All, the tests for SRTP were successful and I reached interoperability with the libsrtp implementation.
I'll do some more documentation then the first step should be ok. We need to discuss one important topic: the reporting of security related errors. As you may know SRTP employs not only message confidentiality but also mechanisms against replay attacks and performs authentication. On receiving data the SRTP implementation performs the necessary checks before decrypting the data. The SRTP replay check returns false if a packet is too old or was already received, bot checks are based on the sequence number. Proposal how to handle this: discard packet, replay could also be a network problem because packets arrive too late. The current implementation supports a replay history of 64 packets relative to the current sequence number. The authentication computes and checks a SHA1 HMAC authentication tag. Currently the SRTP discards packets if the authentication check fails. I would leave it that way with some enhancements to inform the application. As a proposal we should think about a way how to inform the application that uses ccRTP. An idea here is to define an interface (pure abstract C++ class) that describes callback methods that the SRTP implementation calls in case of problems. Any ideas? Regards, Werner _______________________________________________ Ccrtp-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/ccrtp-devel
