[AVTCORE] Re: cryptex questions
Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Wed, 06 May 2026 07:46 UTC
Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: avt@mail2.ietf.org
Delivered-To: avt@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 59800E9BF2CB for <avt@mail2.ietf.org>; Wed, 6 May 2026 00:46:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1778053566; bh=wcjEV73HDaAsyUoYFk5itlxWGypQAhkmv4GyQYeStNQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc; b=edkqDHvK2K8UYEC1i6W0Nd6iQGGN1cqmInyBOWafJa6OEY6i/w9UOj8FsCBoa+m9b UWKmtLwg3yM7FquAo1j/kMM2j/+3pWZCvnnI5piN/enHPF46arvxEkMSYtxfIFGO+h ytT6mgb3GSzgbrbJy4yeylNovuVnGTYWhxXLHags=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G4dQw-P4k5s1 for <avt@mail2.ietf.org>; Wed, 6 May 2026 00:46:01 -0700 (PDT)
Received: from mail-yx1-xb133.google.com (mail-yx1-xb133.google.com [IPv6:2607:f8b0:4864:20::b133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 636FDE9BF2BB for <avt@ietf.org>; Wed, 6 May 2026 00:46:01 -0700 (PDT)
Received: by mail-yx1-xb133.google.com with SMTP id 956f58d0204a3-65c52bb5dd7so3104915d50.2 for <avt@ietf.org>; Wed, 06 May 2026 00:46:01 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1778053561; cv=none; d=google.com; s=arc-20240605; b=Y0n/oqNoiCIZDRuygW1GfYFWpNuLCsjx8R14uJZLrAJgkaLsGAKoCL7Yli97Sl+Y2f GVV05EzqEBCsZ6m1+nhHxkuI2WjjM8/exLk2N37kg4LLIj9v489hg4QGFSbZ1jvYvCvz jAkPLcQyv9E9rJVTIaQMreIg0WooIuWA/G9FgV8py4p1ugo3oopJo1UKpmkOGo/E00L4 OuHg1/s5p0FkB7/cnNPRsvv1qi/SZbXoAKBVd79nSizmIQh7gCrzlBp2rOVU2UlCV5ri +FSZ9HAdjBoHlZzSLv0ZWxYQBmUkcNJVIvvJdKvtaCTIU7AT0BAt/40alz00jFEncCXd KGlw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=Dv7otaZhGDx9+7EugkUUm7+9mY17Jacw6B6Zho72so8=; fh=6aLa2UU+c6BxYLI1L2gk6qYNzcCgtfn+Mw4bEGlrHAU=; b=kjaguB9mMqd5zEkJVSqDtt2/+GgBQTQ8spyTA82OZmg0cRRX0Da4K4o3OYFpeyu1rx 5D2N+oebe8kh1fNWg3VwEyhMMpLELubbsuPxY0uNoUgnmaBhVJhKSbifdQBYtoYr4bPK VqT6/srxFZOt/OxTZPTEK/pj/A9Bt+j7jam0RV0W9GMdoFl8O94eoF23+lc+rQPOltIZ ja8a+Fb9hu7TkiDnkQu0bmUGFfqV2fb454wFbmE5s1EE8VBJZ3Soca8Tu2+YvvDeVfAM i0KwYFOQ+kO3V4mFU1rXzj5F2ZW3BhooNJTFN/Ka6vlijOzaYJgQg9+lOmD6cxzGt772 G5Og==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778053561; x=1778658361; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Dv7otaZhGDx9+7EugkUUm7+9mY17Jacw6B6Zho72so8=; b=M9RSq+kp0z3l2RVGYYP5D5OVfZh3Y9hSHVg4ZI62nku1xSQbJM+Mwh1GZXG6P8jr/l kDj0HWxj7miX4JcKauMc6wSA5Wz4cvbl1ihXvCA7KaOYz6B5qPIqLfjiJq2rhdBu3+Hl dCHXZxOhqo5E4UvBq57LfdDxb7fidF6jfalfh2SoY6agPAsMuzyZsGaeGvOLIxBlvHke 7pIrtOnV/7QJLcPDaDIjfGyfWHaSpxkjx2Ts5zNI+9LFQw0NP63Iwr2efNRp+hGUVdeb SKshLZLDziAPtuGW585BhRAhYUC0uWioM58Vobh9M26aBnW1GXOHmLR+0gQAEAp8QQUb U6vw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778053561; x=1778658361; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=Dv7otaZhGDx9+7EugkUUm7+9mY17Jacw6B6Zho72so8=; b=Ym0mg98IdFPekPdhjM0HWKx9taJSJO36aON3MUEMDXEdgvu4tE1nuwDz01uRoKjgj6 rgJAiBkMrERUp3OLwppZUvYXn82mjzF5ddR8ueAFWCL8IQ5JFy0Z3AzhDY21R5dfYJpq tZdbcUfQdgNzooU/uJQSi5LSr2vZ/Av8bN0UzltYup40cnfGXsBrK+qc4nE66hgPxEW9 KU7cSfHlsSDADNDHPPJPo7dOMLH0obFEsc2qeFt7sB1O2LqRYtHdwBYuMnt9RLQYkN/a k1ghOvE6n4bvU51oVNexFGO3HndxxYcZfBhHr/OkGjs4iRpqH9ZPmxnNJXfqgtcY5U47 fmTQ==
X-Gm-Message-State: AOJu0YxladMzj3jdlyDGTDjk67Vql2Mlg5jPy95iQcck1LvQFZamfXYM LAzX0Vt5QAZgdSFnCrk5PUfID/uwqqOt1SIyMjrPmATl27F+BRXjIZzrDi4fERa8/piuNjP72MQ khy3/3RJXPVEhPiIAOu2/XY2FxpZK67gGvIGuri0=
X-Gm-Gg: AeBDieu6C3g/BODVaKjmpFcaGlpD8MZn1jiqJ1fOvNUurvqh6NKOZDcFVs/j3P+nSXM 3Ir3wCfWThti6UpaeQsh+nTmbzamsQVSz2aT+JzXT+AtVUQctgedIp+KIDDwj3lwJrCUtVjIWST isZi3gTKHB5OhXMWuH9oCaJjjrbnsDEmPL5off8QWDYxaLsuczmVDpiwUB2qT8is1MLiaMJ8rf+ k/6SLMWGKEQSLnkgmzj1EdMbh/zKdsnPhdxrEWPCf/e66Ai9wDEzfIWfQsa9JpL6PCcluefdy6b H3tYMpsxYzFafuv9MMGSat16G/lkID/SZA6I+ZgTvJChFc4Jgz4Nk/sNfL3a
X-Received: by 2002:a05:690c:64c8:b0:796:2fde:5dfe with SMTP id 00721157ae682-7bdf5eccf69mr27637497b3.38.1778053560756; Wed, 06 May 2026 00:46:00 -0700 (PDT)
MIME-Version: 1.0
References: <CADxkKi+6s+68CfKEX2-vmfJJNck1i9oxxTFL=A0yr-AYwY_7pg@mail.gmail.com> <CA+ag07ZnCc3SuE4a4_QYL5_U_-YLcrraWWe6LM2VhpbJiKp3pA@mail.gmail.com> <CADxkKiKFW=pOJw5ysO8bYA+YcT9aR7o4FT+ZJg41H_-YM1k4cg@mail.gmail.com> <a0c03306-3a1f-4c4a-8d43-0162a6684f5c@alvestrand.no> <CADxkKi+OJ3PdYKPLFQQhaxNu7ufaqgfm=Qa_dBPwcL-Ny0tYEw@mail.gmail.com>
In-Reply-To: <CADxkKi+OJ3PdYKPLFQQhaxNu7ufaqgfm=Qa_dBPwcL-Ny0tYEw@mail.gmail.com>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Date: Wed, 06 May 2026 09:45:48 +0200
X-Gm-Features: AVHnY4LucxetkQKuVKMP-iZIhrVb9SEPC5ueTnH6ztCjIzchitCQdcmIVtTOkv4
Message-ID: <CA+ag07btsCZEUGRgqo7nGiN+68=-OxAZyC7hY3WGAnnRp=z13g@mail.gmail.com>
To: Philipp Hancke <philipp.hancke=40googlemail.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e16f470651215a0a"
Message-ID-Hash: J6AJDRUVYQNJ4R7ZTMSBSW4BL3KQGUX5
X-Message-ID-Hash: J6AJDRUVYQNJ4R7ZTMSBSW4BL3KQGUX5
X-MailFrom: sergio.garcia.murillo@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-avt.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: avt@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [AVTCORE] Re: cryptex questions
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/HxDd9EdPO7U2E-R-PdC3ZrMiu1o>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Owner: <mailto:avt-owner@ietf.org>
List-Post: <mailto:avt@ietf.org>
List-Subscribe: <mailto:avt-join@ietf.org>
List-Unsubscribe: <mailto:avt-leave@ietf.org>
Hi Philipp, Yes, that is my reading too. Negotiating both mechanisms means that the receiver is able to handle both formats. It does not mean that the sender should apply both, and in fact RFC 9335 explicitly says: Peers MAY negotiate both Cryptex and the Encryption of Header Extensions mechanism defined in [RFC6904 <https://datatracker.ietf.org/doc/html/rfc6904>] via SDP offer/answer as described in Section 4 <https://datatracker.ietf.org/doc/html/rfc9335#sdp-considerations>, and if both mechanisms are supported, either one can be used for any given packet. However, if a packet is encrypted with Cryptex, it MUST NOT also use header extension encryption [RFC6904 <https://datatracker.ietf.org/doc/html/rfc6904>], and vice versa. So if the peer has advertised support for both Cryptex and RFC6904 for that extension, the sender should normally send the extension under Cryptex, rather than wrapping that individual extension with RFC6904. For this concrete case, I would negotiate both the rfc6904 and the plain header extensions ids and cryptex, then if cryptex is available, send the plain header id on a cryptex encrypted packet, and if cryptex is not available, send the rfc6904 encrypted one. Best, Sergio On Wed, Apr 22, 2026 at 3:15 PM Philipp Hancke <philipp.hancke= 40googlemail.com@dmarc.ietf.org> wrote: > I came up with one more question. > > For context, libWebRTC introduced a "corruption detection" extension > described in > > https://datatracker.ietf.org/doc/html/draft-sprang-avtcore-corruption-detection-01 > Since this extension should not be sent unencrypted WebRTC would currently > only offer the encrypted variant of this, i.e. > a=extmap:11 urn:ietf:params:rtp-hdrext:encrypt > http://www.webrtc.org/experiments/rtp-hdrext/corruption-detection > Now with cryptex this might end up negotiating both encryption variants. > > https://www.rfc-editor.org/rfc/rfc9335.html#section-5 says > If one of the peers has advertised the ability to receive both Cryptex > and header extensions encrypted as per [RFC6904] in the SDP exchange, it is > RECOMMENDED > that the other peer use Cryptex rather than the mechanism in [RFC6904] > when sending RTP packets so that all the header extensions and CSRCS are > encrypted > > which I interpret as > "use cryptex, even if you did negotiate the extension and the RFC 6904 > variant including "urn:ietf:params:rtp-hdrext:encrypt" should be > negotiated in the SDP. > > Is that correct? > > Am Mo., 16. März 2026 um 07:57 Uhr schrieb Harald Alvestrand < > harald@alvestrand.no>: > >> There is one scenario where applications want to control whether cryptex >> is used or not independently of whether the endpoints support it: >> >> It's when there's an intermediate RTP-forwarding relay that does *not* >> terminate the RTP session (and therefore doesn't participate in the SDP >> offer/answer function) depends for its function on inspecting RTP header >> extensions (such as a forwarder that is capable of dropping layers out of a >> SVC encoded video). >> >> In that case, even though both ends of the SDP offer/answer support >> cryptex, cryptex needs to be turned off. >> >> Do such relays exist? >> On 3/15/26 22:20, Philipp Hancke wrote: >> >> Thanks Sergio for pointing that out! This means the W3C API needs to >> account for this though. I read >> >> https://w3c.github.io/webrtc-extensions/#rtp-header-extension-encryption-policy >> as "mandatory to negotiate", not "mandatory to use". >> >> This should be possible to clarify, in particular since no browser >> shipped that yet. >> >> Am So., 15. März 2026 um 21:47 Uhr schrieb Sergio Garcia Murillo < >> sergio.garcia.murillo@gmail.com>: >> >>> Hi Philipp, >>> >>> I think this case is already considered in the RFC: >>> >>> 5.2. Receiving >>> When receiving an RTP packet that contains header extensions, the >>> "defined by profile" field MUST be checked to ensure the payload is >>> formatted according to this specification. If the field does not match one >>> of the values defined above, the implementation MUST instead handle it >>> according to the specification that defines that value. >>> >>> Alternatively, if the implementation considers the use of this >>> specification mandatory and the "defined by profile" field does not match >>> one of the values defined above, it MUST stop the processing of the RTP >>> packet and report an error for the RTP stream. >>> >>> I would say that a "sane" implementation of cryptex would always be >>> sending the RTP headers encrypted if the other receiving side supports it. >>> For WebRTC I would reject any non header encrypted packet if the header >>> encryption is set to "require", and maybe allow receiving them on >>> "negotiate". >>> >>> Best regards >>> Sergio >>> >>> El mar, 10 mar 2026, 21:16, Philipp Hancke <philipp.hancke= >>> 40googlemail.com@dmarc.ietf.org> escribió: >>> >>>> (too later for the next IETF but I hope that list discussion will >>>> clarify things) >>>> >>>> https://github.com/pion/webrtc/pull/3357#discussion_r2838855495 >>>> raised a few interesting questions. >>>> >>>> https://www.rfc-editor.org/rfc/rfc9335.html#name-sdp-considerations >>>> says that it is possible to disable cryptex in a session. I.e. the >>>> following renegotiation test should pass: >>>> O: cryptex >>>> A: no cryptex >>>> O: cryptex >>>> A: cryptex >>>> O: cryptex >>>> A: no cryptex >>>> To me that seems like a downgrade attack but then cryptex is >>>> "declarative" and senders can unilaterally decide not to use it. >>>> >>>> This poses a problem for the W3C WebRTC API described in >>>> >>>> https://w3c.github.io/webrtc-extensions/#rtp-header-extension-encryption >>>> The API there describes the negotiation of the envelope. >>>> It does not allow telling whether encryption was used (on the receiving >>>> side) or let a sender control whether it is used. >>>> But if negotiation is required and the sender chooses not to use >>>> cryptex, what happens? >>>> >>>> I assume that receivers capable of cryptex will unconditionally process >>>> packets accordingly so in-flight packets during renegotiation are not an >>>> issue at least. >>>> >>>> Most of these problems should disappear if you can not change your mind >>>> on whether to use encryption once it is established that the peer does >>>> support cryptex. >>>> >>>> Thoughts? >>>> >>>> Philipp >>>> _______________________________________________ >>>> Audio/Video Transport Core Maintenance >>>> To unsubscribe send an email to avt-leave@ietf.org >>>> >>> >> _______________________________________________ >> Audio/Video Transport Core Maintenance >> To unsubscribe send an email to avt-leave@ietf.org >> >> _______________________________________________ >> Audio/Video Transport Core Maintenance >> To unsubscribe send an email to avt-leave@ietf.org >> > _______________________________________________ > Audio/Video Transport Core Maintenance > To unsubscribe send an email to avt-leave@ietf.org >
- [AVTCORE] cryptex questions Philipp Hancke
- [AVTCORE] Re: cryptex questions Sergio Garcia Murillo
- [AVTCORE] Re: cryptex questions Philipp Hancke
- [AVTCORE] Re: cryptex questions Harald Alvestrand
- [AVTCORE] Re: cryptex questions Philipp Hancke
- [AVTCORE] Re: cryptex questions Sergio Garcia Murillo