DTLS-SRTP Handling in SIP
B2BUAs
draft-ram-straw-b2bua-dtls-srtp
IETF-90
Toronto, July 25, 2014
Presenter: Lorenzo Miniero...
Background
 DTLS-SRTP is used to secure media
 Certificate fingerprint exchange in SDP
for mutual authentication
 Need ...
DTLS-SRTP Handling in SIP B2BUA
 This draft defines the behavior B2BUA
must follow to handle DTLS-SRTP in
following modes...
Media Relay
 Forwards packets without inspection or
modification
 Only modifies the L3 and L4 headers
 It MUST forward ...
Media Aware
 Media Aware only modifies the RTP
header
 Terminates the DTLS connection and
acts as a DTLS proxy
- Changes...
Media Termination
 Media terminator modifies the payload
 Terminates the DTLS connection, acts as
a DTLS proxy
- Changes...
Media Plane B2BUA to Handle NAT
 NAT between UA and B2BUA
 NAT could drop unsolicited incoming packets
 UA in passive m...
Next Steps
 Adopt as WG document
 Need additional reviews
Upcoming SlideShare
Loading in...5
×

IETF 90 - DTLS-SRTP Handling in SIP B2BUAs

1,239

Published on

DTLS-SRTP Handling in SIP B2BUAs

Published in: Internet
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,239
On Slideshare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

IETF 90 - DTLS-SRTP Handling in SIP B2BUAs

  1. 1. DTLS-SRTP Handling in SIP B2BUAs draft-ram-straw-b2bua-dtls-srtp IETF-90 Toronto, July 25, 2014 Presenter: Lorenzo Miniero Authors: Ram Mohan, Tirumaleswar Reddy, Gonzalo Salgueiro, Victor Pascual
  2. 2. Background  DTLS-SRTP is used to secure media  Certificate fingerprint exchange in SDP for mutual authentication  Need for B2BUA to handle DTLS-SRTP
  3. 3. DTLS-SRTP Handling in SIP B2BUA  This draft defines the behavior B2BUA must follow to handle DTLS-SRTP in following modes: - Media Relay - Media Aware - Media Termination
  4. 4. Media Relay  Forwards packets without inspection or modification  Only modifies the L3 and L4 headers  It MUST forward the received certificate fingerprint without any modifications
  5. 5. Media Aware  Media Aware only modifies the RTP header  Terminates the DTLS connection and acts as a DTLS proxy - Changes the certificate fingerprint and signals its own fingerprint - Decrypts and re-encrypts the payload
  6. 6. Media Termination  Media terminator modifies the payload  Terminates the DTLS connection, acts as a DTLS proxy - Changes the certificate fingerprint and signals its own fingerprint - Decrypts and re-encrypts the payload
  7. 7. Media Plane B2BUA to Handle NAT  NAT between UA and B2BUA  NAT could drop unsolicited incoming packets  UA in passive mode must send some packets (STUN, RTP, etc.) so as to receive the incoming ClientHello packet from B2BUA  Restart DTLS handshake after answer is received
  8. 8. Next Steps  Adopt as WG document  Need additional reviews
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×