Skip to content

Reflow SRTP Implementation Notes

Scott Godin edited this page Mar 5, 2021 · 1 revision

Table of Contents

SRTP Implementation Notes

Relevant IETF documents

SDES Implementation Notes

  • default offer crypto suite is AES_CM_128_HMAC_SHA1_80
  • secure media required setting:
    • enabled: then SAVP transport protocol is signalled in SDP offers,
    • disabled: then AVP transport portocol is signalled in SDP offers and encryption=optional attribute is added
  • No f8 crypto suite - libsrtp limitation
  • no MKI implementation
  • no custom master key lifetime implementation
  • no master key lifetime, re-keying when expired
  • no Key Derivation Rate (KDR) implementation - libsrtp limitation
  • no support for SDES SRTP Session parameters: Unencrypted/Unauthenticated, FEC_ORDER, FEC_KEY, WSH

DTLS Implementation Notes

  • Only SHA-1 fingerprint is supported (not SHA-224, SHA-256, SHA-384, SHA-512, MD5 or MD2)
  • Passive side must do a STUN connectivity check - text in draft is inconsistent
  • Does not currently require that Identity header be present/validated.
Clone this wiki locally