[Live-devel] Live.com and encryption

Clem Taylor clem.taylor at gmail.com
Wed Sep 21 18:15:47 PDT 2005


On 9/13/05, Ross Finlayson <finlayson at live.com> wrote:
> At 03:05 PM 9/13/2005, you wrote:
> >How would one implement encryption in the live.com library?
>
> Most likely using the SRTP ("secure RTP") standard.
>
> This is likely something that I'll be working on soon (we have a
> client that is interested in supporting this).

This is something I'd be interested in as well. We're sending video
that really shouldn't be viewed by others over open networks
(security/privacy issue, not content protection). We were planning on
using an IPSec tunnel for all the video traffic, but SRTP seems like a
much better long term solution.

Is anyone actively using SRTP for video or is it only being used for
VoIP like applications?

I didn't see a RFC for SRTSP or rtsps? However, it seems that port 322
was reserved for rtsps. I'd assume if you are protecting RTP, you
would also need to protect the session establishment and have
someplace to exchange the SRTP keys. Tunneling RTSP over SSL like
https seems to be a reasonable solution.

draft-ietf-mmusic-kmgmt-ext-00.txt talks about storing the key
metadata in the SDP description and refers to RFC3830, MIKEY:
Multimedia Internet KEYing, as the key management protocol. But, I
didn't see an RFC for this topic.

Any ideas how you might handle the key exchange and management?

                               --Clem



More information about the live-devel mailing list