IETF Logo Mail Archive

Re: [AVT] SRTP with layered encoding

Marc Petit-Huguenin <petithug@acm.org> Mon, 26 October 2009 18:44 UTC

Return-Path: <petithug@acm.org>
X-Original-To: avt@core3.amsl.com
Delivered-To: avt@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7E14A28C222 for <avt@core3.amsl.com>; Mon, 26 Oct 2009 11:44:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.76
X-Spam-Level:
X-Spam-Status: No, score=-101.76 tagged_above=-999 required=5 tests=[AWL=-0.095, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, J_CHICKENPOX_15=0.6, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RwdXIy-KPYAT for <avt@core3.amsl.com>; Mon, 26 Oct 2009 11:44:46 -0700 (PDT)
Received: from server.implementers.org (server.implementers.org [69.55.225.91]) by core3.amsl.com (Postfix) with ESMTP id 2505228C0F5 for <avt@ietf.org>; Mon, 26 Oct 2009 11:44:24 -0700 (PDT)
Received: by server.implementers.org (Postfix, from userid 1001) id DEAB36C9852E; Mon, 26 Oct 2009 18:44:36 +0000 (UTC)
Received: from [192.168.2.3] (server.implementers.org [127.0.0.1]) by server.implementers.org (Postfix) with ESMTPA id 2E2046C98524; Mon, 26 Oct 2009 18:44:36 +0000 (UTC)
Message-ID: <4AE5EE13.4050002@acm.org>
Date: Mon, 26 Oct 2009 11:44:35 -0700
From: Marc Petit-Huguenin <petithug@acm.org>
User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090701)
MIME-Version: 1.0
To: David McGrew <mcgrew@cisco.com>
References: <020901ca5110$c18584c0$c4f0200a@cisco.com> <79E00E7D-365A-4ED6-8021-261BC3C100CB@cisco.com>
In-Reply-To: <79E00E7D-365A-4ED6-8021-261BC3C100CB@cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: AVT WG <avt@ietf.org>
Subject: Re: [AVT] SRTP with layered encoding
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Oct 2009 18:44:47 -0000

Hi David,

David McGrew wrote:
> Hi Marc,
> 
>> -----Original Message-----
>> From: avt-bounces@ietf.org [mailto:avt-bounces@ietf.org] On Behalf Of
>> Marc
>> Petit-Huguenin
>> Sent: Monday, October 19, 2009 4:05 PM
>> To: avt@ietf.org
>> Subject: [AVT] SRTP with layered encoding
>>
>> I was not able to find guidelines on how to use SRTP with multicast
>> layered
>> encoding.  As all the layers share the same SSRC, the same master key
>> cannot
>> be shared between them.
> 
> right.
> 
>>
>> Using the same master key for all the layers would be great though, so
>> I was
>> thinking that a way to do this would be to redefine the label byte so
>> the 5
>> first bits are used for the layer number (from 0 to 31).
> 
> That seems like a reasonable use of the label byte.
> 
> The tricky part here is that the receiver would need to know the
> correspondence between the layer number and the RTP session.   This
> would need to be communicated via signaling, presumably, and then
> stored/used by all of the session participants.

If the basic way (RFC 4566) of allocating layers is used then an implicit
mapping can be used, i.e. with m= lines like this:

c=IN IP4 224.2.1.1/127/2
m=video 49170/2 RTP/AVP 31

then the first layer is assigned to label 0b00000xxx and the second layer to
0b00001xxx.

AFAIK RFC 5583 uses a different m= line for each layer, so the layers will have
a different SSRC.

> 
>>
>> Any thoughts on this?  Should I write an I-D?
> 
> How much savings will this key-sharing method bring?  Each of the RTP
> sessions will have some amount of state associated with it.  Is the
> savings of not storing a key or two per session really that valuable?

I think that this is more valuable when SRTP is used with EKT.  Without sharing,
there will be EKT packets on each RTCP stream associated to each layer.  With
sharing, only the base layer will have to carry the EKT extension.  This fits
nicely with how the layers works in RFC 3550, i.e. the BYE packets and non-CNAME
SDES items are also sent only on the RTCP stream associated with the base layer.

On the other hand, that seems a lot of work for something that was rarely
implemented, so an alternative solution is simply to deprecate section 8.3 in
RFC 3550, as proposed by Colin Perkins.

An interesting note that neither draft-ietf-avt-rtp-rfc3984bis or
draft-ietf-avt-rtp-g718, two payload formats that explicitly talk about layers,
have text in their Security Considerations section talking about this problem.

-- 
Marc Petit-Huguenin
Personal email: marc@petit-huguenin.org
Professional email: petithug@acm.org
Blog: http://blog.marc.petit-huguenin.org

v2.23.0 | Report a Bug | By Email