SOLICITATION NOTICE
D -- VoIP Applications and Infrastructure Equipment Supporting End-to-End Encryption Using DTLS-SRTP
- Notice Date
- 8/12/2011
- Notice Type
- Presolicitation
- NAICS
- 541519
— Other Computer Related Services
- Contracting Office
- Defense Information Systems Agency, Procurement Directorate, DITCO-Scott, 2300 East Dr., Building 3600, Scott AFB, Illinois, 62225-5406, United States
- ZIP Code
- 62225-5406
- Solicitation Number
- PL831100012
- Archive Date
- 9/13/2011
- Point of Contact
- Ellen T. Crain, Phone: 6182299679
- E-Mail Address
-
ellen.crain@disa.mil
(ellen.crain@disa.mil)
- Small Business Set-Aside
- N/A
- Description
- Request for Information (RFI) for VoIP Applications and Infrastructure Equipment Supporting End-to-End Encryption Using DTLS-SRTP Contracting Office Address Defense Information Systems Agency (DISA), DITCO-Scott PL8311, P.O. 2300 East Drive, Bldg 3600, Scott AFB, IL 62225-5406 Description THIS REQUEST FOR INFORMATION (RFI) IS FOR VOIP APPLICATIONS AND INFRASTRUCTURE EQUIPMENT SUPPORTING DISA UNIFIED CAPABILITIES REQUIREMENTS (UCR) FOR END-TO-END (E2E) ENCRYPTION USING THE DTLS-SRTP PROTOCOL. Background The Secure RTP profile (SRTP) can provide confidentiality, message authentication, and replay protection to RTP data and RTP Control (RTCP) traffic. SRTP does not provide key management functionality, but instead depends on external key management to exchange secret master keys, and to negotiate the algorithms and parameters for use with those keys [RFC5764]. A majority of encrypting VoIP applications currently use Session Description Protocol Security Descriptions for Media Streams (SDES) with hop-by-hop Transport Layer Security (TLS) to exchange secret master keys for SRTP. This method is not end-to-end (E2E) secure as the SRTP keys are visible in plaintext form to any SIP proxy along the call path. IETF specified a Datagram Transport Layer Security (DTLS) extension for establishing SRTP keys in a way that is end-to-end secure in RFC5764 and other documents in May 2010. The National Security Agency (NSA) has also published a Suite B profile of DTLS-SRTP as an Internet Draft [NSA]. DISA desires to take full advantage of the many collaboration features of commercial unified communications products. Therefore, we expect to protect media sessions with SDES-SRTP by default while providing our users the option of invoking the E2E security of DTLS-SRTP when necessary. This is especially important in public cloud scenarios. Request for General Information 1. Describe your organization, products, and their capabilities. Do you produce VoIP clients (e.g., softphones), infrastructure (e.g. session border controllers), or enterprise/carrier software (e.g. unified communication suites)? 2. Please describe your experience with or future plans for mobile VoIP noting experience with 3 rd Generation Partnership Project (3GPP) IP Multimedia Subsystem (IMS) and GSM Alliance (GSMA) Voice over LTE (VoLTE) systems. 3. Does your product currently support DTLS-SRTP? If not, what key management protocols does it support? Request for Roadmap Information This section assumes that the responder does not currently support DTLS-SRTP encryption. •1. Is support for DTLS-SRTP on your product roadmap? •2. What platforms do you intend to support? Note support for mobile devices. •3. Will the DTLS-SRTP implementation be capable of complying with the draft Suite B profile of DTLS-SRTP [NSA]? •4. Do you expect to write your own implementation, leverage a cryptographic toolkit, or use open source software? Please note the particular toolkits and/or open source software you are considering for use. •5. If DTLS-SRTP is a roadmap item, when do you expect general availability? Request for Technical Information This section assumes that the responder does support DTLS-SRTP encryption. •1. Provide a product datasheet noting supported platforms and any FIPS validations. •2. Describe the DTLS-SRTP implementation. What standards does it comply with? Note any cryptographic toolkits or open source software used in the implementation. •3. Provide a list of cipher suites supported by your product. •4. Is your DTLS-SRTP implementation capable of complying with the draft Suite B profile of DTLS-SRTP [NSA]? •5. Do you have capabilities that can transcode between DTLS-SRTP and other protocol suites? REFERENCES [RFC5764] http://tools.ietf.org/html/rfc576 4 [NSA] http://tools.ietf.org/html/draft-peck-suiteb-dtls-srtp-00 [DTLS] http://tools.ietf.org/html/draft-ietf-tls-rfc4347-bis-06 DISCLAIMER THE GOVERNMENT DOES NOT INTEND TO AWARD A CONTRACT ON THE BASIS OF THIS RFI OR OTHERWISE PAY FOR INFORMATION RECEIVED IN RESPONSE TO THE RFI. This RFI is issued for information and planning purposes only and does not constitute a solicitation. All information received in response to the RFI that is marked Proprietary will be handled accordingly. The Government shall not be liable for or suffer any consequential damages for any proprietary information not properly identified. Proprietary information will be safeguarded in accordance with the applicable "Government regulations. Responses to the RFI will not be returned nor will the Government confirm receipt of the RFI response. Whatever information is provided in response to this RFI will be used to access tradeoffs and alternatives available for determining how to proceed in the acquisition process. In accordance with FAR 15.201(e), responses to this RFI are not offers and cannot be accepted by the Government to form a binding contract. The anticipated North American Industry Classification System Code (NAICS) for this requirement is 541519 (size standard $25M). Small businesses are strongly encouraged to provide responses to this RFI, in order to assist DISA in determining the potential levels of interest, competition and technical capability to provide the required services within the Small Business community. In addition, this information will also be used to assist DISA in establishing a basis for developing any subsequent potential subcontract plan small business goal percentages. Submission Instructions Responses should include the (1) business name and address; (2) name of company representative and their business title; (3) contract vehicles available that would be available to the Government for the procurement of the product and service, to include General Service Administration (GSA) Federal Supply Schedules (FSS), or any other Government Agency contract vehicle. The responses should be submitted via email no longer than eight (8) pages in length. Responses to this RFI are due NLT Monday 29 August 2011 at 5:00 PM Eastern (DST). Contact POC's are Maria A. Medina (maria.medina@disa.mil) and Michael Lewis ( michael.lewis@disa.mil ). Proprietary Statement Proprietary information and trade secrets, if any, must be clearly marked on all materials. All information received that is marked Proprietary will be handled accordingly. Please be advised that all submissions become Government property and will not be returned. All government and contractor personal reviewing RFI responses will have signed non-disclosure agreements and understand their responsibility for proper use and protection from unauthorized disclosure of proprietary information as described 41 USC 423. The Government shall not be held liable for any damages incurred if proprietary information is not properly identified. Contracting Office Address: 2300 East Dr. Building 3600 Scott AFB, Illinois 62225-5406 United States Place of Performance: Non-U.S. United States Primary Point of Contact.: Ellen T. Crain, Contract Specialist ellen.crain@disa.mil Phone: 618-229-9679
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/DISA/D4AD/DITCO/PL831100012/listing.html)
- Record
- SN02532318-W 20110814/110812235506-2d2b0d507bf39a2d9105af82c4a283c3 (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |