IETF Logo Mail Archive

[AVTCORE] Re: cryptex questions

Philipp Hancke <philipp.hancke@googlemail.com> Wed, 22 April 2026 13:11 UTC

Return-Path: <philipp.hancke@googlemail.com>
X-Original-To: avt@mail2.ietf.org
Delivered-To: avt@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 64CD0E0CD077 for <avt@mail2.ietf.org>; Wed, 22 Apr 2026 06:11:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1776863479; bh=riteyVBHOA5gjuTpPTYEaVnSW5Tzj2HuQtN1qFTvPvU=; h=References:In-Reply-To:From:Date:Subject:To; b=tOrLCOeoew0hAUMdAlwJKyVXdUeWLNBgY2ujMWNrTP/BvNrJ0SGffFadzbnuX/44x E0VUPiAa8e5UzlAdeKc4T9QVBFq+QiCKML0p9LF0SUAN9dxdIQeiXDP+wPKPmZzZ3S 9DGJ3cV1jwMR7npLDtvDH85HcvOFBWIQwaU1depM=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=googlemail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3snjz2Z1SwKA for <avt@mail2.ietf.org>; Wed, 22 Apr 2026 06:11:15 -0700 (PDT)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 12A72E0CBF9E for <avt@ietf.org>; Wed, 22 Apr 2026 06:05:43 -0700 (PDT)
Received: by mail-qt1-x834.google.com with SMTP id d75a77b69052e-50e5bea4045so27843561cf.3 for <avt@ietf.org>; Wed, 22 Apr 2026 06:05:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1776863136; cv=none; d=google.com; s=arc-20240605; b=W7ji/UN0163YuCqWaFX0wTrnGQnKqct3P6z0GzNfJORzYiCqe/suhPt4fhGop3yTc/ cExe1KJMb7ltd52TCpRl/RitkxZFgX2lf4tQYqH++oGQWfft/RzqhqYK++EVFxydeBAf Fk+qSZHDCfvTJs9hF652RjDQYdnmaOVb/nvKjF1GtI39TUz6JLwVmkwPHzse53RBiTU6 SUSiYoFjHyad8IlrZ6j1Qf+JE4oWRWCrMNSphDzCycJ8SHFt275xyijZTNVMniyHxytg YLgmlHD+v54fELKVjIuVHRDJ1mQQoyRTb3hkHeudadyyRUzMMxXnOUf5teyWBucckdgG CqvA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=LhhExhSAZVB23hRAOVoWO3AfQRz34rH80F+ffrCaKnM=; fh=eYnl92K9uV6xf0wdHdtp0yvYOJYmdxUtHK9Sl0nAboI=; b=FaMIxJjeDZGd3XEp0fSu4WuBsWM8Ic0udoa0s3TDv5mEmi/ESQrct3N1YI0W+oTjmV R62zBHn8ombYZKm/gcKJKrMwjl7iD5Y7EaEINnB8JuxjYAMQMtBdnCC/S46lhRHMiJaw NT2ON8HFsrl2rVYkUJP2VrbcbiCOWo5WYu3kXxm8wazzFwO1ySUvB5kI0ikvy7YNgiQS fzLl/YEdZVC8185PZBFt2D2d5lPUgbH6qvMMQ86sh7n3PBzmhJTTgjor9VY5ESN0V1aC UX27XHZ3L8kA00RONHjJhGhH4WJRcLeMFJJRrs4a4QsRVOVXDEYJxNAsirNTdTrvdbvw chXQ==; darn=ietf.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20251104; t=1776863136; x=1777467936; darn=ietf.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=LhhExhSAZVB23hRAOVoWO3AfQRz34rH80F+ffrCaKnM=; b=px2OuOJCJu0U3YuYCcCig2OJzgjoV9GQfsRh7BpNcMp+ib5fpnPS0MDsn6VK4WVm1s 3HB4RpNP6d8Y5Gjvi8K0PwIIw7stQmA5aMQ3nhR1QpeRN6kLaoggeL+Qh4hMTGbrfJJo 3s3xVj5Yj9/Uf9la8Aa27pshcMD9lAEAXYsYKvrH9rXU13vvxAF1lWzg3oXb76xdtfYc 9Gq+6MEczdK27Z4OSwIL5brvaYb5ddfyAp+kk1vRJlcRqlp5GQatFOoCHrWtu68sbtYU vXqC8RQ99cTxeb0FFVPJCwoDjLXGLER2e+kAbSwAzJNBO5dZu1UrgfaLzHhlTlwZOqgq XsWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776863136; x=1777467936; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LhhExhSAZVB23hRAOVoWO3AfQRz34rH80F+ffrCaKnM=; b=ahRUwCJ8uxPWVhP54GnTWu2CpPZ6PGBOPOhzU4XDGWnHeR4yryfZEhv9c55lsUbyD0 p+KA9z/QCi5Qh5F2TLYsTVAFAUrs7O2/LKVUUDIzvdS8Fq/na/cTu0p9V9AC+vZsPrJ1 A5Z+QsbJQpKXFmobwFlAG9wL+uMR2P0vQaV2GPPsejU5oEKWL1iu/QNMMRzWtJTYPom7 vJzHYwr3OVR6Ot1Sl2u1RwKsqfrhN1yODfC8KCG4Vvm/gBvRV80Gy1xnMqzZRv+r500g oFldevxrRVCWa8l58VbNlqtf0kDE7DnahByjI+OT8h0LdOzKLxV3kOn5mGbdfZWbMwWD Sbjg==
X-Gm-Message-State: AOJu0YyB1fbJRLVMBRhLAWSt/nG2jaosc//0B6LfRSvCbNyTgwHrNFvi TTDgbg5IE8DreUsHZ/Z/7l1nABqxkAF1aDd13On1PW5/pRgC+iSBqM7bGhW0mRGbY/uYLyU0v6F 6Xn88SOxmGSsGlTkMGTWeVkTDDVAX5qopZDN1
X-Gm-Gg: AeBDietyaHT3UnkyqP7mCYRcvgyxZVmHgKGSkA7HXCDfy4RwURBbzYOIA2coA5dsvls 25Ia+kxKN3e6qqdHx/fTjU1yj6buCbCDOPpKc/CdM7px1WSS4nOSRPPXv5QsyXTrJaKrpWv1y/J 19f2gblqQzQ70lTHaVVPQyTZ8LxwRfYTk3NjAbnab30HkbLhFyNfpbd2TX1w/JetXUUHKTdOojp lI43JAiTXbTbaM1W52BNQr1DAXUk0P6cVLSfnXlfnMC8Ah3kTzuB9r5/GszHPpcR94qae5JCkaO U17uiA61H+NVcKjAUGF1cb64K2vF8K8+Eoa9PAS0tYqQ/hEM2SAmg2N1CgmHK5Vc5ptb1pq1L4j Lp37spsq2nRBQU2SX3RL3mIGKAXEpxEBW5aUkcydzxuMAaNmt4P0rIZfUT8K7hA==
X-Received: by 2002:a05:622a:1e11:b0:50e:60a0:acb4 with SMTP id d75a77b69052e-50e60a0af55mr174291701cf.44.1776863135554; Wed, 22 Apr 2026 06:05:35 -0700 (PDT)
MIME-Version: 1.0
References: <CADxkKi+6s+68CfKEX2-vmfJJNck1i9oxxTFL=A0yr-AYwY_7pg@mail.gmail.com> <CA+ag07ZnCc3SuE4a4_QYL5_U_-YLcrraWWe6LM2VhpbJiKp3pA@mail.gmail.com> <CADxkKiKFW=pOJw5ysO8bYA+YcT9aR7o4FT+ZJg41H_-YM1k4cg@mail.gmail.com> <a0c03306-3a1f-4c4a-8d43-0162a6684f5c@alvestrand.no>
In-Reply-To: <a0c03306-3a1f-4c4a-8d43-0162a6684f5c@alvestrand.no>
From: Philipp Hancke <philipp.hancke@googlemail.com>
Date: Wed, 22 Apr 2026 15:05:42 +0200
X-Gm-Features: AQROBzASJh47QefumV2-USJIp0a5TENN6w8X0-4RxJOJus19gVOyn4sYmy63OZ0
Message-ID: <CADxkKi+OJ3PdYKPLFQQhaxNu7ufaqgfm=Qa_dBPwcL-Ny0tYEw@mail.gmail.com>
To: avt@ietf.org
Content-Type: multipart/alternative; boundary="0000000000000263c706500c3097"
Message-ID-Hash: 3YLTYP4F2B5ZDRB6PB27QWVNXJAYDWZZ
X-Message-ID-Hash: 3YLTYP4F2B5ZDRB6PB27QWVNXJAYDWZZ
X-MailFrom: philipp.hancke@googlemail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-avt.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [AVTCORE] Re: cryptex questions
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/h3l1ZBxxRX9-aTvvDsXLR2gEHho>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Owner: <mailto:avt-owner@ietf.org>
List-Post: <mailto:avt@ietf.org>
List-Subscribe: <mailto:avt-join@ietf.org>
List-Unsubscribe: <mailto:avt-leave@ietf.org>

I came up with one more question.

For context, libWebRTC introduced a "corruption detection" extension
described in

https://datatracker.ietf.org/doc/html/draft-sprang-avtcore-corruption-detection-01
Since this extension should not be sent unencrypted WebRTC would currently
only offer the encrypted variant of this, i.e.
  a=extmap:11 urn:ietf:params:rtp-hdrext:encrypt
http://www.webrtc.org/experiments/rtp-hdrext/corruption-detection
Now with cryptex this might end up negotiating both encryption variants.

https://www.rfc-editor.org/rfc/rfc9335.html#section-5 says
  If one of the peers has advertised the ability to receive both Cryptex
and header extensions encrypted as per [RFC6904] in the SDP exchange, it is
RECOMMENDED
  that the other peer use Cryptex rather than the mechanism in [RFC6904]
when sending RTP packets so that all the header extensions and CSRCS are
encrypted

which I interpret as
  "use cryptex, even if you did negotiate the extension and the RFC 6904
variant including "urn:ietf:params:rtp-hdrext:encrypt" should be
negotiated  in the SDP.

Is that correct?

Am Mo., 16. März 2026 um 07:57 Uhr schrieb Harald Alvestrand <
harald@alvestrand.no>:

> There is one scenario where applications want to control whether cryptex
> is used or not independently of whether the endpoints support it:
>
> It's when there's an intermediate RTP-forwarding relay that does *not*
> terminate the RTP session (and therefore doesn't participate in the SDP
> offer/answer function) depends for its function on inspecting RTP header
> extensions (such as a forwarder that is capable of dropping layers out of a
> SVC encoded video).
>
> In that case, even though both ends of the SDP offer/answer support
> cryptex, cryptex needs to be turned off.
>
> Do such relays exist?
> On 3/15/26 22:20, Philipp Hancke wrote:
>
> Thanks Sergio for pointing that out! This means the W3C API needs to
> account for this though. I read
>
> https://w3c.github.io/webrtc-extensions/#rtp-header-extension-encryption-policy
> as "mandatory to negotiate", not "mandatory to use".
>
> This should be possible to clarify, in particular since no browser shipped
> that yet.
>
> Am So., 15. März 2026 um 21:47 Uhr schrieb Sergio Garcia Murillo <
> sergio.garcia.murillo@gmail.com>:
>
>> Hi Philipp,
>>
>> I think this case is already considered in the RFC:
>>
>> 5.2. Receiving
>> When receiving an RTP packet that contains header extensions, the
>> "defined by profile" field MUST be checked to ensure the payload is
>> formatted according to this specification. If the field does not match one
>> of the values defined above, the implementation MUST instead handle it
>> according to the specification that defines that value.
>>
>> Alternatively, if the implementation considers the use of this
>> specification mandatory and the "defined by profile" field does not match
>> one of the values defined above, it MUST stop the processing of the RTP
>> packet and report an error for the RTP stream.
>>
>> I would say that a "sane" implementation of cryptex would always be
>> sending the RTP headers encrypted if the other receiving side supports it.
>> For WebRTC I would reject any non header encrypted packet if the header
>> encryption is set to "require", and maybe allow receiving them on
>> "negotiate".
>>
>> Best regards
>> Sergio
>>
>> El mar, 10 mar 2026, 21:16, Philipp Hancke <philipp.hancke=
>> 40googlemail.com@dmarc.ietf.org> escribió:
>>
>>> (too later for the next IETF but I hope that list discussion will
>>> clarify things)
>>>
>>> https://github.com/pion/webrtc/pull/3357#discussion_r2838855495
>>> raised a few interesting questions.
>>>
>>> https://www.rfc-editor.org/rfc/rfc9335.html#name-sdp-considerations
>>> says that it is possible to disable cryptex in a session. I.e. the
>>> following renegotiation test should pass:
>>>    O: cryptex
>>>    A: no cryptex
>>>    O: cryptex
>>>    A: cryptex
>>>    O: cryptex
>>>    A: no cryptex
>>> To me that seems like a downgrade attack but then cryptex is
>>> "declarative" and senders can unilaterally decide not to use it.
>>>
>>> This poses a problem for the W3C WebRTC API described in
>>>
>>> https://w3c.github.io/webrtc-extensions/#rtp-header-extension-encryption
>>> The API there describes the negotiation of the envelope.
>>> It does not allow telling whether encryption was used (on the receiving
>>> side) or let a sender control whether it is used.
>>> But if negotiation is required and the sender chooses not to use
>>> cryptex, what happens?
>>>
>>> I assume that receivers capable of cryptex will unconditionally process
>>> packets accordingly so in-flight packets during renegotiation are not an
>>> issue at least.
>>>
>>> Most of these problems should disappear if you can not change your mind
>>> on whether to use encryption once it is established that the peer does
>>> support cryptex.
>>>
>>> Thoughts?
>>>
>>> Philipp
>>> _______________________________________________
>>> Audio/Video Transport Core Maintenance
>>> To unsubscribe send an email to avt-leave@ietf.org
>>>
>>
> _______________________________________________
> Audio/Video Transport Core Maintenance
> To unsubscribe send an email to avt-leave@ietf.org
>
> _______________________________________________
> Audio/Video Transport Core Maintenance
> To unsubscribe send an email to avt-leave@ietf.org
>

v2.46.0 | Report a Bug | By Email | System Status