[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Ccrtp-devel] SRTP proposal for ccRTP
|
From: |
Werner Dittmann |
|
Subject: |
Re: [Ccrtp-devel] SRTP proposal for ccRTP |
|
Date: |
Sun, 23 Jul 2006 10:33:50 +0200 |
|
User-agent: |
Thunderbird 1.5 (X11/20060317) |
All,
the tests for SRTP were successful and I reached interoperability
with the libsrtp implementation.
I'll do some more documentation then the first step should be ok.
We need to discuss one important topic: the reporting of security
related errors.
As you may know SRTP employs not only message confidentiality but
also mechanisms against replay attacks and performs authentication.
On receiving data the SRTP implementation performs the necessary
checks before decrypting the data.
The SRTP replay check returns false if a packet is too old or
was already received, bot checks are based on the sequence number.
Proposal how to handle this: discard packet, replay could also be
a network problem because packets arrive too late. The current
implementation supports a replay history of 64 packets relative
to the current sequence number.
The authentication computes and checks a SHA1 HMAC authentication
tag. Currently the SRTP discards packets if the authentication
check fails. I would leave it that way with some enhancements to
inform the application.
As a proposal we should think about a way how to inform the
application that uses ccRTP. An idea here is to define an interface
(pure abstract C++ class) that describes callback methods that the
SRTP implementation calls in case of problems.
Any ideas?
Regards,
Werner