Re: [AVTCORE] [Cryptex] PR for recommending Cryptex over RFC 6904

Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Wed, 03 August 2022 06:29 UTC

Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5ACCFC16ECA2 for <avt@ietfa.amsl.com>; Tue, 2 Aug 2022 23:29:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kQv55AvUVEJe for <avt@ietfa.amsl.com>; Tue, 2 Aug 2022 23:29:36 -0700 (PDT)
Received: from mail-pj1-x102e.google.com (mail-pj1-x102e.google.com [IPv6:2607:f8b0:4864:20::102e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E99D4C13180D for <avt@ietf.org>; Tue, 2 Aug 2022 23:29:36 -0700 (PDT)
Received: by mail-pj1-x102e.google.com with SMTP id ha11so15916068pjb.2 for <avt@ietf.org>; Tue, 02 Aug 2022 23:29:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=EedXBM4vrBV6N7KSwKUoJnafoBc1sNp+j/f77MlR1Is=; b=jeJvW1mo7DQ3KEG+rrVlDqhbAu7t4uc1zAe55EXQ+EixQBAMxPAeMCcNSWRUHVGC8d ydRrxvqiYYO4anFi9ArgEd+JdB61+qn7rqy+yylLE0GJ/eyOZrpS3/vPVIvSSQrnTBeM ifVKqwHqGr3JNkDaqGaKcdqqYiBkkSNPl+91QquDeBt2exmlXHayluDFSuJyJukENXMt 7x12JTTYKBg1uOIY8c+kW8+1EMCLlRBsLluEzNlOXO+HRveX+mObBHpFYZ+JmHkjgW2x 45ckR49Bev0JZcpSdvqVv/5hDH4A+3pakDBbG7WfmEUiXrkkWbj0aRW6XLoGFRyuBvHU ZHHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=EedXBM4vrBV6N7KSwKUoJnafoBc1sNp+j/f77MlR1Is=; b=NmUihK69CqAiA3vpAT+0gqGHVQITCVQnFWok5ElRmp2IN0gr/CRSzK1L6bhN53cWoM o5wUNZFwZPkgBErCt6MQayUSaYmIQk8KIm1kaisjc1txKjNg5uT6KqfpfSCsvQ6UJhAu mSLnmlVSq/Azle1wwmP1cUk6x9+8ixP69OWCQACTJgyI+7rskyaRySN35jI9/gzhgLQT iN6BTywkWKKgUnpfNbvlh0ybzq0YFMT9KGneqe9/PgE9p3XTpCkrgEyskcFFEPo8p4y7 MS/wXQVP/G12OZF4tUAHpYPw9hLUQP8HPTHVodKLVxDOkzJDgvqtAle17numC/swsCtq RoxQ==
X-Gm-Message-State: ACgBeo3MdE2VHjav2me7PI5jGscwPhut/RftLdxVuIKIgWbR7spY8B/g uq/65f5prY+k/7uu8roxc0kNgUAtz3vS6i4kI5w=
X-Google-Smtp-Source: AA6agR5aW7t8Vj6F9IuPO7ikC3l6Y8LJ2UqBJB9QGGwExJwVrWPUdCZEytxaD0M1NtBvzxGxTEtM0YDbERvDE+JR5/s=
X-Received: by 2002:a17:90a:430e:b0:1f2:33ee:75da with SMTP id q14-20020a17090a430e00b001f233ee75damr3390564pjg.140.1659508175967; Tue, 02 Aug 2022 23:29:35 -0700 (PDT)
MIME-Version: 1.0
References: <CA+ag07b4ponWbj65UOpVPB2yT5AdUWdbCkSSkk7h7Btcdm99dg@mail.gmail.com> <CAOW+2dvA-r3JV-8gV+ctJMOxZqVb1MQ0PqPy+sXX2yTd2ojbOA@mail.gmail.com>
In-Reply-To: <CAOW+2dvA-r3JV-8gV+ctJMOxZqVb1MQ0PqPy+sXX2yTd2ojbOA@mail.gmail.com>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Date: Wed, 3 Aug 2022 08:29:16 +0200
Message-ID: <CA+ag07a-W+=9pYazTyS73SD3NMWqG5w23PP2Ky1uNg9RB00LSg@mail.gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
Cc: IETF AVTCore WG <avt@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000549a6905e5505b6a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/UwbGqUN6TESQvwqEFyVxPEBpQpA>
Subject: Re: [AVTCORE] [Cryptex] PR for recommending Cryptex over RFC 6904
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Aug 2022 06:29:41 -0000

How about this:

If one of the peers has advertised both the ability to receive cryptex and
the ability to receive header extensions encrypted as per {{RFC6904}} in
the SDP exchange, it is RECOMMENDED for the other peer to use Cryptex over
{{RFC6904}} when sending RTP packets so all the header extensions and CSRCS
are encrypted unless there is a compelling reason to use {{RFC6904}} (e.g.
need for some header extensions to be sent in the clear so that so they are
processable by RTP middleboxes) in which case, it SHOULD use {{RFC6904}}
instead.

I don't think we should add the note about checking that the header
extensions can be actually sent in clear, as we have put that reason as an
example.

What do you think?
Sergio

On Tue, Aug 2, 2022 at 6:30 PM Bernard Aboba <bernard.aboba@gmail.com>
wrote:

> The wording is a bit confusing, because both the Offerer and Answerer can
> be "sender and receiver" in this context.
>
> You are trying to give guidance on what a peer should send where the other
> peer has advertised both the ability to receive cryptex and the ability to
> receive header extensions encrypted as per RFC 6904.
>
> The guidance is to send cryptex unless there is a compelling reason to
> send RFC 6904 (e.g. need for some header extensions in the clear).
> However, this only makes sense if the header extensions to be sent in the
> clear can actually be sent (e.g. if they are sendonly or sendrecv on the
> sending peer and recvonly or sendrecv on the receiving peer).
>
> On Tue, Aug 2, 2022 at 2:44 AM Sergio Garcia Murillo <
> sergio.garcia.murillo@gmail.com> wrote:
>
>> Hi all,
>>
>> As discussed during the last AVTCORE meeting, I have prepared a PR for
>> adding the recommendation of using Cryptex over RFC6904 adding an exception
>> in the case of some of the header extensions should be sent in clear for
>> RTP middleboxes processing:
>>
>> If both Cryptex and the Encryption of Header Extensions mechanism defined
>> in {{RFC6904}} are supported by both the sender and receiver, it is
>> RECOMMENDED to use Cryptex over {{RFC6904}} so all the header extensions
>> and CSRCS are encrypted, except when some of the header extensions should
>> be sent in clear so they are processable by RTP middleboxes, in which case,
>> it SHOULD use {{RFC6904}} instead.
>>
>> https://github.com/juberti/cryptex/pull/111
>>
>> Would be great if someone could review the wording as I think it could be
>> simplified.
>>
>> I will be on vacation from next week, so I will merge the PR and submit a
>> final draft by the end of this week if I don't receive any further feedback
>> on the draft.
>>
>> Best regards
>> Sergio
>> _______________________________________________
>> Audio/Video Transport Core Maintenance
>> avt@ietf.org
>> https://www.ietf.org/mailman/listinfo/avt
>>
>