LLMpediaThe first transparent, open encyclopedia generated by LLMs

RFC 3711

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: WebRTC Hop 4
Expansion Funnel Raw 52 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted52
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
RFC 3711
TitleRFC 3711
TypeRequest for Comments
Number3711
Year2004
StatusProposed Standard
AuthorsDavid A. McGrew; M. Bjørnson
AreaNetwork Security; Voice over IP
RelatedSecure Real-time Transport Protocol; SRTP; Media Security

RFC 3711

RFC 3711 is the specification that defines the Secure Real-time Transport Protocol (SRTP), a protocol designed to provide confidentiality, message authentication, and replay protection for real-time multimedia transports. Published in 2004 as a Proposed Standard, RFC 3711 addresses security requirements for streaming media carried over the Real-time Transport Protocol (RTP) and is widely referenced in standards, implementations, and interoperability testing. The document influenced work across standards bodies and vendors involved with VoIP, video conferencing, and telepresence systems.

Overview

RFC 3711 specifies a profile of protections for Real-time Transport Protocol streams by defining packet formats, header handling, and cryptographic processing for the Secure Real-time Transport Protocol. It situates SRTP in the context of existing Internet standards such as RFC 3550 and interoperates with signaling frameworks like Session Initiation Protocol and media frameworks used by H.323 and SIP-T. The specification targets deployments in environments involving vendors such as Cisco Systems, Avaya, and Polycom and aligns with the work of standards organizations including the Internet Engineering Task Force and the IETF Audio/Video Transport Working Group.

Security Architecture and Goals

The architecture of RFC 3711 aims to provide confidentiality, message authentication, integrity, and replay protection for RTP and its control protocol counterparts, notably Real-time Control Protocol. Goals include minimizing overhead for latency-sensitive flows used by deployments such as Skype Technologies, Microsoft Skype for Business, Google Meet, and enterprise solutions from Siemens AG. The design rationales reference cryptographic guidance from bodies like National Institute of Standards and Technology and seek compatibility with materials from ITU-T such as media codecs used in H.264 and G.711 contexts. It also considers policy and legal frameworks encountered by operators including Federal Communications Commission and international regulatory entities.

Key Protocol Components

RFC 3711 defines the SRTP packet processing model, including the use of an RTP payload encryption transform, per-packet authentication tags, and sequence-number based replay counters. It prescribes solution elements like the SRTP header, the authentication trailer, and optional encryption salt. The protocol describes interactions with key management entities and signaling protocols such as Zfone-style mechanisms and integrations with MIKEY and SDP attributes used by SIP endpoints. Implementation examples in the ecosystem include open-source projects like OpenSSL integrations, media frameworks such as GStreamer, and telephony stacks exemplified by Asterisk (PBX) and FreeSWITCH.

Cryptographic Algorithms and Key Management

RFC 3711 recommends specific cryptographic transforms, including symmetric ciphers (notably variations of Advanced Encryption Standard modes) and HMAC-based authentication using algorithms referenced by IETF Cryptographic Algorithm Working Group outputs. Key management is intentionally left to external mechanisms; the specification discusses compatibility with keying protocols and methods such as MIKEY, SDP Security Descriptions, and secure transport arrangements involving Transport Layer Security and Datagram Transport Layer Security. The document influenced choices in major products from Apple Inc., Google LLC, and Cisco Systems for algorithm selection and default cipher suites in compliance testing with laboratories like ETSI and conformance programs run by Wireshark capture analysis communities.

Implementation and Interoperability Considerations

RFC 3711 addresses implementation considerations including packetization, cipher context synchronization, rekeying strategies, and state management for systems with large numbers of concurrent streams such as those deployed by AT&T, Verizon Communications, and cloud providers like Amazon Web Services. The specification’s modular separation of packet protection from key management enables interoperability across signaling protocols including SIP, H.323, and proprietary control planes used by vendors such as Polycom and Huawei Technologies. Test suites and interoperability events hosted by organizations like the IETF and industry consortia such as SIP Forum have validated SRTP behavior across stacks including Netfilter-based firewalls, session border controllers from Oracle Communications, and open-source endpoints.

Security Analysis and Known Issues

The security assessment in RFC 3711 outlines attacks mitigated by SRTP—confidentiality breaches, message forgery, and replay—and notes limitations such as the need for robust key management to prevent key compromise and plaintext header exposure. Subsequent cryptanalysis and operational experience identified issues around cipher-suite agility, forward secrecy, and the impact of compromised synchronization state on long-lived streams, topics explored by researchers at University of California, Berkeley, ETH Zurich, and Carnegie Mellon University. The evolution of secure media transport has led to follow-on specifications and guidance in venues like IETF AVTEXT and ongoing work to combine SRTP with techniques from DTLS and ICE for improved NAT traversal and key negotiation.

Category:Internet Standards