Re: [AVTCORE] RTP Header Extension Encryption

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 14 September 2020 07:41 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1B8AB3A0D03 for <avt@ietfa.amsl.com>; Mon, 14 Sep 2020 00:41:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-1.695, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AmgmBrha4QHZ for <avt@ietfa.amsl.com>; Mon, 14 Sep 2020 00:41:52 -0700 (PDT)
Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-eopbgr130047.outbound.protection.outlook.com [40.107.13.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 055A53A0D02 for <avt@ietf.org>; Mon, 14 Sep 2020 00:41:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mdnvmc309YCsyAqXteJOgpcagEEBthUjV9/5owoA0MhuiGQvS0RNZx7blehGRlpcFdjlfVxLn4K2bLYljaEmqoeRYmkHjbnjvezzjZSAjfWGpTikZSynWpN3NSFLZSQ81aApDQO8Ofu46j7WBnefo4Csfa4hiHa+StXtHKTABG0nI0F0iHs4Y2fQv/58fVU7qqrSGqv5zbg55fnF4z8gbm5tifTSkPsZzUGkdDdQ3xopkEdLwLQzf70tMoMtVFT478Nxp5LnNFA2QYAyF4YzX0JVpgqHmL6/CHTXwzRt7Z7Wh0XNhfhw1lW0wufk90QVMgunZVcDYS/j5jKWHyXfXA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l57kI3vp5Y8Q/Qxie9bHirwo+39wUHSfIaEglyK9e2c=; b=Xz2VI5XWwxWHEVX5tJ1VWTIVpafGbuj9U+cAyhqr+7oG/nOAvZBXgAHTn++ewX+0tXN39q3fQN5pe0LUz/4oXLpdN5f1a7YIU2EqqYKaq2/VXQ3D/LhpHPxyohSkXdxwUU+i+juqCrtZuhaQnVpr1EMpBhwWZZ7kTRJkSXA/PjpzK4/IiJw26y14NH77M8PqJAI4AW01gwsIpndC0Vb52IbPzAKgL1jc0eY7SteTH3Uq8yEptmFB5HQkKwSuT6aGPA6i9iAXfLpXxdpckAXsoJEwiZJogkefewH4hvmqzIj6NAGsyDx08gQr04nmb3isy+fJqqnq/Jq4vLc9tUeGOw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l57kI3vp5Y8Q/Qxie9bHirwo+39wUHSfIaEglyK9e2c=; b=QE/MJw2jyJBVVzMOo+5+bN2UhgMJCJk/drdQ861hAJprXEDrMUX2/Zqb/l5zMsxEAYkYgA4g29PSANYy9obH9FDrXDDvWrgyW0a6bp37VHThz/gv/B5Ru8A0u6S29FoaGdZC6dDDnFFlALtKeS0KwK/imuTHDABb29VTL2VPPUI=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0701MB3001.eurprd07.prod.outlook.com (2603:10a6:3:52::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.9; Mon, 14 Sep 2020 07:41:49 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::c98a:9a0c:1eea:3fdc]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::c98a:9a0c:1eea:3fdc%6]) with mapi id 15.20.3391.009; Mon, 14 Sep 2020 07:41:49 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "bernard.aboba@gmail.com" <bernard.aboba@gmail.com>, "pkyzivat@alum.mit.edu" <pkyzivat@alum.mit.edu>
CC: "avt@ietf.org" <avt@ietf.org>
Thread-Topic: [AVTCORE] RTP Header Extension Encryption
Thread-Index: AQHWh7dkr7Hg0+xmr0iVkQ6HrsaeMqliZwgAgAFdHQCAAAf6gIAADV8AgAPsEoA=
Date: Mon, 14 Sep 2020 07:41:49 +0000
Message-ID: <a94e06f512bea37100179f6601df363ef9ad207e.camel@ericsson.com>
References: <CAOW+2dvo8z422LFeP5S652bq8RkF-SKhik=aXYXpTe9zqBX5yw@mail.gmail.com> <CAOW+2dt_A+A1AVnTUQyB4sTG5hMCv7Gf3-rrBB89LR-oacX=Rg@mail.gmail.com> <c390c256-3b4f-5c4d-0e2f-a784acec663c@alum.mit.edu> <CAOW+2dvAJSvAZmwNdYyGASj8Y5dptt8L6B9YrU3RMNrwP2ShGA@mail.gmail.com> <e94134bc-e411-1bdb-44cf-3cdf34f38044@alum.mit.edu>
In-Reply-To: <e94134bc-e411-1bdb-44cf-3cdf34f38044@alum.mit.edu>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [158.174.116.90]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f7dadbc3-c754-42a7-72b6-08d85881a397
x-ms-traffictypediagnostic: HE1PR0701MB3001:
x-microsoft-antispam-prvs: <HE1PR0701MB30014512A8E02264EF276F4E95230@HE1PR0701MB3001.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: S+rX8xqoX+IGLtOZjEfK1KPFkOY2hcnHroTEKkec2ItRl5QzaOvEvAY4rzwB0HRBsc7t8Rueo17H/D98l1VIZ5938Qr5wQnfjfgp+w+2eLv4aM/swcQcPFy2Rnvap7FlD4UZUPPBYTSrIFeTjwF8ATSEUY4+/RN4bhenYz5mH7the7WyxxFekOnZ4lJD6flH3iEq75Zm/rDveKeXKhoIGksh7LWWIACq/ZqiGDsC7ZKjs00v06UyBZ93lcQcUh/GgldidvAsdcsNAhtc+wMmFmFo0jQaS9ZsitY+eUBucS/aGiBBjF0zvO4CG5561nxYBREuiV6vOl35L1zCN606weU5DVwfC/dnB2Dv3fKdPZAiq7/GQsuteuvdFhvbrRzZFA9ZItWYWxUXTxfabs7e1ZDqlS+z2VwYG0NbagFFabk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(396003)(39860400002)(376002)(136003)(346002)(316002)(2616005)(4326008)(36756003)(6512007)(5660300002)(44832011)(83380400001)(71200400001)(26005)(66556008)(66946007)(76116006)(86362001)(66446008)(64756008)(66476007)(6486002)(508600001)(2906002)(186003)(6506007)(53546011)(8676002)(8936002)(110136005)(99106002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: zVeUsyuqH5HXTVh+4cFqBsaTa7g4THtbyUp+A0Eu/ju1w0seZQeiBa75xWf5XDxiE2YzfvhaDn0Wv4GEzvIFnqvLER+4PeJHQHDvpsszjeYIh5u9BkTG3Xvd9ZD+2ghz/ZOtqzia26ltm7QXXfrljpUTUfk4xFP9ullGqhDI1KDqfWRjP7DnsNlvIn2QUt0LM+Yxt8Wf+G6jl9gzs+677bWWVNsob9ypzAByfasduJbiarnPTaSvX3K3b69i/l1oOz6vnuhcPwHGbbclVNRznOyr0PcwQSXE71iJ0sJr6sqnkYYVjnbUiI7Wvm3VMcZqMENGC5EXj+RoWiXdzAOUOOQ9ZGmGdRT8FxAAHnIGokDIGZ5R4r9/hhRBk+2z0aQzGOBmXbk1y1K7BEJ7vMAVxNU3EN3MHZOTTyV+k+TWZ9yYn/X8G7zrDZuWRFwJZcjIMTuBHGunVZFz3udJA3pb2Ul2ttnObeqibaM8VKuJ3PTXMDmbdmapABQM+IWEZZpYDsLHzYgOg4m4tcnyC9Xr/kpk0XT+B6uZovued4kD2a/AELyODmBspVk1VKpqFo1Crv164D80ySEst1Es6vsDFQCTn27Kl3IJL7pFrHXx8jEZPPXAg967h96fhy9RvjjUcxvzKsSyt8XUyX4ZKTRG2A==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <A35C2802BF42484FA48F1E073095C21B@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f7dadbc3-c754-42a7-72b6-08d85881a397
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Sep 2020 07:41:49.0392 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 55/OMOpOUHN4XQY+QqCgrYm6aHTX5ABzLvdYEtdJSGYPgK59kM/hXzVs1WhqPAax4VD5dQk0LMBrzj3kIQwcua95I0em89rqrbaXMAMNYFo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3001
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/pWgVD_s8ulkcj3RaFPFOz6FZcrA>
Subject: Re: [AVTCORE] RTP Header Extension Encryption
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 Sep 2020 07:41:54 -0000

On Fri, 2020-09-11 at 15:48 -0400, Paul Kyzivat wrote:
> On 9/11/20 3:00 PM, Bernard Aboba wrote:
> > Paul said:
> > 
> > "Can you please clarify the scope for which you want the encryption to be
> > consistent? Above you variously mention all MIDs and all m-lines. I'm
> > concerned with what "all" applies to.
> > 
> > I think I can agree if you are talking about "all within a bundle
> > group". Anything broader has major problems."
> > 
> > [BA] Thanks for pointing this out.
> > 
> > Mixing unencrypted and encrypted RTP header extensions within a bundle 
> > group is problematic because all of the RTP packets arrive on the same 
> > port, and the receiver needs to know the MID (which could be encrypted) 
> > in order to figure out which packets should have encrypted and 
> > unencrypted RTP header extensions.  But if you have different bundle 
> > groups, then it is possible for each group to have different settings 
> > (e.g. encrypted RTP header extensions on one group and unencrypted RTP 
> > header extensions on another bundle group) without that problem 
> > arising.  So this is an argument only for consistency within each bundle 
> > group, not for requiring all bundle groups to have the same setting.
> 
> I'm feeling we need a new term here. It has to cover a bundle group as 
> well as a single media-description that isn't bundled. Is there a term 
> for this within the RTP vocabulary?
> 
> 

The term in the RTP vocabulary that makes sense are to have header encryption
configuration be applied on the RTP session. 

A boundle group will be one RTP session as they share BUNDLE Transport
parameters.


Cheers

Magnus Westerlund 


----------------------------------------------------------------------
Networks, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------