IETF Logo Mail Archive

Re: [AVTCORE] Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: (with DISCUSS and COMMENT)

"Dan.Hanson@gd-ms.com" <Dan.Hanson@gd-ms.com> Wed, 18 January 2023 15:45 UTC

Return-Path: <Dan.Hanson@gd-ms.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEEE0C15154D; Wed, 18 Jan 2023 07:45:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gd-ms.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nMsUz-TeqlvX; Wed, 18 Jan 2023 07:45:03 -0800 (PST)
Received: from vadc01-egs01.gd-ms.com (vadc01-egs01.gd-ms.com [137.100.132.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0002FC151524; Wed, 18 Jan 2023 07:45:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=gd-ms.com; i=@gd-ms.com; q=dns/txt; s=esa; t=1674056703; x=1705592703; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=h2ganJtBYoaOthtzex4p76QyfbhnmL6KbzdA/R9uocY=; b=ds8CG8vgsmF9txPF37iqEZTVDr+rmAsRQlOeb24LxSDkl8yQ7kJ780iB kPYR7MalHLxL6PPIcl76LjZ0PD4h3qQfkc0MH/qdrZJmwVP+phFfr/W5c 2b050SmzRfbViUD4erhyraSfRXfws5cusBQjwgomlaj0O9Q37KR0IhYpz ULS2iGxG0Zl50beOe2PKx6XaBS/xguV6tZ20BmisTo5ERosIMqHw7c4eR m460rjIZS3dOmh2kpOwVNBjVLwvmYWCfjmntsFwlG/hV7J6s/Kwa3X+9N GYbyikcAof35GogzUB30gUHPOwZPtRwWNFN9ZNO9KsEvZracONwhpCAW4 Q==;
X-IronPort-AV: E=Sophos; i="5.97,212,1669093200"; d="scan'208,217"; a="43709145"
Received: from unknown (HELO eadc-e-fmsprd01.eadc-e.gd-ais.com) ([10.96.30.97]) by vadc01-egs01.gd-ms.com with ESMTP; 18 Jan 2023 10:45:00 -0500
Received: from AZDC-MMB02.GD-MS.US (azdc-mmb02.gd-ms.us [10.136.100.24]) by eadc-e-fmsprd01.eadc-e.gd-ais.com (Postfix) with ESMTP id CDCAAFB04FC; Wed, 18 Jan 2023 15:44:59 +0000 (UTC)
Received: from azdc-mca01.GD-MS.US (10.136.100.11) by AZDC-MMB02.GD-MS.US (10.136.100.24) with Microsoft SMTP Server (TLS) id 15.0.1497.45; Wed, 18 Jan 2023 08:44:58 -0700
Received: from USG02-CY1-obe.outbound.protection.office365.us (137.100.136.86) by azdc-mca01.GD-MS.US (10.136.100.78) with Microsoft SMTP Server (TLS) id 15.0.1497.45 via Frontend Transport; Wed, 18 Jan 2023 08:44:58 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=nHGDhcS2pP6uc3XYobX3WX51B84qeArVBiK20gdgk00XUng3REFvyN/1Jg9mEmVXhBgGmt5F2S0fUsMUwSZiVUT/2CV0NqM4wbCph/xopPK7kf3QyCzv8QKlaLs4Oy3A6wdCTnfULQDWxyT/jCxqElRItON1S1D6Z7c2ct90tElOzi6usjkghpvR+Lv2ym6qDuumG/e0zwWKEQScXXcAUzmA5oL5+2PivQUKb8wC1DlAx83RHSGwp+ymm2h2W7mvSRgTv3lP4Qj+/LsNeyxa06FWgNw+cmUy8E8MpI4GkX9GAIKwF4pNwiTDbeM3jcC2kjDL7SiBsMwQkbv3y/u3ww==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W6B8b2ZPuWv4kB1QMHmyhR2RbFK8EX5woo966mHynjQ=; b=HHFuJqH32+zdBZ3dJdbLItHieNel0DwLb5riE2oVRc5+6V6Wpji1gellqaUH4tqufATlDO7vXh0SvKVhxUJTc7IUFj5CNfNQU7hF5IiyShVyts+AFA6onegHiZD5bnRyZerRRtwAQc5hopXGccn8wOgrV6nZjtDwXBNff0oNHdfginJrPPx7fpayXbEgOHisEQYZHPiq3TlT7zsL88o2J2W2lg8YyWKcv2lIuJMuaVkC9TGllFmCpjF59lduWr+sMO1jAj9cgg7Doug+NsPF/ZaEQO8cES2hbg95vv9q4q5t3f/E4x056XI14xy/6OqsMmRkMvbwM4kxzrXr2znJpQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=gd-ms.com; dmarc=pass action=none header.from=gd-ms.com; dkim=pass header.d=gd-ms.com; arc=none
Received: from PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:189::10) by PH1P110MB1315.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:18f::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.19; Wed, 18 Jan 2023 15:44:57 +0000
Received: from PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM ([fe80::ec2e:9639:76fc:1552]) by PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM ([fe80::ec2e:9639:76fc:1552%6]) with mapi id 15.20.5944.019; Wed, 18 Jan 2023 15:44:57 +0000
From: "Dan.Hanson@gd-ms.com" <Dan.Hanson@gd-ms.com>
To: Roman Danyliw <rdd@cert.org>, "Dan.Hanson@gd-ms.com" <Dan.Hanson=40gd-ms.com@dmarc.ietf.org>, The IESG <iesg@ietf.org>
CC: "draft-ietf-avtcore-rtp-scip@ietf.org" <draft-ietf-avtcore-rtp-scip@ietf.org>, "avtcore-chairs@ietf.org" <avtcore-chairs@ietf.org>, "avt@ietf.org" <avt@ietf.org>, "jonathan.lennox@8x8.com" <jonathan.lennox@8x8.com>, "bernard.aboba@gmail.com" <bernard.aboba@gmail.com>
Thread-Topic: Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: (with DISCUSS and COMMENT)
Thread-Index: AQHZH6UKfqe/eIKZVk6oB7VAzvpJCK6OnqDwgAMQf4CAErJxkA==
Date: Wed, 18 Jan 2023 15:44:56 +0000
Message-ID: <PH1P110MB117201973DA5F806B0B2ECCED5C79@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM>
References: <167277215682.29620.18106963117546535615@ietfa.amsl.com> <PH1P110MB1172517274360EB464E94EB5D5F59@PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM> <BN2P110MB1107234793FC7AA980448D90DCFB9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
In-Reply-To: <BN2P110MB1107234793FC7AA980448D90DCFB9@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=gd-ms.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH1P110MB1172:EE_|PH1P110MB1315:EE_
x-ms-office365-filtering-correlation-id: a65d9e14-0c5b-4b20-7708-08daf96af34d
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /hM6+jVt2nv6llxZoEHXei5IKneDSm0i1N3C+HXQpCXacVUKWoJ5ny2wqpfqj1EodUTtIKOV6nACLotNMKFYSzcTmm7zJC1mZe2RDL6kYoz/u8skyEgWGzqXCUWN3MGV/KYIKuFILsd75ql+BVW1KuK5GMIXaJ0jBY6VzCXhJ08odG1JuxQV0ie9ObZb57sCYYB7q37ee1oyTL4J69nawTuR36vFe9O3SWcvXuKb62noF/Extd6NshypGbDthnvgdcvTpTm9bj698fZXsRFgpTlHny0USTNEeofRT5QjYX6jRbYcPSl8yO9WXqj7YUBeObn4KJvxdR2hLZoPUih+nOBl0Eccx/FHs0YEbCVr0wXhMZcexQVKJjoz9xY6Fuy49eOZPoFHe0nC8iGEp6zdwU0WlOTaDqmZbO6xGHcIKXxyGBWxoDEA17pmpE3hndNtnYZJri21huENRSg2xvGSzObKPngSqJL4b6ZziNzi9jCpJ3fhcnB+cAJuhStvswAx716FevTGWeS+JWvwlxieZXRZsgavHGkv0PvB9Jmr7jy55L+nAtq6KOS4Y4hOrSbZyvMK+xhGN3ffsPsLlUAp48DJJAq9W+Ooi32VtPXcHWEnAEcxCT82R1Y+ni24wdTzVhtVjvtERthks4bgPQTLcOFksNkib6+3PuOSwymyM4c=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(366004)(451199015)(9686003)(83380400001)(110136005)(55016003)(8936002)(33656002)(122000001)(86362001)(38100700002)(82960400001)(166002)(38070700005)(52536014)(64756008)(186003)(26005)(66476007)(6506007)(76116006)(66446008)(5660300002)(2906002)(8676002)(966005)(66946007)(53546011)(54906003)(4326008)(498600001)(66556008)(71200400001)(7696005)(491001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 7gLkNqwe+powIgWCGR+bEnfSpGsg63gE2/eqlCE62PHJbTdcUW2jsWSdzVxylllpAQDWIz4rAVF5Jn+304PUNDceFsYyA0yvLfMZt6+9nyvhIuoOLtawOdQkzrLofdhNyVMEzLjIub2kNqXH6dNrWmhZYGUXC2s4kLJkgqPDUUK99YwS8BV6LrNXrSDUwlVpZhSMGZnsfQygRT0ZwwUIjnjpyO8cCBiBfFzodhtbbUWxJMWmU/Zet6Y2PUY/l/i8ioNUiRwM/69nyQ/0pBVBBt9QJADytW+lpmkL23Y5zIK1HdxjHUV6aSuyPeyvW+cx6TTDe4aFqU5Soj7zKMQAPlRJKxbnyV98hQDXW+RW+h2uJk519sCQGH/a+D5O/zt6W22inLJQdtoxhawCjnGsSN8fg1bv0Um90p1Wqy372jE=
Content-Type: multipart/alternative; boundary="_000_PH1P110MB117201973DA5F806B0B2ECCED5C79PH1P110MB1172NAMP_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH1P110MB1172.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: a65d9e14-0c5b-4b20-7708-08daf96af34d
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jan 2023 15:44:56.9824 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 7c5a26cf-ddf0-400c-9703-4070b4e3a54d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH1P110MB1315
X-OriginatorOrg: gd-ms.com
X-TM-SNTS-SMTP: E92448DA4D6C139283EE6E2AF62E88464EEB8D9A273E79A76CF56B0B770BBEFA2000:8
X-Content-Scanned: Fidelis Mail
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/ZwYK4T1yxY24sXFap5z1_xEob_c>
Subject: Re: [AVTCORE] Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: (with DISCUSS and COMMENT)
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jan 2023 15:45:08 -0000

Roman,

Have you received a copy of the SCIP-210 document?  It would answer most of your concerns.

More responses below.

Dan Hanson
General Dynamics Mission Systems

From: Roman Danyliw <rdd@cert.org>
Sent: Friday, January 06, 2023 12:49 PM
To: Dan.Hanson@gd-ms.com <Dan.Hanson=40gd-ms.com@dmarc.ietf.org>; The IESG <iesg@ietf.org>
Cc: draft-ietf-avtcore-rtp-scip@ietf.org; avtcore-chairs@ietf.org; avt@ietf.org; jonathan.lennox@8x8.com; bernard.aboba@gmail.com
Subject: RE: Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: (with DISCUSS and COMMENT)

External E-mail --- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Hi Dan!

Thanks for the follow-up.  More inline ...

From: iesg <iesg-bounces@ietf.org<mailto:iesg-bounces@ietf.org>> On Behalf Of Dan.Hanson@gd-ms.com<mailto:Dan.Hanson@gd-ms.com>
Sent: Wednesday, January 4, 2023 2:04 PM
To: Roman Danyliw <rdd@cert.org<mailto:rdd@cert.org>>; The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>
Cc: draft-ietf-avtcore-rtp-scip@ietf.org<mailto:draft-ietf-avtcore-rtp-scip@ietf.org>; avtcore-chairs@ietf.org<mailto:avtcore-chairs@ietf.org>; avt@ietf.org<mailto:avt@ietf.org>; jonathan.lennox@8x8.com<mailto:jonathan.lennox@8x8.com>; bernard.aboba@gmail.com<mailto:bernard.aboba@gmail.com>
Subject: RE: Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: (with DISCUSS and COMMENT)

Roman,

Responses to comments below in [DH] red.

Dan Hanson
General Dynamics Mission Systems

-----Original Message-----
From: Roman Danyliw via Datatracker <noreply@ietf.org<mailto:noreply@ietf.org>>
Sent: Tuesday, January 03, 2023 1:56 PM
To: The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>
Cc: draft-ietf-avtcore-rtp-scip@ietf.org<mailto:draft-ietf-avtcore-rtp-scip@ietf.org>; avtcore-chairs@ietf.org<mailto:avtcore-chairs@ietf.org>; avt@ietf.org<mailto:avt@ietf.org>; jonathan.lennox@8x8.com<mailto:jonathan.lennox@8x8.com>; bernard.aboba@gmail.com<mailto:bernard.aboba@gmail.com>; bernard.aboba@gmail.com<mailto:bernard.aboba@gmail.com>
Subject: Roman Danyliw's Discuss on draft-ietf-avtcore-rtp-scip-04: (with DISCUSS and COMMENT)

----
External E-mail --- CAUTION: This email originated from outside GDMS. Do not click links or open attachments unless you recognize the sender and know the content is safe.

Roman Danyliw has entered the following ballot position for
draft-ietf-avtcore-rtp-scip-04: Discuss

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)


Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/
for more information about how to handle DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-scip/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

(I conducted my review without access to [SCIP210])

** Section 4.  It isn't clear what the format of the payload is from the
description provided in this text beyond asserting that it is negotiated via
SCIP-210 and that the SCIP codec is an encrypted bitstream.  Are all details
entirely opaque?  If so, can the text please be more explicit in stating that.

[DH] All of the security properties are within the SCIP-210 session establishment protocol so it is "opaque" at the RTP payload level.

[Roman] I appreciate this clarification.  I'm still confused.  Taking the title of this document ("RTP Payload Format for the Secure Communication Interoperability Protocol (SCIP) Codec") and the associated section title ("Section 4.  Payload Format") literally, and considering that this document has proposed standard status, I was expecting the text to explain in a normative fashion how to decode or interpret the contents of the RTP payload.  Two common ways I could envision that could be done is by putting text in this document or via normative references.

[Roman] The text that is present here makes an informal reference to SCIP-210 and provides no further guidance on how to read the RTP payload.  As a reader, I don't have sufficient information to understand the RTP payload.  It's fine that it's blob (in a sense, all RTP payload is a blob of some kind), but where is the normative reference to parse the blob.

[Roman] Appreciating there is a rich IETF history in publishing "RTP Payload" documents, I conducted a quick survey to confirm that their substance is consistent with my expectations described above.  My quick survey of other "RTP Payload" format documents seems to confirm that they all devote some text to explaining how to decode what is in the RTP payload and crucially provide a normative reference to the associated codec/payload.  I looked that these:

-- RFC4578 (RTP Payload Format for H.261 Video Streams)
-- RFC6184 (RTP Payload Format for H.264 Video)
-- RFC7587 (RTP Payload Format for the Opus Speech and Audio Codec)
-- RFC7798 (RTP Payload Format for High Efficiency Video Coding (HEVC))
-- RFC9134 (RTP Payload Format for ISO/IEC 21122)
-- draft-ietf-payload-vp9 (RTP Payload Format for VP9 Video)
-- draft-ietf-avtcore-rtp-v3c (RTP Payload Format for Visual Volumetric Video-based Coding)

[Roman] Can the WG explain how it's possible to describe an RTP payload format without citing or explaining the details of that format in a normative fashion?

[DH] The WG decided a while back that SCIP-210 would be a informative reference.  Any implementor that would build a SCIP device would have access to the SCIP-210 specification.  Network devices (e.g., SBCs, Proxies, ...) do not need 'decode' or 'encode' the SCIP payload blob.  They merely need to pass it on.


** Section 6.  RFC7202 appears to be cited here as a reminder to the reader
that there are a variety of possible security solutions in the RTP ecosystem.
My confusion is that it isn't clear how this flexibility applies in the case of
SCIP.  It appears that there is tight coupling between the SCIP session
negotiation and the embedded content in the RTP stream.  Specifically, Section
4 notes that "The SCIP codec produces an encrypted bitstream that is
transported over RTP."  Doesn't the use of an SCIP payload (the blob generated
by a SCIP codec) imply a set of security properties?  Where are those formally
documented?  Section 2 hints at them being "end-to-end security at the
application layer, authentication of user identity, the ability to apply
different security levels for each secure session, and secure communication
over any end-to-end data connection."

[DH] All of the security properties are specified in SCIP-210. While the SCIP payload is encrypted, it does not address many of the RTP security issues identified in RFC7202. For example, there is no RTP header authentication as specified SRTP (RFC3711), nor are RTCP messages encrypted or authenticated.  Therefore we feel this Security Considerations boilerplate text still applies.

[Roman] Thanks for explaining.  I respectfully disagree that the RFC7202 boilerplate is sufficient here.  My high-level read of RFC7202 is that there are a range of solutions in the rich RTP ecosystem by which a generic RTP stream could be secured - these would apply to SCIP or anything else - and applications need to make the specific decisions.  What is different in the case of SCIP is that unlike RTP payloads such as H.261, H.264, H.265, V9, etc, the SCIP payload has and provides security services above an beyond whatever would be provided by RTP.  If the RTP payload of SCIP is being described by the document, the residual (above an beyond RTP) protections it affords need to be described or cited.

[DH] SCIP only encrypts the payload; it does not provide the other security services suggested in RFC7202.

----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

[snip]

[DH] With respect to network equipment manufacturers, the intent is to inform them of the existence of the "scip" payload so they can allow "scip" to traverse their networks.  There is no "implementation" of SCIP itself in network equipment such as Session Border Controllers or Call Managers.

[Roman] The WG understand the community better than me.  In my view, if the primary purpose of the document is intended to inform about the existence of the SCIP payload, why are the media registrations insufficient (https://www.iana.org/assignments/media-types/video/scip, https://www.iana.org/assignments/media-types/audio/scip)?

[DH] It is our understanding that in order to get network devices (SBCs, Call Managers, ...) to support SCIP, a more substantial reference beyond an IANA registration is needed.


Regards,
Roman

v2.23.0 | Report a Bug | By Email