Roll-over Counter Carrying Transform Support #51
Comments
|
I'm not aware of any plans to support RFC 4771. There is support for EKT, which appears to solve the same problem (late receivers joining a stream). While I haven't read through 4711 in detail, it appears to relay on truncating the auth tag, which reduces the security level of the session. This is will be a problem for some SRTP use cases (e.g. FIPS compliance, Common Criteria, etc.). You may want to take a look at http://tools.ietf.org/html/draft-mcgrew-srtp-aero-01. This is another approach to solving the same problem by eliminating the need for the ROC. |
|
Is the EKT support enabled by default? At first glance, it seems like it is always used. Is this correct? I apologize, I'm fairly new to this library and SRTP itself. Thanks. |
|
I don't think it's enabled by default. There's an EKT policy underneath the SRTP policy. If this is null, then EKT isn't initialized. Unfortunately there are not a lot of comments in the code on how to use EKT. The only example of using it is located in test/srtp_driver.c. Sorry I can't be more helpful, the EKT code was contributed prior to my involvement in the project. Be aware the EKT draft was never ratified. There are rumors this draft may be resurrected in the future, which will likely result in changes to the current EKT code. |
|
I'll take a look at the example. Thanks for the response! |
|
Closing this issue due to lack of inactivity on the thread. |
I was curious if there were any plans for supporting Roll-over Counter Carrying in SRTP?
It is defined here: http://www.rfc-base.org/txt/rfc-4771.txt
I know VLC has integrated this concept in their implementation of SRTP, which can be found at: https://gitorious.org/vlc-dcinema/vlc-dcinema/raw/71f3fa810e50e598cb32919d46993ba0de698633:modules/access/rtp/srtp.c
The text was updated successfully, but these errors were encountered: