Archived
TD0279: Ciphersuites for SRTP
Publication Date
2018.01.03
Protection Profiles
EP_SBC_V1.1, EP_VVOIP_V1.0
Other References
FCS_SRTP_EXT.1.2
Issue Description
The SBC and VVoIP EPs currently only include a single ciphersuite for use in SRTP. NSS customers would like the list of allowable ciphersuites expanded. Resolution
Updated 03/29/2018 to add AES_CM_128_HMAC_SHA1_32, in accordance with RFC 4568. FCS_SRTP_EXT.1.2 is modified as follows: FCS_SRTP_EXT.1.2 The TSF shall implement SDES-SRTP supporting the following ciphersuites [selection: · AES_CM_128_HMAC_SHA1_80, in accordance with RFC 4568, · AES_CM_128_HMAC_SHA1_32, in accordance with RFC 4568, · AES_256_CM_HMAC_SHA1_80, in accordance with RFC 6188, · AES_256_CM_HMAC_SHA1_32, in accordance with RFC 6188, · AEAD_AES_128_GCM, in accordance with RFC7714, · AEAD_AES_256_GCM, in accordance with RFC 7714]. Application Note: This requirement specifies that the SRTP session that will be used to carry the VoIP traffic will be keyed according to an SDES dialogue using one of the identified ciphersuites. The ST author should select any/all ciphersuites supported. No change to the Assurance Activities is needed. Justification
The additional ciphersuites included allow more flexibility and provide support for greater key lengths. |