IETF Logo Mail Archive

Re: [AVTCORE] Registering AVP Profiles for RTP over QUIC

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Wed, 11 May 2022 22:41 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4441C157B5F for <avt@ietfa.amsl.com>; Wed, 11 May 2022 15:41:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BYYCb2heFDAc for <avt@ietfa.amsl.com>; Wed, 11 May 2022 15:41:25 -0700 (PDT)
Received: from mail-vs1-xe2d.google.com (mail-vs1-xe2d.google.com [IPv6:2607:f8b0:4864:20::e2d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89587C159498 for <avt@ietf.org>; Wed, 11 May 2022 15:41:25 -0700 (PDT)
Received: by mail-vs1-xe2d.google.com with SMTP id x8so3428396vsg.11 for <avt@ietf.org>; Wed, 11 May 2022 15:41:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=a1HhB36HbYD2bTGV/hv/MlUi78xMbDOpyE2Rkg6GGxU=; b=D4Vda0Ho2ioIP9G5RzSQw583zgySXB/BkLAfJ/WFxpBlhTw6sB9jqxMMZ4WaNg51NL 2mtxYaLm0fn1d781XVDwDI0Vs0UPQUc9hJA6+5JBIURLeAfexYG8teEncF2HF+5d6r/z xn2cJ5+K21NMeAzQh4C/BuNhMSP/wtJbuEyDQKNyOpNQLi3OODGHLTE2O/5mBZho3Y8A WYMytNbOInJoA+teUq7g9o8tbMMp7P2KFcqXCJL+ciyxZNv4f1BUi2UVas1/f7AFdUpl fzxT7tUYuQlQikTzrkzZFgUFe3Tv+dfyg9ns5vr/qlcQJatJX+Cjp0IRNuQkvxNvN9ix Fk6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=a1HhB36HbYD2bTGV/hv/MlUi78xMbDOpyE2Rkg6GGxU=; b=Hz3JZhMDVC1+DgjTIDl1ZLmvmOSnOdeApX6uISPACx5wcYC8zbBAgwxjtM8myiAGdX 3DfrvwkwzPlJXrpA7KOPcLu/Wce7biYNE6C5XRQ16bSrhSU6KXnFb9+MFW3dh0frQ/zD nC5F/qzdPdhlgMgmPxUtGrYbhtTHFqebF1K+4/pLsivpnTArslUGFxd+FuZnDuchevrP /3rI96TVeA0VkBENjJONjLuQaTyvpC6BvIhkk4hrR90+69FGtDXw+gbZXqhndBO+PcF2 8xpzc4T6QrAS4UfQPLSE5fK5jjYC27Fb+ilrYbWo74ngGqGGu9PA1/kqk0AfkzDInvjL yxUA==
X-Gm-Message-State: AOAM533vRXi7pELbNOuOJk/i1gUzAWCiaS7/UNCxWTOBJKwiKdCsmkez IJz6KU3crgnCM0P26gWm72Nzstxk00jo1pKJ3Tg=
X-Google-Smtp-Source: ABdhPJwu1m5iECNOuDf5jgI/R1NzqSA/64538uLd3XPXJ8BAw6+Kfc57KxtGbQ7GoChZHFzLAqu2YB7/vpvFqJ/CwvY=
X-Received: by 2002:a67:b445:0:b0:32c:e27c:b690 with SMTP id c5-20020a67b445000000b0032ce27cb690mr15153962vsm.43.1652308884319; Wed, 11 May 2022 15:41:24 -0700 (PDT)
MIME-Version: 1.0
References: <CAKKJt-dvotzuaK66T8WQd7YgNLNr_6vqa4W8-z=5FvujpGWA=A@mail.gmail.com> <CAD5OKxvuQ+ng4YUbKE2Do5aB3pOpTs24Y59G1-2QAwSSX6HYkw@mail.gmail.com>
In-Reply-To: <CAD5OKxvuQ+ng4YUbKE2Do5aB3pOpTs24Y59G1-2QAwSSX6HYkw@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
Date: Wed, 11 May 2022 17:40:58 -0500
Message-ID: <CAKKJt-cXMa8bW7HhwrkzX2-O=kYK2GRNwtB+cHRB-zWn+f0f+g@mail.gmail.com>
To: Roman Shpount <roman@telurix.com>
Cc: IETF AVTCore WG <avt@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001bf3cd05dec42464"
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/C7pb6zhGXMcLjuZ40tb-pqETsJE>
Subject: Re: [AVTCORE] Registering AVP Profiles for RTP over QUIC
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 May 2022 22:41:29 -0000

Hi, Roman,

On Wed, May 11, 2022 at 4:12 PM Roman Shpount <roman@telurix.com> wrote:

> What about using QUIC for encryption session setup and SRTP for sending
> media, similar to DTLS-SRTP? This can be the easiest option to implement.
>

I'm not aware of a way to stop encryption in RFC 9000 QUIC, which is using
RFC 9001 TLS for key exchange, etc, in favor of an application-level
encryption mechanism. This has come up a number of times in conversations
with 3GPP, who also wanted to avoid duplicate encryption (details don't
matter, at this point), and the IETF has always said they wouldn't provide
that.

But maybe something has changed?

Best,

Spencer


> Best,
> _____________
> Roman Shpount
>
>
> On Wed, May 11, 2022 at 4:47 PM Spencer Dawkins at IETF <
> spencerdawkins.ietf@gmail.com> wrote:
>
>> Dear AVTCORE,
>>
>> I've had an open PR in
>> https://github.com/SpencerDawkins/sdp-rtp-quic/pull/9 for a while,so I
>> could get a sense of how AVT profiles are supposed to work, and I'd like to
>> push on that now (with a virtual interim meeting coming up next week)..
>>
>> The high-level summary of discussion in
>> https://github.com/SpencerDawkins/sdp-rtp-quic-issues/issues/5 (note
>> that this discussion is in a different repo, because reasons) has been
>> roughly,"what's the difference between QUIC/RTP/AVPF and QUIC/RTP/SAVPF"?
>>
>> The arguments about not registering secure AVP profiles involve
>>
>>    -  the computational overhead of double encryption for all packets,
>>    plus
>>    - the payload overhead of 10 bytes per packet since you have 2 HMACs.
>>
>> The arguments about registering secure AVP profiles seem to revolve
>> around
>>
>>    - Minimizing the impact of added QUIC support in existing
>>    implementations that are using /RTP/SAVPF now.
>>    - QUIC encryption protects payloads between QUIC endpoints, but there
>>    are many multi-endpoint RTP topologies (
>>    https://www.rfc-editor.org/rfc/rfc7667 has about 50 pages of them),
>>    and when a middlebox receives  QUIC/RTP/AVPF, it's not obvious whether the
>>    middlebox should
>>       - forward the RTP payload using  RTP/AVPF (where the outgoing AVPF
>>       matches the incoming AVPF), or
>>       - forward the RTP payload using RTP/SAVPF, where the outgoing SRTP
>>       encryption matches the incoming QUIC
>>
>> It seems to me that there are three choices:
>>
>>    - Use only QUIC/RTP/AVPF, and and require middleboxes receiving
>>    QUIC/RTP/AVPF traffic to always forward that traffic over RTP/SAVPF
>>    - Use only QUIC/RTP/AVPF, and and require senders to signal
>>    middleboxes whether they should forward that traffic over RTP/AVPF or
>>    RTP/SAVPF
>>    - Register both QUIC/RTP/AVPF and QUIC/RTP/SAVPF, and if you have to
>>    do double encryption on the QUIC/RTP paths to get RTP/SAVPF on the other
>>    side of a middlebox, too bad
>>
>> So, my questions are,
>>
>>    - What am I missing here?
>>    - Are any of the choices I'm listing obviously the *BEST* choice?
>>
>> Best,
>>
>> Spencer
>> _______________________________________________
>> Audio/Video Transport Core Maintenance
>> avt@ietf.org
>> https://www.ietf.org/mailman/listinfo/avt
>>
>

v2.23.0 | Report a Bug | By Email