You're right it is inconvenience, However in e-mail applications for example it is not considered to be inconvenient, The public keys can be retrieved and stored in the address book in the same way as secure email software does...
Thanks Vadim Paul Kyzivat wrote: > A significant limitation in what you propose is that it requires Bob > to have a public key that Alice knows. In general we don't find that > to be the case in most telephony applications. > > Thanks, > Paul > > Vadim Lebedev wrote: >> I see, >> Well this particular attack could be prevented by adding a timestamp >> + key validity period into the encrypted material... >> This is still much cheaper than using SSL in signalling path. >> Actually the current approach (SSL in signalling path and rtp key in >> clear in SDP) seems to be weaker in case of compromised server - the >> bad guy will be able to actually HEAR,SEE and FAKE >> rtp streams. >> >> >> Anyway thanks a lot for the feedback >> >> Vadim >> Le 2 juin 09 à 18:55, Alexander Krassiev a écrit : >> >>> Man in a middle. Encrypted key can be stored and re-used by >>> man-in-a- middle to forge future conversations (to garble the >>> stream). Further enhancing your suggestion will bring us close to >>> SSL/TLS I am afraid. >>> >>> On Jun 2, 2009, at 8:27 AM, Vadim Lebedev wrote: >>> >>>> Vadim Lebedev wrote: >>>> >>>> Any thoughts on this issue? >>>> I've just realised that this approach will make lawful interception >>>> REALLY complicated... Maybe this >>>> is the reason there is no an RFC covering it? Or am i missing >>>> something? >>>> >>>> Thanks >>>> Vadim >>>> >>>>> Hello, >>>>> >>>>> I've been reading various RFC describing tranmission of master key >>>>> for SRTP unside SDP's. >>>>> They require (like in rfc4568) the INVITE/200/ACK be transmitted >>>>> using >>>>> TLS to avoid key interception. >>>>> >>>>> I wonder why nobody proped following scheme: >>>>> >>>>> Alice generates a mester key, encrypts it wih Bob's public key and >>>>> signs it with her own private key. >>>>> The resulting material is stored in SDP which can be transmitted >>>>> ove >>>>> unsecure connection... >>>>> Bob receives the INVITE request extract the signed keye authenicate >>>>> the Alice signature and decodes the master key using his onw private >>>>> key.... >>>>> >>>>> >>>>> >>>>> Thanks >>>>> Vadim >>>>> >>>>> _______________________________________________ >>>>> Sip-implementors mailing list >>>>> Sip-implementors@lists.cs.columbia.edu >>>>> https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> Sip-implementors mailing list >>>> Sip-implementors@lists.cs.columbia.edu >>>> https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors >> >> >> _______________________________________________ >> Sip-implementors mailing list >> Sip-implementors@lists.cs.columbia.edu >> https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors >> > > _______________________________________________ Sip-implementors mailing list Sip-implementors@lists.cs.columbia.edu https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
