Generating subsequent SDP offers and answers MUST use the same procedures for including the "a=cryptex" attribute as the ones on the initial offer and answer. ¶īoth endpoints can change the Cryptex support status by modifying the session as specified in section 8. When used with BUNDLE, this attribute is assigned to the TRANSPORT category. This ensures that the encrypted MID header extensions can be processed, allowing to associate RTP streams with the correct "m=" section in each BUNDLE group as specified in section 9.2. If BUNDLE is in use as per and the "a=cryptex" attribute is present for a media line, it MUST be present for all RTP-based "m=" sections belonging to the same bundle group. Once each peer has verified that the other party supports receiving RTP packets encrypted with Cryptex, senders can unilaterally decide whether to use or not the Cryptex mechanism on a per packet basis. The endpoint is capable of receiving RTP packets encrypted with Cryptex, as defined below. The presence of the "a=cryptex" attribute in the SDP (either in an offer or answer) indicates that The new "a=cryptex" attribute is a property attribute as defined in section 5.13 and therefore takes no value, and can be used at the session level or media level. Typically result in multiple extra bytes in each RTP packet, comparedĬryptex support is indicated via a new "a=cryptex" SDP attribute defined in this specification. Thus, deployment of encryption for header extensions will (backwards compatible) forms, and two-byte for the encrypted forms. One-byte extension identifiers will need to be used for the unencrypted Because two-byteĮxtension headers may not be handled well by existing implementations, Two-byte headers in many cases, which are not supported well by someįinally, the header extension bloat combined with the need for backwardsĬompatibility results in additional wire overhead. Accordingly, implementations will need to use Past the 14-extension limit for the use of one-byte extension headersĭefined in. Because each extension mustīe offered in both unencrypted and encrypted forms, twice as many headerĮxtensions must be offered, which will in many cases push implementations Third, it bloats the header extension space. As noted above, this leavesĪ fair amount of potentially sensitive information exposed. Second, it only protects the header extension values, and not their ids or The most popular SRTP implementations had a significant bug in this area To allow only the selected header extension values to be encrypted. And in the SRTP layer, a somewhat complex transform is required Negotiated on a per-extension basis, a fair amount of signaling logic is However, it has not seen significant adoption, andįirst, the mechanism is complicated. ¶įinally, the CSRCs included in RTP packets can also be sensitive, potentiallyĪllowing a network eavesdropper to determine who was speaking and when duringĮncryption of Header Extensions in SRTP was proposed in 2013 as a solution to the problem of unprotected
Accordingly, these identifiersĬan be considered a fingerprinting issue. Identity of the endpoint and/or application. Themselves can provide meaningful information in terms of determining the Header extensions in active use that the header extension identifiers In addition to the contents of the header extensions, there are now enough Levels defined in and, which are specifically noted asīeing sensitive in the Security Considerations section of those RFCs. Information carried in RTP header extensions, including the per-packet sound However, as noted in, the security requirements can be different for Scheduling (e.g., RTP SSRC and sequence number). In the header has minimal sensitivity (e.g., RTP timestamp) in addition,Ĭertain fields need to remain as cleartext because they are used for key This has not historically been a problem, as much of the information carried The Secure Real-time Transport Protocol (SRTP) mechanism provides messageĪuthentication for the entire RTP packet, but only encrypts the RTP payload.
0 kommentar(er)
