Why no rollover counter in srtp RTP packet?

[PeterXu]

It is very inconvenient in Internet's audio/video application.

In order to resolve this issue, lots of IETF drafts provide one out-of-band protocol to transfer rollover counter.

However, the rollover counter must be started from 0 If no out-of-band protocol.

That means no-rollover-counter cannot enhance the security.

[paulej]

There is nothing inherently secure or insecure about the rollover counter value, so transmitting it in the clear isn't a problem. It is unclear why you feel that it is needed in the SRTP or the RTP packets, though. Two communicating endpoints would know the current ROC value.

An exception is where E2E encryption is used and conference servers are not encrypting the packets for each endpoint. We see an example of that with the perc working group in the IETF.

In any case, this is not something that we can address in libSRTP. LibSRTP is merely an implementation of the protocol, not the specification for the protocol.

[pabuhler]

I will close this as it is not a libsrtp issue.