Re: [AVTCORE] Defined by RTP profile ids for encrypted header extensions
Justin Uberti <juberti@google.com> Fri, 31 July 2020 23:04 UTC
Return-Path: <juberti@google.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3D823A07CB for <avt@ietfa.amsl.com>; Fri, 31 Jul 2020 16:04:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4lbnvtTXXkUg for <avt@ietfa.amsl.com>; Fri, 31 Jul 2020 16:04:55 -0700 (PDT)
Received: from mail-il1-x130.google.com (mail-il1-x130.google.com [IPv6:2607:f8b0:4864:20::130]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FD293A07BE for <avt@ietf.org>; Fri, 31 Jul 2020 16:04:54 -0700 (PDT)
Received: by mail-il1-x130.google.com with SMTP id i138so20737759ild.9 for <avt@ietf.org>; Fri, 31 Jul 2020 16:04:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=cCBckLYUpfoypejR6I9hU339x2bn+hZfl0yXCJCeVzc=; b=OrwBzJu9BHK75zM0Ph+mFDaLSHNR4qoBf7zvM+Qe/PF+4KsZpFDPOCa8AO9UINDvxv sJb0CPO+kVi3rmJa7/4EfmJPDc2AC5/WpKe6HzbBO5+QChZweUbHSskPLr09yJhRQaHG iNQR75bPnOoJhWAUb2CnVfEGP65TB+U/ULocWUGU8zM75qX2nZkV/Lstj/26++N4v8SO 6ALCV9XwUDMSy+ySc4bUKaPaXd5NIHMo+IB/xs/veCRlvJsh7pzrqTFW6dv8wOyU1Mtj Ctpo4dMYL8th96MiL8IvPwrcsmYMmDNYND6QNt0Z88Q9fSolc7Y8PIfiz5A2kFHxWjhp SMpA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=cCBckLYUpfoypejR6I9hU339x2bn+hZfl0yXCJCeVzc=; b=a+hgtv+wk1tZDXQjETAsnz2uaNdVF+R+OkMpFESlvhvmfNWU4L3lL+S1QRtxhEvkKJ VobNi+oPHKcRvDwMwLFdQ8mxjWoCoPoLZ82A/johQ3D1rrmQYuuPQPZkDUI/1H1ih++j kxZJV8Jx+72CIUZ8IDWmkANXt7/NQsniDn49TvP7MXXC5SSqopt9EMr4A7pIZdzZmvzp 28vRstYo1pYbnEgdoR4sJVE0lvcqbTI69I2zzuQhlRNHLiZmlmtw9Sq4HjNfx2SGjxEx 4XjA0m2b706+QMreLAu5vivBTxiHlcOoQCi98MtSvGz0YDplnTKjV1DizwLl93o9w5X5 dzhQ==
X-Gm-Message-State: AOAM533Eq0P1ZpwEuwECj89JO7vSah39q8k+I0lx74Y040PT47kRYeQP DF8B5HQGYChCNpJlSN87HbAQMrOdravoRUe+pgyqng==
X-Google-Smtp-Source: ABdhPJzeOk101vn56Wj2clf3m0Mo2do19vsP040x/Dgsj2GiK8fpX3H8tCTwIzwXDrs5h333I3VYLGufj9D3nuk88lQ=
X-Received: by 2002:a92:9144:: with SMTP id t65mr5734152ild.157.1596236693565; Fri, 31 Jul 2020 16:04:53 -0700 (PDT)
MIME-Version: 1.0
References: <75f257b1-c131-1e83-4c90-03f980466303@gmail.com> <CAOJ7v-0oE=KxGfu+dv0bgxwCOzX1=LfsL2zULJYBSbW6GmkDNA@mail.gmail.com> <9d9ed721-ff9b-9db7-7b89-7a8a0f960bdd@gmail.com>
In-Reply-To: <9d9ed721-ff9b-9db7-7b89-7a8a0f960bdd@gmail.com>
From: Justin Uberti <juberti@google.com>
Date: Fri, 31 Jul 2020 16:04:41 -0700
Message-ID: <CAOJ7v-1JjFc7sWOt58k-JJDVjN90L5kisqVowY-2pbb2RYzw+Q@mail.gmail.com>
To: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Cc: avt@ietf.org
Content-Type: multipart/alternative; boundary="00000000000019501a05abc4d14c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/Nld3x5e6aHWfiuv8nPSZkISALsg>
Subject: Re: [AVTCORE] Defined by RTP profile ids for encrypted header extensions
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jul 2020 23:04:58 -0000
yeah, in the interest of not taking on more scope (i.e., an extension of 8285) I think 1a is best. We could always extend later if needed. On Fri, Jul 31, 2020 at 3:45 PM Sergio Garcia Murillo < sergio.garcia.murillo@gmail.com> wrote: > I am more prone to 1a) forbid > > If we add support for id=256 extension, it would have to be backward > compatible with the non-encrypted version as we can't negotiate different > extensions for cryptex, so we should not widen it (id 256 is not valid id > for a "normal" 2 byte extension). Having only 4 bits makes it kind of > useless and I don't think any implementation supports it anyway. > > Regarding ids value, I don't have a strong preference (0xC0DE, 0xC0D2 > would work for me as well), as long as we agree that we need to use two new > different ids. > > Best regards > Sergio > > On 31/07/2020 1:22, Justin Uberti wrote: > > For id 256, this is news to me too. 4 bits isn't a lot of room, but if we > widened this to 8 bits you could stick ssrc-audio-level in here, saving two > bytes per packet. So the options become: > 1a) forbid > 1b) leave as-is, but encrypt > 1c) widen and encrypt > > I would go with either 1a) or 1c). 1c) would still need to fall back to a > typical extension when not encrypting. (Do we know why this field was > historicaly chosen to be 4 bits?) > > Regarding id, I'm open to the simplicity argument that you make, although > there's also some value in having a value that's immediately obvious from a > Wireshark trace (0xC0DE, 0xC0D2). I think I'd lean more toward the numeric > approach if we went with something like 1c). > > On Thu, Jul 30, 2020 at 3:55 PM Sergio Garcia Murillo < > sergio.garcia.murillo@gmail.com> wrote: > >> Hi all, >> >> Not sure if we got to a consensus regarding the need to introduce new >> defined by profile ids for being able to tell if an incoming packet is >> using the new encryption scheme to protect the csrcs and the rtp headers or >> not. >> >> I think we should, but in that case we need to specify two different >> profiles ids, one for the encrypted one byte header extension and another >> different one for the 2 bytes one. I have some doubts regarding what to do >> with the appbits of the 2 byte header extension profile id: >> >> 0 1 >> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> | 0x100 |appbits| >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ >> >> >> If I have read the rfc correctly (never understood their meaning until >> today), it is reserved for carrying the value of the header extension with >> id 256. This would mean that the appbits for extension 256 are sent >> unencrypted with the new approach if we keep this format. Probably the best >> would be to forbid the usage of extension 256 if cryptex is signaled. >> >> Regarding, ids values, I love 0xC0DE for 1 byte extensions, but not sure >> if it would be better to be consistent and use 0x1010 for 1 byte encrypted >> extensions and 0x1020 for two byte encrypted extensions. >> >> Best regard >> >> Sergio >> >> _______________________________________________ >> Audio/Video Transport Core Maintenance >> avt@ietf.org >> https://www.ietf.org/mailman/listinfo/avt >> > > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt >
- [AVTCORE] Defined by RTP profile ids for encrypte… Sergio Garcia Murillo
- Re: [AVTCORE] Defined by RTP profile ids for encr… Justin Uberti
- Re: [AVTCORE] Defined by RTP profile ids for encr… Sergio Garcia Murillo
- Re: [AVTCORE] Defined by RTP profile ids for encr… Justin Uberti