From: The IESG To: IETF-Announce Message-Id: Date: Mon, 31 Oct 2005 13:35:04 -0500 Cc: msec chair , msec mailing list , Internet Architecture Board , msec chair , RFC Editor Subject: Protocol Action: 'The Use of TESLA in SRTP' to Proposed Standard The IESG has approved the following document: - 'The Use of TESLA in SRTP ' as a Proposed Standard This document is the product of the Multicast Security Working Group. The IESG contact persons are Russ Housley and Sam Hartman. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-msec-srtp-tesla-05.txt Technical Summary For broadcast or multicast use of SRTP, for instance in group conferencing, symmetric key based (group key based) message integrity is not sufficient. For data origin authentication, some type of digital signature based technique is typically necessary. TESLA is a MAC-based data origin authentication algorithm that uses delayed key disclosure to amortize the cost of digital signatures, and can also work without using signatures. This document specifies the use of TESLA with the SRTP protocol. Working Group Summary Historically, there have been arguments in the MSEC WG (and in SMuG RG) around the TESLA loose time synchronization requirement. The MSEC WG determined that this requirement was acceptable. The loose time synchronization in TESLA comes with strict requirements on packet integrity verification. In that context, there was a contentious discussion around whether to drop packets arriving too late (w.r.t. time synchronization requirement). The discussion was around "MUST" vs. "MAY", and the WG finally settled on "SHOULD." Protocol Quality TESLA has generally received a fairly thorough review within the MSEC WG, and there is at least one implementation. TESLA-SRTP has been reviewed thoroughly by the MSEC WG, but there are no known implementations. This document was reviewed by Russ Housley for the IESG.