Gateway control protocol: Secure real-time transport protocol (SRTP) package and procedures
|Publication Date:||1 December 2017|
The secure real-time transport protocol (SRTP) is a real-time transport protocol (RTP) profile that provides confidentiality, message authentication and replay protection to RTP and RTP control protocol (RTCP) sessions. The secure RTP package allows a media gateway controller (MGC) to control the use of SRTP by a media gateway (MG). This package is defined in detail in clause 6.
By itself, the secure RTP package is incomplete, as it does not provide procedures for key management. Instead, it is designed to rely on existing key-management schemes (see also [b-IETF RFC 7202]). [b-IETF RFC 5479] provides an example selection of key-management protocol options for SRTP in "SIP networks".
Clause 7 provides procedures for the use of one such key-management scheme: session description protocol (SDP) security descriptions.
Clause 8 provides procedures for the use of one such key-management scheme: datagram transport layer security (DTLS)-SRTP.
Several reasons exist why this Recommendation is required, in addition to the existing (usually SDP-based) SRTP key-management schemes. The most significant of which are listed below:
- Most existing SDP key-management schemes rely on the SDP offer/answer model (see [b-IETF RFC 3264]). However, the offer/answer model is not used in ITU-T H.248 as it does not fit the nature of the connection between an ITU-T H.248 MGC and a MG.
- Existing SDP key-management schemes do not contain procedures relating to parameter overspecification and wildcarding, which are unique to ITU-T H.248.
- The limited lifetime of SRTP master keys calls for mechanisms for handling master key expiry. The existing mechanisms cannot be used in ITU-T H.248.
- The SRTP package allows explicit control over the key-management scheme employed, allowing easy interoperability with, and migration to future schemes.
- The SRTP package allows an MGC to audit the SRTP capabilities of an MG through the use of the packages descriptor and the properties of the new package.
- The SRTP package allows an MGC to collect statistics regarding the number of security violations encountered by the MG, and the volume of SRTP traffic it processed.
The scope of the (09/2010) edition of this Recommendation is limited to use-cases in which a MG applies SRTP procedures, as described in section 3.3 of [IETF RFC 3711], to the SRTP packets it sends and receives. Use-cases in which the MG handles SRTP packets without using those procedures (e.g., transparent forwarding, storage in encrypted form, etc.) are intentionally left out of this Recommendation.
This revision (12/2017) of the Recommendation extends the scope for further SRTP key management schemes, such as DTLS-SRTP according to [b-IETF RFC 5763] and [IETF RFC 5764].