Re: [AVTCORE] RTP Header Extension Encryption

Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 16 September 2020 14:28 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EE6533A09BB for <avt@ietfa.amsl.com>; Wed, 16 Sep 2020 07:28:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.796
X-Spam-Level:
X-Spam-Status: No, score=-3.796 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.695, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3c5982pLqlMo for <avt@ietfa.amsl.com>; Wed, 16 Sep 2020 07:28:16 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70049.outbound.protection.outlook.com [40.107.7.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8AD663A099E for <avt@ietf.org>; Wed, 16 Sep 2020 07:28:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=R7IDC+tixAIl6c+yfNttqUWKybn8By0NNKSX9s1G21ke6lNlvTZpppD71sSTLVwA1OGNsaaRpg+L/t8POYqSmsxrzMxq4S6olc6f6A+q9y3cNDVm0mv+80MviEVVr1rGsAd9gNRVv3zXjafi7S++sVaKowSe9H2iSLqMRxQNWCveKzMGKiyr7miPOPch4cCfL3mAP4OiA2Ba1LwfwjDHYM5+byVmR7nhVbqCZAOBcWGUm4+pC7skc3fjpL9HUFYnPJqLspabNxyrYmHcO1/ojgv8mU4pbLS/xg9uvk3JWKIFM+6AaSLz+Yu8Z+S9vaMcSySqlfZWVWMo27SZ8YPB5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jl/m/uiY2sC4gd/6hT/qiBG5bVQcNfIkC9embLd+fmM=; b=jFQP3ELSZF6mpm7QWeahc/VgSE6WhmDvG2tU5Wh8dS9f0RXEvwC8goOhBqMVW1CsJSufAJO024EzgHEzFoehEhFZcB8/smJ11D1bYkm9oJ7AjNlPhMgFDmU+rpGs8QL4bsXLzSeVW77jxls4dAD4A88p4C3n3PfG7osK/IX6aZD7ohMnIO6jQuS00imw/e/xDvvH83DjospqfFCPeB4+KFrGQOe9rzxRfM4yHEh96/AQjm2lHU0q1xAS/XWP/Eifld038GZ/X1UyDIawvIQbGjVuKxNQeWeIMIAlUULtF4pML+mYViCidec4aV94nPoOm8YNPTVJDTXT5sB2mSvqVA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Jl/m/uiY2sC4gd/6hT/qiBG5bVQcNfIkC9embLd+fmM=; b=Yd1iA+6ql25lnbSgIqpxalvk9N3dAU1B3OcupZ/YlcNJ/vQ7aJpVVTztZI3WagxZ+R1JF4LoQ4nqkyaI3I+WNXzs/kAqY80l/DZ5fWF0ora5rAqwCagb7e5AGuNcm1LacIPiinVQ2cKW/hZ9nfrIqRStOEaYCpcLEhZw4w1VTkU=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR07MB4218.eurprd07.prod.outlook.com (2603:10a6:7:a1::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3412.4; Wed, 16 Sep 2020 14:28:13 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::c98a:9a0c:1eea:3fdc]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::c98a:9a0c:1eea:3fdc%6]) with mapi id 15.20.3391.009; Wed, 16 Sep 2020 14:28:13 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "harald@alvestrand.no" <harald@alvestrand.no>, "avt@ietf.org" <avt@ietf.org>
Thread-Topic: [AVTCORE] RTP Header Extension Encryption
Thread-Index: AQHWh7dkr7Hg0+xmr0iVkQ6HrsaeMqliZwgAgAFdHQCAAAf6gIAADV8AgAPsEoCAA1SpAP//sIoA
Date: Wed, 16 Sep 2020 14:28:13 +0000
Message-ID: <f43686a846de09961d1c582f901655a93df384cc.camel@ericsson.com>
References: <CAOW+2dvo8z422LFeP5S652bq8RkF-SKhik=aXYXpTe9zqBX5yw@mail.gmail.com> <CAOW+2dt_A+A1AVnTUQyB4sTG5hMCv7Gf3-rrBB89LR-oacX=Rg@mail.gmail.com> <c390c256-3b4f-5c4d-0e2f-a784acec663c@alum.mit.edu> <CAOW+2dvAJSvAZmwNdYyGASj8Y5dptt8L6B9YrU3RMNrwP2ShGA@mail.gmail.com> <e94134bc-e411-1bdb-44cf-3cdf34f38044@alum.mit.edu> <a94e06f512bea37100179f6601df363ef9ad207e.camel@ericsson.com> <db1eb25e-a9ca-7005-a547-bd0ac9d67b4b@alvestrand.no>
In-Reply-To: <db1eb25e-a9ca-7005-a547-bd0ac9d67b4b@alvestrand.no>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: alvestrand.no; dkim=none (message not signed) header.d=none; alvestrand.no; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [158.174.116.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 038a353a-a3da-4951-b90e-08d85a4cbec9
x-ms-traffictypediagnostic: HE1PR07MB4218:
x-microsoft-antispam-prvs: <HE1PR07MB421885F55E25CFC9C04AC17495210@HE1PR07MB4218.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tlD6YzMXIF/lrNzHJeb79mL65ovSNK7Knlt3YrDd1PIFY0GoKe7h72TlH6aWprTpq4CS+jwqfFsxNuCpYNjhPGrvAnZpg6W/4DITsRgRA9hTAi0hjN/velov9c1ifpQXhlcYs8tcwYtpf1nenbOWPglSNoS3Q2A+U1zRnecwUnOmDedPHpKLtXtk2QP+PV3qHnArP5EHVt/ctp5a9+WN/nBRwqLvWda46CjIz37h0wKbvdhWp1O/YGcRxg69BIe5uBMZ0hKiER+k/V6G/y9Tq8n2ghdTBkN+YV3TcR5eQ/e4ppGJp1kC/SlGrRPukJnTIAvgMl6Y5UptVWQG2NDTLerRwBLqTyRQWN5TTQfu7uOCZQUJfUUPYWx1Ib6pc2DeFZGIkc/ftU0m3QzebIwaKQWKgVm0X/Ma6s4yZrjPd4CJsJu4Q9aIHq6AYcFjwgOEFuU6AOMVIHt+x1d+p6DHSKOO5oh7SYTbdOhiA3lMREbpV3/4DPIPiI6tB1Z8cJMQ
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(366004)(376002)(136003)(396003)(39860400002)(8936002)(2616005)(44832011)(71200400001)(83380400001)(8676002)(316002)(186003)(26005)(478600001)(86362001)(6512007)(36756003)(6486002)(110136005)(966005)(2906002)(5660300002)(66476007)(66556008)(64756008)(66446008)(76116006)(66946007)(6506007)(53546011)(99106002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: WMCBOYXsR0pCIu893QQlUpJmqT8zL22Wns4ElaKGTA8F8wBsZ0UAtLaUSTE98Zzgr3zwAdf0ISL+a4S9k1vluZpYKIFYfouaYc1Uu9GK9cQCybhPwkt/YdWzsRDQ7AIZ7B6D1XDgZmdfvCASJaza1/GjvWE7KqXafiOXmrgUYXX06bIb5IRmtgHPfncbSIvX6ANm2DlAyNkEf7cHG93g60mdULaV4gsZoCz4bOOVxpfHTQD1V/2kjgBuzHEhtIBiTPRIAVb2Ai0Bh8IHuwIi4GunPfdAMfiGi8QqPkprPtjmw3upPk85HSBseicqqkF+xL8CQfnJncGuzKQObk7IMtxqBkIpTzK7G/BvSAF1dzNUhxPHm69unsS+ofIFPQEmjt20p9ryAOaqr2lvTGocgDc3Se6vx6k7hbhNeixEBxKcGVOOBtNAHoEJ/rV/duTtCAka5ZaeK7wi97K5LQx4o6V2uPLGmthuVIWQt14PrIp99BjLJ5jmCAIAdwMopFKZTV6+saKtacDUTS8cyhcj8wKFCedRGpjN1RxnCFImuJtqPSBEiFBCYL9w0Q2d2+nhTJH3pMdcP+GPa/28NlSdtmfKJ8fYzhAVEvSAVnMD+UwteQWPHW0QYyQfcQ/dKxSTVj+Hp94IL3ZfJZQNC1h+zg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <BB430BB51801214BA0E8772C8E0AD1A0@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 038a353a-a3da-4951-b90e-08d85a4cbec9
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Sep 2020 14:28:13.6591 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 8W7rxBlHm66kO9lTwlvaWky+pU7Cr+aJCtvCJe/ieXZgpxIQiVCFmy2Yd6aQEgwaRBde80J4BwT2N6OZ0G5/oI6cQJiuPX7wYzFIy2+vRjA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4218
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/0BN04xv5BJAqu3tisuQod5C0s1M>
Subject: Re: [AVTCORE] RTP Header Extension Encryption
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Sep 2020 14:28:19 -0000

On Wed, 2020-09-16 at 12:33 +0200, Harald Alvestrand wrote:
> On 9/14/20 9:41 AM, Magnus Westerlund wrote:
> > On Fri, 2020-09-11 at 15:48 -0400, Paul Kyzivat wrote:
> > > On 9/11/20 3:00 PM, Bernard Aboba wrote:
> > > > Paul said:
> > > > 
> > > > "Can you please clarify the scope for which you want the encryption to
> > > > be
> > > > consistent? Above you variously mention all MIDs and all m-lines. I'm
> > > > concerned with what "all" applies to.
> > > > 
> > > > I think I can agree if you are talking about "all within a bundle
> > > > group". Anything broader has major problems."
> > > > 
> > > > [BA] Thanks for pointing this out.
> > > > 
> > > > Mixing unencrypted and encrypted RTP header extensions within a bundle
> > > > group is problematic because all of the RTP packets arrive on the same
> > > > port, and the receiver needs to know the MID (which could be encrypted)
> > > > in order to figure out which packets should have encrypted and
> > > > unencrypted RTP header extensions.  But if you have different bundle
> > > > groups, then it is possible for each group to have different settings
> > > > (e.g. encrypted RTP header extensions on one group and unencrypted RTP
> > > > header extensions on another bundle group) without that problem
> > > > arising.  So this is an argument only for consistency within each bundle
> > > > group, not for requiring all bundle groups to have the same setting.
> > > 
> > > I'm feeling we need a new term here. It has to cover a bundle group as
> > > well as a single media-description that isn't bundled. Is there a term
> > > for this within the RTP vocabulary?
> > > 
> > > 
> > 
> > The term in the RTP vocabulary that makes sense are to have header
> > encryption
> > configuration be applied on the RTP session.
> > 
> > A boundle group will be one RTP session as they share BUNDLE Transport
> > parameters.
> 
> 
> I think this is wrong. An RTP session can cover multiple transports (and 
> will, if you don't use BUNDLE).

In what context? Yes, the generalized definition of an RTP session is the set of
RTP + RTCP packets sent and received over a set of transport receivers and
transport destination as specified by some type of addressing. 

However, in a SDP using Offer/Answer if you have two or more media descriptions
that has different UDP ports and not use bundle then you will get multiple RTP
sessions. 

Section 9.1 in BUNDLE (
https://datatracker.ietf.org/doc/draft-ietf-mmusic-sdp-bundle-negotiation/) is
explicit about that one BUNDLE group is one RTP session. If you fail to
establish this bundle group you will have multiple RTP sessions with indepdent
SSRC spaces. 

If you put things on the SDP session level then you could jointly configure all
of the created RTP sessions, but they will be multiple RTP sessions. 

Cheers

Magnus Westerlund 


----------------------------------------------------------------------
Networks, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Mobile +46 73 0949079
Torshamnsgatan 23           |
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------