IETF 90 - DTLS-SRTP Handling in SIP B2BUAs

1,715 views
1,513 views

Published on

DTLS-SRTP Handling in SIP B2BUAs

Published in: Internet
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,715
On SlideShare
0
From Embeds
0
Number of Embeds
845
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

IETF 90 - DTLS-SRTP Handling in SIP B2BUAs

  1. 1. DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-90 Toronto, July 25, 2014 Presenter: Lorenzo Miniero Authors: Ram Mohan, Tirumaleswar Reddy, Gonzalo Salgueiro, Victor Pascual
  2. 2. Background  DTLS-SRTP is used to secure media  Certificate fingerprint exchange in SDP for mutual authentication  Need for B2BUA to handle DTLS-SRTP
  3. 3. DTLS-SRTP Handling in SIP B2BUA  This draft defines the behavior B2BUA must follow to handle DTLS-SRTP in following modes: - Media Relay - Media Aware - Media Termination
  4. 4. Media Relay  Forwards packets without inspection or modification  Only modifies the L3 and L4 headers  It MUST forward the received certificate fingerprint without any modifications
  5. 5. Media Aware  Media Aware only modifies the RTP header  Terminates the DTLS connection and acts as a DTLS proxy - Changes the certificate fingerprint and signals its own fingerprint - Decrypts and re-encrypts the payload
  6. 6. Media Termination  Media terminator modifies the payload  Terminates the DTLS connection, acts as a DTLS proxy - Changes the certificate fingerprint and signals its own fingerprint - Decrypts and re-encrypts the payload
  7. 7. Media Plane B2BUA to Handle NAT  NAT between UA and B2BUA  NAT could drop unsolicited incoming packets  UA in passive mode must send some packets (STUN, RTP, etc.) so as to receive the incoming ClientHello packet from B2BUA  Restart DTLS handshake after answer is received
  8. 8. Next Steps  Adopt as WG document  Need additional reviews

×