Re: [AVTCORE] [MMUSIC] SDP Directorate review: draft-ietf-avtcore-cryptex
Christer Holmberg <christer.holmberg@ericsson.com> Tue, 14 June 2022 18:19 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A5C6C157B3B; Tue, 14 Jun 2022 11:19:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.855
X-Spam-Level:
X-Spam-Status: No, score=-7.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TvjbADOPAymN; Tue, 14 Jun 2022 11:19:03 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on0604.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe0e::604]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEEDCC14CF05; Tue, 14 Jun 2022 11:19:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m77HuobKBq8GBG7nS9f6p5Q+E88Mox9QqrSMvgAb7bD4chzIKJ5k88Noxfr26KVAC/f2Au3v/fSkI2MLIWhf15+WNlz1xEGg6b1eT80fUrK/P6wEuyMRj2Rs/Poqmdj537Hs3SdUCRR1JUSaWS0ikpdqOzq7rdOV37XuRHeyCR06nO7bIzo2onNp6NS4x3Oc8K1F8ZaEwyDaBV4vU4Smlgi0YlBD897Yn9EhaI7fDfSp/N1zrPQnhoQBDegwRIHNH5AomRdvW6dMZ701KvwnTbpjmvyEgNIubRENRil3RbjoCBakbOb/VlogKV+VPfEtSUXtaISKmBNu2GdfHDv+Xw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Hh3+alix9CaC1phPeX3+XgsPxtOYaS9nWpLjLhG2zow=; b=RU9k0S3YzUb3H3OhlQ4ZX2KMUmFM7XRyQsGFBuEP5ePDvRSVJQckCw8QoFOoXjQ11bqPvMxZ+vwBmsiwsuRXgHKAtIZG4cL8zdHyximUvy1q3vuuQ+PNlOOvj6lNvrzMtyp9cJOHQwpktJuRMpgD6tuhYZ9DgChgHzScbL5Ikdm0JPXBHqcQzaQ4nbm+hFhSZ1Vs1SdpAEMb2YyHEAnntS8UckbJFAQK8/kxONXNq9ssJnHGvkdmLhQ9MuAjgyIrRrjt2mpA5hRgIZvJQqyjbsXvy5GwTwYT0S7PNcefFd/Kqq29Qjj71wUaHs/dsM/u1BlfeurHqlZ8fJ2AreLnYQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Hh3+alix9CaC1phPeX3+XgsPxtOYaS9nWpLjLhG2zow=; b=lmgy0aGBnLpRzvkEbmB787QLqWQZK6sL/K1ponDgxpYpEl8YbfNBU8tVSOQnW7kY5lLcJnoE2GYh+YVGx007f/3D450yZviEsOAZNh7mu6OBNdHHaxyzamEx36vkXWK9aVtOJG2Ym8dYJe5f679dN42TuLbpe74BwhQMm81EECg=
Received: from HE1PR07MB4441.eurprd07.prod.outlook.com (2603:10a6:7:9f::27) by VI1PR0701MB7055.eurprd07.prod.outlook.com (2603:10a6:800:196::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5353.6; Tue, 14 Jun 2022 18:18:57 +0000
Received: from HE1PR07MB4441.eurprd07.prod.outlook.com ([fe80::39f4:2b8e:e73:2c99]) by HE1PR07MB4441.eurprd07.prod.outlook.com ([fe80::39f4:2b8e:e73:2c99%5]) with mapi id 15.20.5353.011; Tue, 14 Jun 2022 18:18:57 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
CC: IETF AVTCore WG <avt@ietf.org>, "Murray S. Kucherawy" <superuser@gmail.com>, mmusic <mmusic@ietf.org>, "avtcore-chairs@ietf.org" <avtcore-chairs@ietf.org>
Thread-Topic: [MMUSIC] SDP Directorate review: draft-ietf-avtcore-cryptex
Thread-Index: Adh8y7jb9EknSxcHQ1qEgIsHKrcmdwACd4aAAL1RhrAAA6DZgAAMyCuw
Date: Tue, 14 Jun 2022 18:18:57 +0000
Message-ID: <HE1PR07MB4441B106FF292B6BE2EFE65D93AA9@HE1PR07MB4441.eurprd07.prod.outlook.com>
References: <HE1PR07MB4441160C0170EE3B9C827BD893A69@HE1PR07MB4441.eurprd07.prod.outlook.com> <CA+ag07YD7J5ta13buFPOVeKp3fQYvdg0xPm2qcjXOuNXsANc4Q@mail.gmail.com> <HE1PR07MB44417BC524A9F7F1CAD1DCE293AA9@HE1PR07MB4441.eurprd07.prod.outlook.com> <CA+ag07ayre++NUOPjCtZy93a0NUDVPZZ1WfDudpRSLv-3DGr2A@mail.gmail.com>
In-Reply-To: <CA+ag07ayre++NUOPjCtZy93a0NUDVPZZ1WfDudpRSLv-3DGr2A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 752550ab-2579-4858-937c-08da4e3258e5
x-ms-traffictypediagnostic: VI1PR0701MB7055:EE_
x-microsoft-antispam-prvs: <VI1PR0701MB7055EF304A96495A75E6957E93AA9@VI1PR0701MB7055.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Cq4wKFxGnc29y/PuWjjAsWYqexebAsU6GpZ642e1DPDPJsSH+rebyBhw0wID9Gqgu6MoAMHyOg7i+Y6CJdgX3XfyboLqTUku2W5fQ0EEDIs6iwnShv6wGke2lfTEtdJFtPeyNLJVMN/KIhkvLAFmOEoG4WJzXzg6Og65HEwUL6j+WA2M2cI85mvrMaM9FBH/eAOoWXb9Qrj5pg62KshMjZeZzyrh9G857i3VAw6CDqpWX5XAoFxVj67T1vKV5SEAdVq1p8zTvsk79iC754LUDb4CqHe8f1fhZ4c923p/9L3e8gifPWwI7WTWyj0wITJk238ptuUGCnaCDKhAg9Vm6Nq9iGZJdw8hcHxo8WpcPL5YgUrcdwqyz+x6USO1/oAtOf8HwvodTLQbITW8TFZwVCXfJlEX3ISxMquTyyADKimmQvWb8/9s1J8iP2wQt8HDObIexNKgqHBif3VVejoqNuEID8zXhBcgQo034hvgLYdHuPzxFabDxRlzIxUNSa1rxrVibpUHvV3tstfHw1WWswNfAWtQunFiLwZ/xaI50K5q0sTt27hlPi8MT5NFBbqL1IdSTdBmxp4QS7XyXWAnCq6azH7Fr7iBKcMzK/cP/c4AbRsuF9roHmsR4fn7B7pPRRFNvAuTHEKrQvsbVlXqd/j98HEkei52k+rt85TDiH15lb+E6M6ZYcDuHxJtMSEmQcPUzF6LLq2Ft3n5zJBXCcyozyYM1unJ2NsdS1N+gkgyC6FfrejYFYVVMpY+IuxRy62a0IHY8GSh/OYmBM62vh1uKcORzkSi2DUznv3R7ajjurQSn0uuUjXm3UIBTj2V8fhMZ922fhlo1D11Y/hZww==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4441.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(366004)(8936002)(82960400001)(186003)(38070700005)(54906003)(966005)(122000001)(9686003)(6916009)(316002)(76116006)(66946007)(8676002)(86362001)(4326008)(7696005)(66446008)(66476007)(71200400001)(6506007)(66556008)(26005)(64756008)(38100700002)(55016003)(508600001)(83380400001)(2906002)(44832011)(33656002)(52536014)(5660300002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: f25KY3Y07HEpYv7mcCWSuEaHmL5PvM9qNd59MnN6JDroCa0Un5lOIrjGS0JUboMr3iqRuOQn4FgLCqSUlK3dn5Mqna5K6hsNFb8M6a+cjlkwiN+lxLoKVGaOXg5gcTVmXEqYsl3b6FhcZm5tETOFfahtNl+Evb0HDigZ+rTjj8b8QVf+5eq6jxJP72HHJsm0+/QORN412LqCDIZqz2bPnQBhGGBddgWK5MSYD8xiika94JRJq7sxOruS32k/EHnzXRrt1kLQIzhrUnCWOOfXS9PLAuFO5PG8IiycHjW/5CjJZcmHFBJq20kliCR+9QT1xPP0FGvSOQzQS+EDBxm7fQ9YCl9BEPr5BuOclfC+lXx6cYzMq2MVCdiz1+KnRN12GJDpYh3QukD8cBtFp28OZnRFduv+GeJkVhFxK7RgboUUOuNFqknORsGV+RYNIOOrV4pxp3XVVfauWmvn0b2sTSQB6mjwz2iSp1hOj1e2+0u66jfHvndh85XCkLYkszQ8NrooOWuJrLABvnsIV4+co91QuTmt8ODcFHTgIZFcKy1xd1+2iKEdVqneflp/jozknCkaMA86azDKZ2LlIprQn6Kyz2h0ga5ybCLn2AoeH4Hy0HbXrMmbAb6Nt+3GUnfb3FplaCH7hVpgLSL0EJ9FKWK+RDap0CCSAdDgEdcEDpWP8LZip7SNAOT/k3rnhg7miyFOfulUwfKeC8j2lPFh/GlmMF5D7/VVorU++v2xMtz2hxNU94rKpUslmsCz8A4uZG4DMuS9yQ/95e2FAMeesoM/IjssjiF3pkjTfHnh9sx8HVSdb8hUcTre6QU5FvIrxqTL6obB+I9C8gYof1olcpQgJQOVQnutL2zQ0Uv6M6UaJgZTswr7qbjP2U1Rq2xty47xc4F1zIfZI+Tzg6LKQeKFIMY4fYqhP54zZKEgrkVa+alUIgbL4xDqP9Mgb8JfXXN7mP4WBfT0B5yVT9RpFkYGuh7h6IA5xNX4ZPM3COxtbOy36qyfaD6mn7Q5Be509h9vIYUihLWouQg0OzEUv3R3zr6v9rto8lWmTzXhPnPYeTQ4+hURQKikJanzKoypiDoURa2Kg1o47kG49OFRLkJtnKd4Es/NVsgeV4UUka2UxSQDeBF6QsUIjlT+qnG+vRVZyS3g68lTKflWBlYBEmDVgzIVTjpgT22egDWKFhjwL7LOHbQVpxD5R6eI9u4cDDSKDiKraokS1abr4oM/paHMAVmEcysMXSHKF9W1s8zkoTbgPS5oPRUAmL8cuoQsscVknLMqUht/+ra/utV/FqizkTJJmnjyk4AQZhG1Omqo0VczEK+YrxY6nTd3nuVs5JUaSS68cUvCgSXdvRvI0/x56PjxIMGPraEG8Eth42rKExco933W1B3xRfVCvH38RP3byHwIdEMG5A9RWfk6xcIXsBawkOsb10zs4JNlTEYF0nZyratLgx78WeHXJWc4NFcI6CWCFSqzdHrux+KBENnfVmtcwQaBwoumBWJjvcR3NpXQXy9ojCj7A9dvKuDoc92xwlkW8AbRk8NSxeA9ZfrDzQeIyIaUjVPLF29nT25Cvqg1PJzJrC2iroDk0n/9nQjkCqSp8fIwn0nflqRXFGR/vGRpgm2sW9JdejyHdQVefkVt5B1Av2uXtQVepfHNiyQ7VRpjjGQNREb3kkpePS/AmnwthRI8uJ0d8ZhleVFIJymslh0X3vmYjfkSH4+mDjv0Yyc2VTUdei2UbCatCvDu2DHQ6oWrsmsRrVNLVHE=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4441.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 752550ab-2579-4858-937c-08da4e3258e5
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2022 18:18:57.2493 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: XP5eaPUeTRxygAV7z4Pl7+XHQtGT8YvwvZoNXtwKDLm8s3FkKq4keortjE4u25es9UFzT9c1uzshuoEcZY0wvnc+dD+c5ye2IHPW2el/rdI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0701MB7055
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/dn_-9JS3LMnpf0Zmv1290658Wfk>
Subject: Re: [AVTCORE] [MMUSIC] SDP Directorate review: draft-ietf-avtcore-cryptex
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2022 18:19:07 -0000
Hi, ... Q4: >>>> Section 4 says: >>>> >>>> "If BUNDLE is in use and the a=cryptex attribute is present for a >>>> media line, it MUST be present for all media lines belonging to the >>>> same bundle group. This ensures that the encrypted MID header >>>> extensions used to demux BUNDLE can be processed correctly. When >>>> used with BUNDLE, this attribute is assigned to the TRANSPORT >>>> category [RFC8859]." >>>> >>>> First, as the usage of Cryptex is optional, why mandate it on all media lines? Could you explain the MID header processing justficiation? >>>> >>> If ssrc info is not exchanged in the SDP O/A, then the only way to assign a packet to an m-line is by the mid value which is encrypted if cryptex is in use. So if the peer signals that it supports receiving cryptex in one m-line, it must support it on all of them. >> >> Sure, but if you only indicate cryptex support for m- line X, then the peer is only allowed to use cryptex for the RTP packets associated with X. >> >> But, the peer is not allowed to use cryptex for RTP packets associated with m- line Y. >> >> But, in general I think it would be good to add some more text on the BUNDLE impacts, e.g., that intermediary nodes might not be able to distinguish/process bundled media if the MID is encrypted. >> >> For example, in some networks there are intermediaries that "un-BUNDLE" media into individual 5-tuples, and that won't work unless such nodes have access to the MIDs. > > There could be two different intermediaries that un-bundle media and forward them to individual 5-tuples, the ones which terminate the SRTP encryption and the ones that don't. > For the ones that terminate SRTP, if they are able to support cryptex on one m-line, they should be able to support it on all others. It could be argued that the receiver may want to only protect the header extensions on some media in order to reduce the processing workload, but not sure if this is a common or desirable scenario. > > https://www.omavahti.fi/tuote/turvapuhelin/For the ones that doesn't terminate SRTP and just forward the SRTP packets to individual 5-tuples, they will may not be able to process any SRTP > packet with cryptex if no ssrc info is negotiated in the SDP (which is the intended way of doing BUNDLE, right?). > > I will try to add some more text about BUNDLE impacts based on the outcome of the discussion above. Thanks! Also, coming back to the mandate to indicate cryptex support for all BUNDLED m- line: Assume an intermediary get an offer, where each m- line has a separate 5-tuple, and only m- line X indicates support for cryptex, while m- line Y does not. Now the intermediary want to BUNDLE the m- lines, but is now forced to indicate cryptes support also for m- line Y in the offer describing the BUNDLE. >>Second, if mandated on all media lines, it will apply also to non-RTP media lines (e.g., a WebRTC data channel), and then I think you need to have some explicit text about that. >> >>What would be the best term for a "media m-line"? >> >>- media m-line >>- media m line >>- media "m=" line >> >> My suggestion would be to say "m- lines for RTP transported media", or something like that, because technically you could transport media also using non-RTP mechanisms. > > I have just checked the BUNDLE rfc and they us the term: "m=" section and RTP-based media. What do you think about using this instead? > > If BUNDLE is in use and the a=cryptex attribute is present in a "m=" section, it MUST be present for all the "m=" sections for RTP-based media belonging to the same bundle group. That sounds good. But, it makes me wonder whether the category should be SPECIAL instead of TRANSPORT, as it only applies to RTP. I still also wonder whether it is really needed to mandate the cryptex attribute for all BUNDLEd RTP m= lines. Regards, Christer
- [AVTCORE] SDP Directorate review: draft-ietf-avtc… Christer Holmberg
- Re: [AVTCORE] [MMUSIC] SDP Directorate review: dr… Sergio Garcia Murillo
- Re: [AVTCORE] [MMUSIC] SDP Directorate review: dr… Christer Holmberg
- Re: [AVTCORE] [MMUSIC] SDP Directorate review: dr… Sergio Garcia Murillo
- Re: [AVTCORE] [MMUSIC] SDP Directorate review: dr… Paul Kyzivat
- Re: [AVTCORE] [MMUSIC] SDP Directorate review: dr… Christer Holmberg
- Re: [AVTCORE] [MMUSIC] SDP Directorate review: dr… Christer Holmberg