Re: [AVTCORE] Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: (with DISCUSS and COMMENT)
Bernard Aboba <bernard.aboba@gmail.com> Tue, 07 February 2023 23:43 UTC
Return-Path: <bernard.aboba@gmail.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3EDFC14CE2D; Tue, 7 Feb 2023 15:43:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.094
X-Spam-Level:
X-Spam-Status: No, score=-2.094 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRy7z46r0iUO; Tue, 7 Feb 2023 15:43:56 -0800 (PST)
Received: from mail-ej1-x62f.google.com (mail-ej1-x62f.google.com [IPv6:2a00:1450:4864:20::62f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C49A3C14F739; Tue, 7 Feb 2023 15:43:55 -0800 (PST)
Received: by mail-ej1-x62f.google.com with SMTP id p9so1063093ejj.1; Tue, 07 Feb 2023 15:43:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=eOjLQ+NsuVHceHLQzH6vqnMf/vofWry6mH4VfON39X4=; b=itJOgr6dNHitCYI6tWzLaXdCR6+7UB52rN5944JkBXZJHAqHMXDkOYMNGx+DQ58rkA uftHqhrpMCKp9rHMAmJYHjPtgwD+MwLyX5Kh68kP88QRuar1N16Ph3fmTDeQzdlozi8N fdIcofC8PYhjZkT+sw4DQkohzKP2yQMWabtZj8uaEkQG5wTvLODtjyB63ZDcbCK6b5v6 YRg47DcsN9WJ0Ma/xGAWtXBIRmSh6XpNHKEuLLEOmjy7qmX4lscKdzzDPnPgBE1UBlD2 lXGM6QcYyHFNv/5JXiS+dT5Y+bYlK9s061bezRxiueZQX4c9LIfWYd7NnOIfn/yJkRlU v7UQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=eOjLQ+NsuVHceHLQzH6vqnMf/vofWry6mH4VfON39X4=; b=wrpEm0XTRGQJ9ynCAv6Y0lvlDVfu+zLyTfdDTRua3dNLOMCUjph3fq1k0Ju4aex7WL jzftK9uuBadw6xb9ac6a09ekPAodx/QiaPGQQ9lSD0Xju1KwRyUQErvgeCQbr+nr9/gw NP5VUp1ooX87fYM5ruKk9eGApQ3C3ecXiElDDKsjSnRQLXOEDMvXM508PsU49blC0c0r Rlt1dfg+0/Y0yeJewToIrcdlVtUD6186I/kL1niPk2GolhOMSqkeadu3ebVnffznB7Bh EZPG6tRZi9c+B9w5IJiMrK7fR3+405pcLXz4tnnfH3h9cGBM/DfqWh4ZGoIrQpqGP+3T tt1g==
X-Gm-Message-State: AO0yUKXLhd8Q91XOXo+3veBYvhPC8+LdAyeztlD9lTZvCubi9EJOBA5c 94SUMmNjEbOLoNUwn0HRbr4uKm7kNRi42KEt6vE=
X-Google-Smtp-Source: AK7set81PhnYaYPOWihgK6lIsdnMinsCCdSyrvwb8UP1cvfqZ8Uk/SFp3KMEcYcUGneu5a2dZJirs0MRy2ophjLr3n4=
X-Received: by 2002:a17:906:eca6:b0:8aa:c387:6cdc with SMTP id qh6-20020a170906eca600b008aac3876cdcmr136116ejb.98.1675813433205; Tue, 07 Feb 2023 15:43:53 -0800 (PST)
MIME-Version: 1.0
References: <167277215682.29620.18106963117546535615@ietfa.amsl.com> <PH1P110MB1172517274360EB464E94EB5D5F59@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM> <BN2P110MB1107234793FC7AA980448D90DCFB9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <PH1P110MB117201973DA5F806B0B2ECCED5C79@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM> <PH1P110MB117233E0B23CBFB61A19FF94D5DB9@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <PH1P110MB117233E0B23CBFB61A19FF94D5DB9@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Tue, 07 Feb 2023 15:43:41 -0800
Message-ID: <CAOW+2dv8dhTYG0HF1QdSK7OibJp1wJgbxt64xOyEUx=s4go=OQ@mail.gmail.com>
To: "Dan.Hanson@gd-ms.com" <Dan.Hanson@gd-ms.com>
Cc: "draft-ietf-avtcore-rtp-scip@ietf.org" <draft-ietf-avtcore-rtp-scip@ietf.org>, "avtcore-chairs@ietf.org" <avtcore-chairs@ietf.org>, "avt@ietf.org" <avt@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000065691005f424b837"
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/JwPEfrISjiOcT-CPxW0Km1FBcs8>
Subject: Re: [AVTCORE] Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: (with DISCUSS and COMMENT)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Feb 2023 23:43:59 -0000
Dan -- Part of the reason why the IESG reviewers did not request SCIP-210 is so they could understand whether that document should be considered "non-normative". Their questions (validated by my own experience) indicate that there is information contained in SCIP-210 that helps make the draft more understandable. IMHO, that information is relatively small and could probably be added to the document in a few paragraphs. For example, one reviewer asked whether the SCIP payloads should be considered "opaque blobs" without structure. Perusal of SCIP-210 confirms that this is the case; but it could easily be stated in the document and if added would clarify how the SCIP payload and re-assembly process works. Similarly, RTP payload documents typically contain a discussion of how RTCP feedback is handled, negotiation of SDP parameters, etc. I had asked questions relating to those issues (which are not discussed in detail in the document). You answered that question on the list, but I did not fully understand your answer until I looked at SCIP-210. So a paragraph or two about the negotiation that SCIP-210 handles (e.g. codec negotiation) and what is left to SDP would be helpful. I believe the answer is that the SCIP RTP payload format only requires negotiation of audio/SCIP and video/SCIP. There is nothing in SCIP that would preclude support for RTP/RTCP mux or BUNDLE, though current implementations don't support either. On Tue, Feb 7, 2023 at 11:33 AM Dan.Hanson@gd-ms.com <Dan.Hanson@gd-ms.com> wrote: > Roman, > > > > Have you received a copy of the SCIP-210 document? It would answer most > of your concerns. Contact ncia.cis3@ncia.nato.int to receive a copy. > > > > Dan Hanson > General Dynamics Mission Systems > > > > *From:* Hanson, Daniel C > *Sent:* Wednesday, January 18, 2023 10:45 AM > *To:* Roman Danyliw <rdd@cert.org>; Dan.Hanson@gd-ms.com <Dan.Hanson= > 40gd-ms.com@dmarc.ietf.org>; The IESG <iesg@ietf.org> > *Cc:* draft-ietf-avtcore-rtp-scip@ietf.org; avtcore-chairs@ietf.org; > avt@ietf.org; jonathan.lennox@8x8.com; bernard.aboba@gmail.com > *Subject:* RE: Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: > (with DISCUSS and COMMENT) > > > > Roman, > > > > Have you received a copy of the SCIP-210 document? It would answer most > of your concerns. > > > > More responses below. > > > > Dan Hanson > General Dynamics Mission Systems > > > > *From:* Roman Danyliw <rdd@cert.org> > *Sent:* Friday, January 06, 2023 12:49 PM > *To:* Dan.Hanson@gd-ms.com <Dan.Hanson=40gd-ms.com@dmarc.ietf.org>; The > IESG <iesg@ietf.org> > *Cc:* draft-ietf-avtcore-rtp-scip@ietf.org; avtcore-chairs@ietf.org; > avt@ietf.org; jonathan.lennox@8x8.com; bernard.aboba@gmail.com > *Subject:* RE: Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: > (with DISCUSS and COMMENT) > > > > *External E-mail *--- CAUTION: This email originated from outside GDMS. > Do not click links or open attachments unless you recognize the sender and > know the content is safe. > > > > Hi Dan! > > > > Thanks for the follow-up. More inline … > > > > *From:* iesg <iesg-bounces@ietf.org> *On Behalf Of *Dan.Hanson@gd-ms.com > *Sent:* Wednesday, January 4, 2023 2:04 PM > *To:* Roman Danyliw <rdd@cert.org>; The IESG <iesg@ietf.org> > *Cc:* draft-ietf-avtcore-rtp-scip@ietf.org; avtcore-chairs@ietf.org; > avt@ietf.org; jonathan.lennox@8x8.com; bernard.aboba@gmail.com > *Subject:* RE: Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: > (with DISCUSS and COMMENT) > > > > Roman, > > > > Responses to comments below in [DH] red. > > > > Dan Hanson > > General Dynamics Mission Systems > > > > -----Original Message----- > From: Roman Danyliw via Datatracker <noreply@ietf.org> > Sent: Tuesday, January 03, 2023 1:56 PM > To: The IESG <iesg@ietf.org> > Cc: draft-ietf-avtcore-rtp-scip@ietf.org; avtcore-chairs@ietf.org; > avt@ietf.org; jonathan.lennox@8x8.com; bernard.aboba@gmail.com; > bernard.aboba@gmail.com > Subject: Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: (with > DISCUSS and COMMENT) > > > > ---- > > External E-mail --- CAUTION: This email originated from outside GDMS. Do > not click links or open attachments unless you recognize the sender and > know the content is safe. > > > > Roman Danyliw has entered the following ballot position for > > draft-ietf-avtcore-rtp-scip-04: Discuss > > > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > > > > Please refer to > https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > > for more information about how to handle DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-scip/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > (I conducted my review without access to [SCIP210]) > > > > ** Section 4. It isn’t clear what the format of the payload is from the > > description provided in this text beyond asserting that it is negotiated > via > > SCIP-210 and that the SCIP codec is an encrypted bitstream. Are all > details > > entirely opaque? If so, can the text please be more explicit in stating > that. > > > > [DH] All of the security properties are within the SCIP-210 session > establishment protocol so it is "opaque" at the RTP payload level. > > > > [Roman] I appreciate this clarification. I’m still confused. Taking the > title of this document (“RTP Payload Format for the Secure Communication > Interoperability Protocol (SCIP) Codec”) and the associated section title > (“Section 4. Payload Format”) literally, and considering that this > document has proposed standard status, I was expecting the text to explain > in a normative fashion how to decode or interpret the contents of the RTP > payload. Two common ways I could envision that could be done is by putting > text in this document or via normative references. > > > > [Roman] The text that is present here makes an informal reference to > SCIP-210 and provides no further guidance on how to read the RTP payload. > As a reader, I don’t have sufficient information to understand the RTP > payload. It’s fine that it’s blob (in a sense, all RTP payload is a blob > of some kind), but where is the normative reference to parse the blob. > > > > [Roman] Appreciating there is a rich IETF history in publishing “RTP > Payload” documents, I conducted a quick survey to confirm that their > substance is consistent with my expectations described above. My quick > survey of other “RTP Payload” format documents seems to confirm that they > all devote some text to explaining how to decode what is in the RTP payload > and crucially provide a normative reference to the associated > codec/payload. I looked that these: > > > > -- RFC4578 (RTP Payload Format for H.261 Video Streams) > > -- RFC6184 (RTP Payload Format for H.264 Video) > > -- RFC7587 (RTP Payload Format for the Opus Speech and Audio Codec) > > -- RFC7798 (RTP Payload Format for High Efficiency Video Coding (HEVC)) > > -- RFC9134 (RTP Payload Format for ISO/IEC 21122) > > -- draft-ietf-payload-vp9 (RTP Payload Format for VP9 Video) > > -- draft-ietf-avtcore-rtp-v3c (RTP Payload Format for Visual Volumetric > Video-based Coding) > > > > [Roman] Can the WG explain how it’s possible to describe an RTP payload > format without citing or explaining the details of that format in a > normative fashion? > > > > [DH] The WG decided a while back that SCIP-210 would be a informative > reference. Any implementor that would build a SCIP device would have > access to the SCIP-210 specification. Network devices (e.g., SBCs, > Proxies, …) do not need ‘decode’ or ‘encode’ the SCIP payload blob. They > merely need to pass it on. > > > > > > ** Section 6. RFC7202 appears to be cited here as a reminder to the reader > > that there are a variety of possible security solutions in the RTP > ecosystem. > > My confusion is that it isn’t clear how this flexibility applies in the > case of > > SCIP. It appears that there is tight coupling between the SCIP session > > negotiation and the embedded content in the RTP stream. Specifically, > Section > > 4 notes that “The SCIP codec produces an encrypted bitstream that is > > transported over RTP.” Doesn’t the use of an SCIP payload (the blob > generated > > by a SCIP codec) imply a set of security properties? Where are those > formally > > documented? Section 2 hints at them being “end-to-end security at the > > application layer, authentication of user identity, the ability to apply > > different security levels for each secure session, and secure communication > > over any end-to-end data connection.” > > > > [DH] All of the security properties are specified in SCIP-210. While the > SCIP payload is encrypted, it does not address many of the RTP security > issues identified in RFC7202. For example, there is no RTP header > authentication as specified SRTP (RFC3711), nor are RTCP messages encrypted > or authenticated. Therefore we feel this Security Considerations > boilerplate text still applies. > > > > [Roman] Thanks for explaining. I respectfully disagree that the RFC7202 > boilerplate is sufficient here. My high-level read of RFC7202 is that > there are a range of solutions in the rich RTP ecosystem by which a generic > RTP stream could be secured – these would apply to SCIP or anything else – > and applications need to make the specific decisions. What is different in > the case of SCIP is that unlike RTP payloads such as H.261, H.264, H.265, > V9, etc, the SCIP payload has and provides security services above an > beyond whatever would be provided by RTP. If the RTP payload of SCIP is > being described by the document, the residual (above an beyond RTP) > protections it affords need to be described or cited. > > > > [DH] SCIP only encrypts the payload; it does not provide the other > security services suggested in RFC7202. > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > [snip] > > > > [DH] With respect to network equipment manufacturers, the intent is to > inform them of the existence of the “scip” payload so they can allow “scip” > to traverse their networks. There is no “implementation” of SCIP itself in > network equipment such as Session Border Controllers or Call Managers. > > > > [Roman] The WG understand the community better than me. In my view, if > the primary purpose of the document is intended to inform about the > existence of the SCIP payload, why are the media registrations insufficient > (https://www.iana.org/assignments/media-types/video/scip, > https://www.iana.org/assignments/media-types/audio/scip)? > > > > [DH] It is our understanding that in order to get network devices (SBCs, > Call Managers, …) to support SCIP, a more substantial reference beyond an > IANA registration is needed. > > > > > > Regards, > > Roman >
- [AVTCORE] Roman Danyliw's Discuss on draft-ietf-a… Roman Danyliw via Datatracker
- Re: [AVTCORE] Roman Danyliw's Discuss on draft-ie… Dan.Hanson@gd-ms.com
- Re: [AVTCORE] Roman Danyliw's Discuss on draft-ie… Roman Danyliw
- Re: [AVTCORE] Roman Danyliw's Discuss on draft-ie… Dan.Hanson@gd-ms.com
- Re: [AVTCORE] Roman Danyliw's Discuss on draft-ie… Dan.Hanson@gd-ms.com
- Re: [AVTCORE] Roman Danyliw's Discuss on draft-ie… Bernard Aboba
- Re: [AVTCORE] Roman Danyliw's Discuss on draft-ie… Roman Danyliw