[Security] XEP-0166, XEP-0167, XTLS - crypto and other stories.

Dan Wing dwing at cisco.com
Fri Dec 19 19:31:37 CST 2008


 

> -----Original Message-----
> From: security-bounces at xmpp.org 
> [mailto:security-bounces at xmpp.org] On Behalf Of Eric Rescorla
> Sent: Friday, December 19, 2008 8:57 AM
> To: XMPP Security
> Subject: Re: [Security] XEP-0166, XEP-0167, XTLS - crypto and 
> other stories.
> 
> On Fri, Dec 19, 2008 at 8:00 AM, Justin Karneges 
> <justin at affinix.com> wrote:
> > On Friday 19 December 2008 04:26:08 Dirk Meyer wrote:
> >> Like you can not combine any transport to any application 
> (e.g. ICE-UDP
> >> and file transfer does not work), you can not use any 
> crypto layer in
> >> any application.
> >
> > I think you can use a crypto layer in any application 
> unless the application
> > says otherwise (e.g. if the application has its own 
> mechanism instead).
> > Thus, any reliable transport may have TLS and any 
> unreliable transport may
> > have DTLS.
> >
> >> VoIP would use SRTP crypto, VPN DTLS. In the future we
> >> may have something different.
> >
> > Jingle RTP would define the usage of SRTP (as part of the 
> application, so
> > there'd be no crypto layer in the Jingle sense) and 
> discourage a crypto
> > layer.  VPN would simply recommend a crypto layer.
> 
> Hi folks,
> 
> I haven't had a chance to really work through this stuff. Hopefully
> this weekend.
> 
> Anyway, as Dirk observes, SRTP just assumes that key 
> management is provided
> some other way. The current IETF approach is to use DTLS on the same
> host/port quartet as the SRTP to do key establishment for SRTP
> (see draft-ietf-sip-dtls-srtp-framework). This is a bit 
> clumsy but is designed
> to let you use the optimized SRTP media encryption with DTLS 
> style keying.
> 
> I'm not sure quite how (if at all) that fits into XMPP.

EKR,

Background:

In SIP, the fingerprint of the DTLS certificate (used
in the DTLS-SRTP handshake) is conveyed in SDP (using "a=fingerprint") 
and signed using RFC4474 (which creates a signature over the 
entire SDP and over some certain SIP headers).

In XMPP, there is a document that explains how ICE 
(draft-ietf-mmusic-ice) parameters are encoded in XMPP,
http://xmpp.org/extensions/xep-0176.html#protocol-candidates-syntax

Solution:

XMPP could create a definition of how a DTLS certificate is
conveyed in XMPP (similar to how XMPP defined how ICE
parameters are conveyed in XMPP) and sign it using whatever
mechanism XMPP uses to sign headers or message bodies (or
does XMPP just use mutual TLS from site to site?  If so, 
a signature isn't necessary as mutual TLS would provide the 
same properties).

-d



More information about the Security mailing list