Request for reviewing audio, vidoe, text/rtp-enc-aescm128

Cullen Jennings fluffy at cisco.com
Tue May 23 00:59:52 CEST 2006 

I'm confused if this really is a payload time - this seems at a  
semantic level the same as SRTP. I am concerned with how one would  
signal  this a payload type in SDP and at the same time signal the  
type of payload it was encrypting for any dynamic type.

I have serious reservations about this registration.


On May 16, 2006, at 1:43 AM, Magnus Westerlund wrote:

> This is a request to review the media types:
> audio/rtp-enc-aescm128
> video/rtp-enc-aescm128
> text/rtp-enc-aescm128
>
> These have been requested by 3GPP SA4 to be registered in the  
> standards tree by the IESG following the SDO rules in RFC 4288. The  
> type registration is present in Technical Specification 26.234 in  
> section K.1.4.1:
> http://www.3gpp.org/ftp/Specs/archive/26_series/26.234/26234-670.zip
>
> It is reproduced below for your information. The full media format  
> is specified in Annex K of above specification. The registration  
> template has been present in the document for a while and follows  
> the template in RFC 2048. If that is a problem it can be fixed,  
> however it will take some months. I therefore would also like to  
> receive any further comments in that case.
>
> MIME media type name: audio, video, text
>
> MIME subtype name: rtp-enc-aescm128
>
> Required parameters:
>
> opt: 	
> The payload type number of the payload type contained in the  
> encrypted payload. An integer value between 0-127.
>
> rate: 	
> The timestamp rate of this payload type, which shall be the same as  
> that of the original payload type. This is an integer value between  
> 1 and 2^32.
>
> ContentID: 	
> The OMA DRM content ID [75] used to identify the content when  
> establishing a crypto context. The value is an RFC 2396 [60] URI,  
> which shall be quoted using <">.
>
> RightsIssuerURL: 	
> The right issuer URL as defined by OMA DRM [75]. The value is an  
> URI in accordance with RFC 2396 [60], which shall be quoted using <">.
>
> IVnonce: 		
> The value of this parameter is the nonce that forms the IV as  
> specified by the crypto transform, encoded using Base 64 [69].
>
> Optional parameters:
>
> SelectiveEncryption: 	
> Indicates if this stream is selectively encrypted. Allowed values  
> are 0 (false) and 1 (true). If not present, selective encryption  
> shall not be used. Please note that unless this indicator is  
> integrity protected, it fulfills no purpose.
>
> Encoding considerations:
>
> This type is only defined for transfer via RTP (RFC 3550).
>
> Security considerations:
>
> See considerations raised in RTP RFC 3550 [9] and any applicable  
> profile like RFC 3551 [10] or RFC 3711 [72]. Further see 3GPP TS  
> 26.234, Release 6, Annex K for comments on security issues. The  
> main issues that exists are:
>
> - This RTP payload format only confidentiality protects the RTP  
> payload, thus header information is leaked, similarly to SRTP.
>
> - The use of stream ciphers as AES CM and no integrity protection  
> allows an attacker to purposefully attack the content of the  
> encrypted RTP payload by switching individual bits.
>
> - The usage of selective encryption without integrity protection  
> allows for an attacker to perform any replacements of complete RTP  
> payloads and packets it desires.
>
> - The payload format makes the receiver vulnerable to denial of  
> service attacks that inserts RTP packets into the stream, that the  
> receiver then interprets as being encrypted thus wasting  
> computational resources. To prevent this attack, authentication  
> needs to be used.
>
> Interoperability considerations:
>
> Published specification:
>
> 3GPP TS 26.234, Release 6.
> Open Mobile Alliance DRM Content Format V2.0
>
> Applications which use this media type:
>
> Third Generation Partnership Project (3GPP) Packet-switched  
> Streaming Service (PSS) clients and servers, which supports the  
> Open Mobile Alliance's specification of Digital Rights Management  
> version 2.0.
>
> Additional information:
>
> Magic number(s): N/A
>
> File extension(s): N/A
>
> Macintosh File Type Code(s): N/A
>
> Person & email address to contact for further information:
> 	magnus.westerlund at ericsson.com
>
> Intended usage:
> Common
>
> Author/Change controller:
>
> 3GPP TSG SA
>
> ---
>
> Thanks
>
> Magnus Westerlund
>
> Multimedia Technologies, Ericsson Research EAB/TVA/A
> ----------------------------------------------------------------------
> Ericsson AB                | Phone +46 8 4048287
> Torshamsgatan 23           | Fax   +46 8 7575550
> S-164 80 Stockholm, Sweden | mailto: magnus.westerlund at ericsson.com

More information about the Ietf-types mailing list