Awareness of Running Code: The Implementation Status Section", RFC 6982, DOI 10.17487/RFC6982, July 2013.
[SIPCONNECT]SIP-PBX / Service Provider Interoperability SIPconnect 2.0 - DRAFT Technical Recommendation", SIP Forum http://www.sipforum.org/content/view/179/213/, 2015.

Authors' Addresses

Alan Johnston Avaya St. Louis, MO USA EMail: alan.b.johnston@gmail.com
Bernard Aboba Microsoft One Microsoft Way Redmond, WA 98052 USA EMail: bernard.aboba@gmail.com
Andy Hutton Unify Technology Drive Nottingham, NG9 1LA UK EMail: andrew.hutton@unify.com
Laura Liess Deutsche Telekom Heinrich-Hertz-Strasse 3-7 Darmstadt, 64295 Germany EMail: laura.liess.dt@googlemail.com
Thomas Stach Unaffiliated EMail: thomass.stach@gmail.com