both the SRTP key and the SRTP configuration parameters. However, the SDP
needs to have confidentiality provided by SIP, or the key will be carried in the
clear. End-to-end S/MIME offers the best confidentiality, but hop-by-hop TLS
with Secure SIP provides a level of confidentiality (although the secret key will
be available to each SIP proxy server in the signaling path). An example is as
follows:v=0
o=jdoe 2890844526 2890842807 IN IP4 10.47.16.5
s=SDP Seminar
i=A Seminar on the session description protocol
u=http://www.example.com/seminars/sdp.pdf
[email protected] (Jane Doe)
c=IN IP4 161.44.17.12/127
t=2873397496 2873404696
m=video 51372 RTP/SAVP 31
a=crypto:1 AES_CM_128_HMAC_SHA1_80
inline:d0RmdmcmVCspeEc3QGZiNWpVLFJhQX1cfHAwJSoj|2^20|1:32
m=audio 49170 RTP/SAVP 0
a=crypto:1 AES_CM_128_HMAC_SHA1_32
inline:NzB4d1BINUAvLEw6UzF3WSJ+PSdFcGdUJShpX1Zj|2^20|1:32
m=application 32416 udp wb
a=orient:portraitIn this example, separate SRTP master keys are used for the video and audio
streams. In both cases, 128-bit AES encryption is used. For the video stream, an
80-bit HMAC-SHA-1 authentication tag is used. For the audio stream, a 32-bit
HMAC-SHA-1 authentication tag is used.
Both the a=cryptoand a=key-mgtapproaches have difficulties in falling
back to RTP if SRTP is not available. This is because a given media line must be
either RTP (RTP/AVP) or SRTP (RTP/SAVP). There is no way currently in SDP
to group two media lines to, say, accept one or the other, but not both. As a
result, a common mode will be to initially offer a SRTP session, then fall back
to a RTP session after the secure session fails. This is not a very good solution
to this all-to-common case in the interim when both secure and nonsecure ses-
sions are common.New Directions
Security for SIP and related media streams is an area that has received consid-
erable attention over the past few years, and the security mechanisms
described in this chapter are, for the most part, well defined and understood.
However, there are some new areas of standardization that will likely happen
in the coming few years that will be mentioned in this section.168 Chapter 9