IETF 90 - DTLS-SRTP Handling in SIP B2BUAs
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

IETF 90 - DTLS-SRTP Handling in SIP B2BUAs

  • 1,119 views
Uploaded on

DTLS-SRTP Handling in SIP B2BUAs

DTLS-SRTP Handling in SIP B2BUAs

More in: Internet
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,119
On Slideshare
504
From Embeds
615
Number of Embeds
13

Actions

Shares
Downloads
3
Comments
0
Likes
0

Embeds 615

http://webrtchacks.com 502
http://feeds.feedburner.com 55
http://feedly.com 24
http://www.inoreader.com 12
https://www.inoreader.com 6
https://twitter.com 6
http://webrtchacks.staging.wpengine.com 3
http://digg.com 2
http://yoleoreader.com 1
http://newsblur.com 1
http://feedreader.com 1
http://news.google.com 1
http://www.newsblur.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-90 Toronto, July 25, 2014 Presenter: Lorenzo Miniero Authors: Ram Mohan, Tirumaleswar Reddy, Gonzalo Salgueiro, Victor Pascual
  • 2. Background  DTLS-SRTP is used to secure media  Certificate fingerprint exchange in SDP for mutual authentication  Need for B2BUA to handle DTLS-SRTP
  • 3. DTLS-SRTP Handling in SIP B2BUA  This draft defines the behavior B2BUA must follow to handle DTLS-SRTP in following modes: - Media Relay - Media Aware - Media Termination
  • 4. Media Relay  Forwards packets without inspection or modification  Only modifies the L3 and L4 headers  It MUST forward the received certificate fingerprint without any modifications
  • 5. Media Aware  Media Aware only modifies the RTP header  Terminates the DTLS connection and acts as a DTLS proxy - Changes the certificate fingerprint and signals its own fingerprint - Decrypts and re-encrypts the payload
  • 6. Media Termination  Media terminator modifies the payload  Terminates the DTLS connection, acts as a DTLS proxy - Changes the certificate fingerprint and signals its own fingerprint - Decrypts and re-encrypts the payload
  • 7. Media Plane B2BUA to Handle NAT  NAT between UA and B2BUA  NAT could drop unsolicited incoming packets  UA in passive mode must send some packets (STUN, RTP, etc.) so as to receive the incoming ClientHello packet from B2BUA  Restart DTLS handshake after answer is received
  • 8. Next Steps  Adopt as WG document  Need additional reviews