Framework for Establishing a Secure Real-time Transport Protocol (SRTP) Security Context Using Datagram Transport Layer Security (DTLS)

This document specifies how to use the Session Initiation Protocol (SIP) to establish an Secure Real-time Transport Protocol (SRTP) security context using the Datagram Transport Layer Security (DTLS) protocol. It describes a mechanism of transporting a fingerprint attribute in the Session Description Protocol (SDP) that identifies the key that will be presented during the DTLS handshake. The key exchange travels along the media path as opposed to the signaling path. The SIP Identity mechanism can be used to protect the integrity of the fingerprint attribute from modification by intermediate proxies.

[1]  Jari Arkko,et al.  Key Management Extensions for Session Description Protocol (SDP) and Real Time Streaming Protocol (RTSP) , 2006, RFC.

[2]  Scott O. Bradner,et al.  Key words for use in RFCs to Indicate Requirement Levels , 1997, RFC.

[3]  John Lazzaro,et al.  Framing Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP) Packets over Connection-Oriented Transport , 2006, RFC.

[4]  Mats Näslund,et al.  The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[5]  Henning Schulzrinne,et al.  An Offer/Answer Model with Session Description Protocol (SDP) , 2002, RFC.

[6]  Dan Wing,et al.  Requirements and Analysis of Media Security Management Protocols , 2009, RFC.

[7]  Dan Wing,et al.  Session Description Protocol (SDP) Security Descriptions for Media Streams , 2006, RFC.

[8]  Flemming Andreasen SDP Capability Negotiation , 2006 .

[9]  Jon Peterson,et al.  A Privacy Mechanism for the Session Initiation Protocol (SIP) , 2002, RFC.

[10]  Eric Rescorla,et al.  Datagram Transport Layer Security , 2006, RFC.

[11]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[12]  Henning Schulzrinne,et al.  Reliability of Provisional Responses in Session Initiation Protocol (SIP) , 2002, RFC.

[13]  Jari Arkko,et al.  MIKEY: Multimedia Internet KEYing , 2004, RFC.

[14]  Dan Wing,et al.  Encrypted Key Transport for Secure RTP , 2009 .

[15]  Colin Perkins,et al.  Multiplexing RTP Data and Control Packets on a Single Port , 2010, RFC.

[16]  Mark Handley,et al.  SDP: Session Description Protocol , 1998, RFC.

[17]  Eric Rescorla,et al.  Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP) , 2010, RFC.

[18]  Jon Peterson,et al.  Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP) , 2006, RFC.

[19]  Jon Callas,et al.  ZRTP: Media Path Key Agreement for Unicast Secure RTP , 2011, RFC.

[20]  Gonzalo Camarillo,et al.  TCP-Based Media Transport in the Session Description Protocol (SDP) , 2005, RFC.

[21]  Jonathan Lennox,et al.  Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP) , 2006, RFC.

[22]  Jon Peterson,et al.  Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks , 2002, RFC.

[23]  Dan Wing,et al.  Session Traversal Utilities for NAT (STUN) , 2020, RFC.

[24]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[25]  John Elwell Connected Identity in the Session Initiation Protocol (SIP) , 2007, RFC.

[26]  Jonathan D. Rosenberg,et al.  Interactive Connectivity Establishment (ICE): A Protocol for Network Address Translator (NAT) Traversal for Offer/Answer Protocols , 2010, RFC.

[27]  Dan Wing DTLS-SRTP Key Transport (KTR) , 2009 .

[28]  Dan Wing,et al.  Secure Media Recording and Transcoding with the Session Initiation Protocol , 2008 .

[29]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[30]  Takumi Ohba,et al.  User-Agent-Driven Privacy Mechanism for SIP , 2010, RFC.

[31]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.