[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-developers] Set Master Key for SRTP in linphone

From: Greg Troxel
Subject: Re: [Linphone-developers] Set Master Key for SRTP in linphone
Date: Thu, 04 Jun 2020 06:51:51 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (berkeley-unix)

Mark Murawski <> writes:

> Here is specific information about how SRTP operates:
> See this section on Key Derivation:

[It is still on my TODO list to really understand the entire SRTP ecosystem.]

That explains how to go from a provided master key to individual
algorithm keys, and section 8 talks about external key management.

I realize it's conventional to label this "SRTP" in a UI, but it seems
that these UIs are mislabeled, in that SRTP itself, without an associated
key management scheme, requires providing a key to both endpoints.

When people and programs simply say "SRTP", I think they could mean
either of these:

  Session Description Protocol (SDP) Security Descriptions for Media Streams

  SRTP Extension for DTLS

The first is about SIP providing keys over the TLS-protected signaling

The second is within the data channel, but has a scheme to bootstrap
authentication from the signaling channel:

   A DTLS-SRTP session may be indicated by an external signaling
   protocol like SIP.  When the signaling exchange is integrity-
   protected (e.g., when SIP Identity protection via digital signatures
   is used), DTLS-SRTP can leverage this integrity guarantee to provide
   complete security of the media stream.  A description of how to
   indicate DTLS-SRTP sessions in SIP and SDP [RFC4566], and how to
   authenticate the endpoints using fingerprints can be found in


  What is linphone doing when configured for "SRTP"?
  What is linphone doing when configured for "DTLS"

  Do people think it is a bug that the UI does not make this clear?
  Or is it obvious that SRTP is short for "SDES-SRTP (RFC4568)"?
  And that DTLS is short for RFC5764?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]