paulej
commented
7 years ago AESKW using any key length is equally trivial to implement. We have that in libsrtp, for example, and I think it's also in OpenSSL. However, it's not clear to me that there is an advantage to encrypt the EKT Field using 256 bits if the protected RTP session uses only 128 bits. It's not harmful if the keys use for AES KW are longer than the SRTP master keys, but I think we don't want shorter keys. So if a requirement is introduced, I would suggest we say the key used for AES Key Wrap must be the same or larger than the key length used for SRTP. (That said, it might get confusing if the cipher for SRTP isn't AES, but perhaps something else one day. Perhaps this is a slippery slope.)
suhasHere
MAY / SHOULD / or MUST be implemented ????