RTSP 2.0 TLS handling - PowerPoint PPT Presentation

1 / 6
About This Presentation
Title:

RTSP 2.0 TLS handling

Description:

Slide title. In CAPITALS. 50 pt. Slide subtitle. 32 pt. RTSP 2.0 TLS handling ... The Via header shows route, however it allows for a proxy to hide topology ... – PowerPoint PPT presentation

Number of Views:59
Avg rating:3.0/5.0
Slides: 7
Provided by: kieabtvaam
Learn more at: https://www.ietf.org
Category:
Tags: rtsp | tls | handling | however | title | to

less

Transcript and Presenter's Notes

Title: RTSP 2.0 TLS handling


1
RTSP 2.0 TLS handling
  • Magnus Westerlund
  • draft-ietf-mmusic-rfc2326bis-12

2
Real-Time Streaming Protocol
  • Signalling protocol for controlling streaming
    sessions, i.e. the network remote control.
  • Media normally goes in its own transport session
    over UDP. Exception is the interleaved mode,
    which is last resort fall back solution.
  • Has a rtsps URI scheme to indicate the
    requirement to use TLS protected signalling.
  • Normal TLS usage is defined in section 18.2
  • Uses the guidelines from RFC 2818

3
RTSP and Proxies
  • Some environement requires proxies
  • Firewalls need to open pinholes for the media
  • Logging or content filtering of some media
    content
  • Many of these cases can accept a trust model
    where the proxy is trusted. This due to the close
    association with it, like your companies.
  • Defined a mechanism for handling multiple TLS
    hops by either
  • have the proxy relay the next hop server
    certificate to the client and have it approve the
    certificate.
  • let the proxy determine which certificates to
    accept
  • accept any certificate (Debugging only)

4
TLS connect walkthrough
  1. Client connects with TLS and send Request to
    proxy.
  2. Proxy Connects with TLS to server and get server
    side certificate.
  3. Proxy responds to request with 470 (Connection
    Authorization Required), and include certificate.
  4. Client checks certificate, and accepts it by
    including a hash of the certificate and proxy URI
    in the Accept-Credentials header and resend the
    request.
  5. Proxy matches hash with connection and forwards
    request in TLS.

Server
2.
5.
Proxy
1.
3.
4.
Client
5
Open Issue in Accept-Credentials
  • The Accept-Credentials header is sent as part of
    the request when needed.
  • Each entry within the Accept-Credentials headers
    has an intended proxy.
  • Should that proxy remove the entry intened for
    itself before forwarding the request?
  • Doing the above procedure rather then having them
    go end to end would
  • Reduce bandwidth in requests
  • Slightly increase processing load
  • Hide earlier TLS hops from later RTSP agents
  • The Via header shows route, however it allows for
    a proxy to hide topology
  • Any security implications?

6
Request for Review
  • Document is getting close to WG last call in
    MMUSIC WG
  • Want to have review on the security mechanisms
    before that to avoid to late suprises
  • Please review section 18 and send comments to
    authors and MMUSIC WG.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "RTSP 2.0 TLS handling" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!