Re: [AVTCORE] RTP Header Extension Encryption
Harald Alvestrand <harald@alvestrand.no> Tue, 15 September 2020 15:05 UTC
Return-Path: <harald@alvestrand.no>
X-Original-To: avt@ietfa.amsl.com
Delivered-To: avt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D53923A0922 for <avt@ietfa.amsl.com>; Tue, 15 Sep 2020 08:05:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jf5DZDhYaS0H for <avt@ietfa.amsl.com>; Tue, 15 Sep 2020 08:05:38 -0700 (PDT)
Received: from mork.alvestrand.no (mork.alvestrand.no [158.38.152.117]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 173A43A09C0 for <avt@ietf.org>; Tue, 15 Sep 2020 08:05:37 -0700 (PDT)
Received: from [192.168.3.157] (unknown [188.113.93.42]) by mork.alvestrand.no (Postfix) with ESMTPSA id A6F827C5D7D for <avt@ietf.org>; Tue, 15 Sep 2020 17:05:30 +0200 (CEST)
To: avt@ietf.org
References: <CAOW+2dvo8z422LFeP5S652bq8RkF-SKhik=aXYXpTe9zqBX5yw@mail.gmail.com> <CAOW+2dt_A+A1AVnTUQyB4sTG5hMCv7Gf3-rrBB89LR-oacX=Rg@mail.gmail.com> <c390c256-3b4f-5c4d-0e2f-a784acec663c@alum.mit.edu> <CAOW+2dvAJSvAZmwNdYyGASj8Y5dptt8L6B9YrU3RMNrwP2ShGA@mail.gmail.com>
From: Harald Alvestrand <harald@alvestrand.no>
Message-ID: <d3ac7655-c7ad-f527-2416-5b9c14085aa6@alvestrand.no>
Date: Tue, 15 Sep 2020 17:05:28 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.11.0
MIME-Version: 1.0
In-Reply-To: <CAOW+2dvAJSvAZmwNdYyGASj8Y5dptt8L6B9YrU3RMNrwP2ShGA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------A07D4E07F45DFA3E4BFF0679"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/avt/rlAOhDxZ6MEHs7ZRVfJ72lTY0w4>
Subject: Re: [AVTCORE] RTP Header Extension Encryption
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Audio/Video Transport Core Maintenance <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/avt/>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Sep 2020 15:05:41 -0000
I think this scope is called "TRANSPORT" when talking about the bundle category of SDP extensions in general. On 9/11/20 9:00 PM, Bernard Aboba wrote: > Paul said: > > "Can you please clarify the scope for which you want the encryption to be > consistent? Above you variously mention all MIDs and all m-lines. I'm > concerned with what "all" applies to. > > I think I can agree if you are talking about "all within a bundle > group". Anything broader has major problems." > > [BA] Thanks for pointing this out. > > Mixing unencrypted and encrypted RTP header extensions within a bundle > group is problematic because all of the RTP packets arrive on the same > port, and the receiver needs to know the MID (which could be > encrypted) in order to figure out which packets should have encrypted > and unencrypted RTP header extensions. But if you have different > bundle groups, then it is possible for each group to have different > settings (e.g. encrypted RTP header extensions on one group and > unencrypted RTP header extensions on another bundle group) without > that problem arising. So this is an argument only for consistency > within each bundle group, not for requiring all bundle groups to have > the same setting. > > On Fri, Sep 11, 2020 at 11:31 AM Paul Kyzivat <pkyzivat@alum.mit.edu > <mailto:pkyzivat@alum.mit.edu>> wrote: > > Bernard, > > On 9/10/20 5:42 PM, Bernard Aboba wrote: > > > There was also some discussion of whether encryption could be > negotiated > > per m-line or just a blanket on/off for all m-lines. IMHO, > negotiating > > encryption per m-line is more complex, particularly if we also > choose to > > extend the scope of encryption, so as to cover the ID field (e.g. > > encrypt the entire RTP header extension block). Extending the > scope of > > encryption means that the entire MID header extension (including > the ID > > field) could be encrypted. > > > > Having encryption on for some m-lines and off for other m-lines > seems > > like it would open up a number of corner cases. If some MIDs > have RTP > > header extensions encrypted and others do not, how does an RTP > receiver > > know whether a particular RTP packet it receives has RTP header > > extensions encrypted or not? > > > > To determine this, the receiver needs to determine the MID > value, but > > for some packets the MID header extension is encrypted, and for > other > > RTP packets it isn't. The implementer might have to do some > error-prone > > and potentially non-interoperable gymnastics, like using > heuristics to > > guess whether the RTP header extension block is unencrypted or > > encrypted, or attempting to decrypt the RTP header extension > block on > > all received RTP packets, then checking for a MID header > extension to > > confirm that yes, the RTP header extension block should have been > > encrypted. > > > > This complexity can be avoided if RTP header extension > encryption is > > either on or off for all MIDs. It is hard to come up with a use > case in > > which you'd only want some m-lines to have RTP header extension > > encryption on and you'd want other m-lines to have RTP header > extensions > > sent in the clear. So the added complexity doesn't seem to have a > > corresponding benefit. > > Can you please clarify the scope for which you want the encryption > to be > consistent? Above you variously mention all MIDs and all m-lines. I'm > concerned with what "all" applies to. > > I think I can agree if you are talking about "all within a bundle > group". Anything broader has major problems. > > Thanks, > Paul > > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org <mailto:avt@ietf.org> > https://www.ietf.org/mailman/listinfo/avt > > > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt
- [AVTCORE] RTP Header Extension Encryption Bernard Aboba
- Re: [AVTCORE] RTP Header Extension Encryption Bernard Aboba
- Re: [AVTCORE] RTP Header Extension Encryption Sergio Garcia Murillo
- Re: [AVTCORE] RTP Header Extension Encryption Bernard Aboba
- Re: [AVTCORE] RTP Header Extension Encryption Sergio Garcia Murillo
- Re: [AVTCORE] RTP Header Extension Encryption Paul Kyzivat
- Re: [AVTCORE] RTP Header Extension Encryption Bernard Aboba
- Re: [AVTCORE] RTP Header Extension Encryption Paul Kyzivat
- Re: [AVTCORE] RTP Header Extension Encryption Magnus Westerlund
- Re: [AVTCORE] RTP Header Extension Encryption Harald Alvestrand
- Re: [AVTCORE] RTP Header Extension Encryption Harald Alvestrand
- Re: [AVTCORE] RTP Header Extension Encryption Magnus Westerlund
- Re: [AVTCORE] RTP Header Extension Encryption Magnus Westerlund
- Re: [AVTCORE] RTP Header Extension Encryption Harald Alvestrand
- Re: [AVTCORE] RTP Header Extension Encryption Paul Kyzivat