[AVTCORE] Design choice comments on draft-jones-avtcore-private-media-framework-00
Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 19 February 2015 15:03 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73D1D1A906E for <avt@ietfa.amsl.com>; Thu, 19 Feb 2015 07:03:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G8x0xZI6ceYA for <avt@ietfa.amsl.com>; Thu, 19 Feb 2015 07:03:45 -0800 (PST)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E7311A8901 for <avt@ietf.org>; Thu, 19 Feb 2015 07:02:43 -0800 (PST)
X-AuditID: c1b4fb25-f791c6d00000617b-ec-54e5fb100def
Received: from ESESSHC015.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id D0.8A.24955.01BF5E45; Thu, 19 Feb 2015 16:02:41 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.65) with Microsoft SMTP Server id 14.3.210.2; Thu, 19 Feb 2015 16:02:40 +0100
Message-ID: <54E5FB10.2030209@ericsson.com>
Date: Thu, 19 Feb 2015 16:02:40 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: IETF AVTCore WG <avt@ietf.org>, "Paul E. Jones" <paulej@packetizer.com>, nermeen@cisco.com, "David Benham (dbenham)" <dbenham@cisco.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprALMWRmVeSWpSXmKPExsUyM+Jvja7g76chBofWcVi87FnJbnHm1zwm i1Un/rFanL+wgcmBxWPK742sHkuW/GTyaNh3lD2AOYrLJiU1J7MstUjfLoErY++et+wFzUoV cy+0sTUwXpTuYuTkkBAwkfjRupUdwhaTuHBvPVsXIxeHkMARRol3s7axQjjLGSX+/n3NBFLF K6AtsWv+E1YQm0VAVWJdzxEWEJtNwELi5o9GNhBbVCBYYvHzp6wQ9YISJ2c+YQEZJCIwgVHi dednsISwQKDEm5XbgFZzcDALaEqs36UPEmYWkJdo3jqbGcQWAtrV0NTBOoGRbxaSUbMQOmYh 6VjAyLyKUbQ4tTgpN93IWC+1KDO5uDg/Ty8vtWQTIzAID275rbqD8fIbx0OMAhyMSjy8Hzqf hgixJpYVV+YeYpTmYFES57UzPhQiJJCeWJKanZpakFoUX1Sak1p8iJGJg1OqgXHqnCW/OTzf JflN6Apz8w9wmeXHxHzpXHUET+/tjykPZzdfFz9Usm/zZ6bilAsTVNdsOaH4SPHA+R1niqUO 67YbqzCfUK+O8skKXP+q6cYySS6r67klkvUH/wSvqj7PvGLx0+9RPkkXnMJz4vxyRCx4HV7N e10Sd6P5tg3TpZOs3x4um/AnI16JpTgj0VCLuag4EQBakZyEIwIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/avt/7oQ9GEHV1caij0ri85iLWqyHq14>
Subject: [AVTCORE] Design choice comments on draft-jones-avtcore-private-media-framework-00
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Feb 2015 15:03:51 -0000
Hi, (As individual) I have just reviewed the draft and are supportive of work in this field. However, I have some really high level comments in regards to the design choices. 1. Supported RTP topologies I think you will need to discuss a bit more which RTP topologies that the framework should support. The current draft supports only basic transport translators (Relay) to my understanding, because of it preventing rewriting of RTP sequence number as well as the SSRC. Thus, all RTP streams sent to the server must be forwarded to all other participants. I believe the intention of the document is to support at least Selective Forwarding Middlebox (SFM). However, to support such a topology and be able to suspend delivery of some media streams, then RTP sequence number rewriting becomes a requirement to keep the media streams compliant with current RTP specification. Also people who have been building conferencing middleboxes also uses other topologies, for example the RTP mixer in also used to build switching mixers. Where an SSRC can represent a role rather than a original sender. I think there is need to have some discussion of which RTP topologies this type of solution intends to support so that one can determine which RTP field behaviours that is to be expected and need to be dealt with. I would appreciate your view of what you see as needed to be supported. 2. Additional privacy concerns in RTP/RTCP. The proposed framework protects the RTP payloads and their media content from the middle. However, the document fails to discuss if privacy protection is needed either for the RTP header extensions themselves or if any RTCP packets or their content is privacy sensitive. The RTP header extensions that are defined in IETF, as well as the two 3GPP has registered appears to be privacy sensitive in any way. However, the big picture issue is that RTP header extensions do not require to be standardized. The registration requires only an Expert Review, and they are trivial to use for proprietary extension. So we have no idea what might be showing up here. I could easily believe that someone would for example include a geolocation attached to a video stream to capture where for example a airborne drone where when capturing the video. Suddenly you have data that is privacy sensitive and may require end to end protection. In RTCP you already today have some parts that are privacy sensitive. For example all the SDES items with the exception of CNAME (if generated correctly) can contain privacy sensitive data. Also the APP RTCP packet type might contain data that needs to be protected end to end. Thus I think you need to consider if there are need for additional protection mechanisms to realize the goals of this framework. To me it appears that this are reasonably straightforward SRTP extensions that could solve these issues if they are considered necessary to resolve. Even if the initial solution doesn't provide a fully specified solution, I think it is important to ensure that the framework do support a solution to specified at a later stage. 3. What must be in the trusted zone? Looking at the description it looks like the solution is missing one important part in the trusted zone. That is the list of identities or secret that enables an invited / allowed participant to participate in a particular conference. That functionality is key component of the security solution. How else is the KMF going to be able to determine which asserted identities that are allowed to get the EKT, thus being able to get access to the media. I understand the need for having solution agility when it comes to identity solutions, however the functionality and the requirement on it I think needs to be described in this type of framework. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- Re: [AVTCORE] Design choice comments on draft-jon… Paul E. Jones
- Re: [AVTCORE] Design choice comments on draft-jon… Magnus Westerlund
- [AVTCORE] Design choice comments on draft-jones-a… Magnus Westerlund
- Re: [AVTCORE] Design choice comments on draft-jon… Paul E. Jones
- Re: [AVTCORE] Design choice comments on draft-jon… Magnus Westerlund
- Re: [AVTCORE] Design choice comments on draft-jon… Bernard Aboba
- Re: [AVTCORE] Design choice comments on draft-jon… Paul E. Jones
- Re: [AVTCORE] Design choice comments on draft-jon… Magnus Westerlund
- Re: [AVTCORE] Design choice comments on draft-jon… Bernard Aboba