MSEC Working Group

1
MSEC Working Group
DTLS-SRTP Key Transport

• draft-wing-avt-dtls-srtp-key-transport-01

Dan Wing, dwing_at_cisco.com
2
Overview

• IETF68 (Prague), RTPSEC BoF selected DTLS-SRTP as
  the preferred SRTP keying mechanism
• Only unicast, point-to-point was in scope
• DTLS-SRTP Key Transport allows efficient SRTP
  operation for
• Several unicast conferencing scenarios
• Multicast

3
Why Consider DTLS-SRTP for Multicast?

• DTLS-SRTP works for group of 2
• GDOI-SRTP is overkill for a group of 3
• Useful for a larger group
• DTLS-SRTP-Key-Transport allows optimizing SRTP
  keying for small groups

4
Operation of DTLS-SRTP Key Transport for
Multicast
5
DTLS-SRTP-Key-Transport

• DTLS-SRTP-Key-Transport is negotiated during TLS
  handshake
• DTLS-SRTP session stays up for duration of call
• SRTP key is sent within the DTLS session itself
• As a new TLS content-type

6
DTLS session with each listener

• Each listener establishes unicast DTLS-SRTP
  session with speaker
• Speaker uses DTLS-SRTP Key Transport to tell
  every listener the same SRTP key

Listener 1
speaker
Listener 2
Listener 3
DTLS-SRTP, transport speakers SRTP key A
7
SRTP multicasting

• SRTP packets are then multicasted to listeners

Listener 1
SRTP packet, key A
speaker
Listener 2
Listener 3
8
DTLS-SRTP-Key-Transport

• DTLS-SRTP-Key-Transport is negotiated during TLS
  handshake
• DTLS-SRTP session stays up for duration of call
• SRTP key is sent within the DTLS session itself
• As a new TLS content-type

9
Questions

• draft-wing-avt-dtls-srtp-key-transport-01

Dan Wing, dwing_at_cisco.com