On Sep 25, 2008, at 2:50 AM, Schneider, Peter (NSN - DE/Munich) wrote:
Dean, I assume that you refer to the proposal to use SDES that is discussed in 3GPP. However, 3GPP does not focus on that approach. Other signaling path solutions are discussed in 3GPP that exclude all intermediaries from access to the key. Clearly, allowing lawful interception is a requirement for 3GPP, as is preventing "unlawful interception".
The two forms of interception cannot be technically differentiated. Anything that allows one allows the other.
The USA has recently shown that it is possible to convert unlawful intercept into lawful intercept retroactively, despite a constitutional bar on ex post facto laws. If you're going to break one law, you might as well break 'em all, right?
The middlebox issue is NOT a pretense for allowing only weak solutions for 3GPP.
I believe you.
My proposals concerning the framework draft wouldn't make DTLS-SRTP any weaker, right?
I'm not sure. Security is such a frail thing, and it is easy for unintended consequences to occur. You may well be right, but I'm a little slow to commit. Further study is required.
And making DTLS-SRTP more adequate for 3GPP/TISPAN scenarios would be a good thing, wouldn't it?
It might, it might not. It depends on what your definition of "adequate" entails and which scenarios you are talking about. The requirements rejected by the IETF during the Media Security Requirements drafting arguably provide a proof case against this assertion.
-- Dean _______________________________________________ Sip mailing list https://www.ietf.org/mailman/listinfo/sip This list is for NEW development of the core SIP Protocol Use [EMAIL PROTECTED] for questions on current sip Use [EMAIL PROTECTED] for new developments on the application of sip
