Secure Real-time Transport Protocol (SRTP) for Cloud Services

Document Type Expired Internet-Draft (individual)
Authors John Preuß Mattsson  , Mats Naslund  , Magnus Westerlund 
Last updated 2016-04-21 (latest revision 2015-10-19)
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


In order to support use cases when two or more end-points communicate via one (or more) cloud service (e.g. virtualized cloud-based conferencing) that are not trusted to access the media content, this document describes the use of so called end-to-end (inner) and hop- by-hop (outer) cryptographic transforms within the Secure Real-time Transport Protocol (SRTP). One of the main aspects of the transforms is to make the confidentiality and message authentication independent of the RTP header. Another central aspect is to enable identification of the cryptographic contexts (keys etc.). Besides the security of the end-points, also trust assumptions regarding the cloud services are addressed.


John Preuß Mattsson (
Mats Naslund (
Magnus Westerlund (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)