Re: [Cellar] Roman Danyliw's Discuss on draft-ietf-cellar-matroska-18: (with DISCUSS and COMMENT)
Steve Lhomme <slhomme@matroska.org> Sat, 05 August 2023 11:09 UTC
Return-Path: <slhomme@matroska.org>
X-Original-To: cellar@ietfa.amsl.com
Delivered-To: cellar@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95351C14CEFC for <cellar@ietfa.amsl.com>; Sat, 5 Aug 2023 04:09:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=matroska-org.20221208.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pvg2s-wrVfQX for <cellar@ietfa.amsl.com>; Sat, 5 Aug 2023 04:09:38 -0700 (PDT)
Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56AF6C151544 for <cellar@ietf.org>; Sat, 5 Aug 2023 04:09:37 -0700 (PDT)
Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-3178fa77b27so2450525f8f.2 for <cellar@ietf.org>; Sat, 05 Aug 2023 04:09:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=matroska-org.20221208.gappssmtp.com; s=20221208; t=1691233776; x=1691838576; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=BUsL9B8C/Ylwux8nbYI6Km0HgrUjt84eegJ6HjhyT44=; b=wcwG3/ZGhEiO8rLt3s7msHBir9apnRFWoiyZQStxKqeATUDSSX3Z3xax504Y0QlNWu iq2CDXzQ3cABsI3H8CCzCIgzZu75hzAvvwcnOuFF79Ib8A675Gt1zyMH+lBv2HJnTl/g H23ZDOTaskj2TDtcKDAVznS6PiZPpmJM3mwi7aQpFLkLRD0OESpyoVxk/JyoRKFvLM1h Ldbz4H5/EaHk+XPM4ZACsA5kdTUFdCa4V9adQY6I4gwCicl+5vRbYI9/Mw3ZMpJZpUD7 P8SWj+EbyCbj6M/+JlPDVNhfaYcL8LcMisJvzcxKdf8YqdHGPtnksgd15LJSZJS3vjKC qMRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691233776; x=1691838576; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=BUsL9B8C/Ylwux8nbYI6Km0HgrUjt84eegJ6HjhyT44=; b=O9KqXM9/OqnSIS6T7nmA3ipj5X+nWyxQWAqYxhcel6GTHg66kAZQh2ha1+pxOdNO/D KpYh9NiYspTGfRA2daRdIetQlCzUwPcudpE42k8sjgoX9kEqGYonV6I9FK03O23Y1lY3 Ugdl6oyKTqdHFu2S+7ujH14cmtXzbBPOqDSQYBr+mXsWMXMEta8JkU/yAAJMmhY98NN+ Z+PojxupZfA3PyQMOU5QhWqOy4Z+2BANUVkIeSVVkCA0c2rqyfYfDcMG2dNIeyuUsVpW YzbYud6E2GRmU8ygKIZY1TdggGmmVm4uqcXiQe6nG+sn8odlBCcT1wpMrsStEAZ7F5Na 7+RA==
X-Gm-Message-State: AOJu0YxN3ilEs0FZmuWoNxgRIS0aF9zP83kZEL85ofFlyRa06T1ty0gR Tq0GQQ+gMd14+RUQWUFhhoNaQg==
X-Google-Smtp-Source: AGHT+IH0g1YOlCgcg32edS6NTaSjPzstd7ZkP+3dnZOKi26csLoNUeRkIaZRhMjha0x7zQZCDCH4mQ==
X-Received: by 2002:a05:6000:12:b0:317:7362:3fe8 with SMTP id h18-20020a056000001200b0031773623fe8mr3284603wrx.9.1691233775647; Sat, 05 Aug 2023 04:09:35 -0700 (PDT)
Received: from smtpclient.apple (2a01cb0c0020e9003c149b30238b2642.ipv6.abo.wanadoo.fr. [2a01:cb0c:20:e900:3c14:9b30:238b:2642]) by smtp.gmail.com with ESMTPSA id w6-20020adfcd06000000b00317c742ca9asm4879669wrm.43.2023.08.05.04.09.34 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 05 Aug 2023 04:09:34 -0700 (PDT)
From: Steve Lhomme <slhomme@matroska.org>
Message-Id: <994BBF57-8B9C-4D3F-8F36-895025543131@matroska.org>
Content-Type: multipart/alternative; boundary="Apple-Mail=_6DC0B4A2-B182-4170-B396-8C2E549A38A9"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Date: Sat, 05 Aug 2023 13:09:24 +0200
In-Reply-To: <3C91722A-7BF5-481B-AC7E-0D8ADC8A5F2B@matroska.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-cellar-matroska@ietf.org, cellar-chairs@ietf.org, Codec Encoding for LossLess Archiving and Realtime transmission <cellar@ietf.org>, mcr+ietf@sandelman.ca
To: Roman Danyliw <rdd@cert.org>
References: <169023457125.6621.17494431568319622884@ietfa.amsl.com> <3C91722A-7BF5-481B-AC7E-0D8ADC8A5F2B@matroska.org>
X-Mailer: Apple Mail (2.3731.700.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cellar/uAfd96LRc1IpbKnlnd9gqG0cynI>
Subject: Re: [Cellar] Roman Danyliw's Discuss on draft-ietf-cellar-matroska-18: (with DISCUSS and COMMENT)
X-BeenThere: cellar@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Codec Encoding for LossLess Archiving and Realtime transmission <cellar.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cellar>, <mailto:cellar-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cellar/>
List-Post: <mailto:cellar@ietf.org>
List-Help: <mailto:cellar-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cellar>, <mailto:cellar-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Aug 2023 11:09:42 -0000
Hi Roman, > On 30 Jul 2023, at 14:41, Steve Lhomme <slhomme@matroska.org> wrote: > >> [Per -16] >>> ** Section 5.1.4.1.31.10. ContentEncKeyID Element. >>> definition: For public key algorithms this is the ID of the public >>> key the the data was encrypted with. >>> >>> The descriptive text is suggesting that the ID to a public key if public key >>> algorithms are described. However, Table 26 only lists symmetric algorithms. >>> How is this key ID used? >> >> I didn’t receive a response to this feedback. Even recognizing that the >> security solution is out-of-scope, this text is inconsistent with existing text >> as described above. Is the public key solution a KEK? > > I had to lookup what a KEK is. I think the important naming here is ContentEncKeyID. It does not say it’s public or just a generic key. We could just remove the word “public” from the text. > >> There is related text in Section 14 which references public keys which should >> be harmonized. Specifically: >> >> For encryption systems sharing public/private keys, the creation of >> the keys and the exchange of keys are not covered by this document. >> They have to be handled by the system using Matroska. A bit more on this. I did my own research and found out about Key IDs in the Encrypted Media Extension [1]. As the name suggests, it’s not an actual key but an ID the host app has to interpret. However for asymmetric encryption algorithms, ie that use a public key, it may usually be preferred to share the public key rather than an ID. For symmetric algorithms the key must not be in the file, that’s why it’s using an ID that both sides must understand. None of the algorithms in ContentEncAlgo are asymmetric ones. So for now we don’t support asymmetric encryption. If that ever happens we’ll need to define where the public key goes. IMO it could be ContentEncKeyID if the key is not in the file. And it should be a different element if the key is in the file. >>> ** Section 5.1.4.1.31.*. AES and associated modes (CTR and CBC) are named. >>> What is the key size? Is it AES-128 (?) or -256. [WebM-Enc] references in >>> Section 14 suggests it is 128. Please be explicit. >> >> Please explicitly say that some of the algorithms described in Table 26 support >> different modes of operations and key sizes. The specification of these >> parameters is required for a complete solution, but is out of scope of this >> document and left to the propriety implementations using them or subsequent >> profiles of this document. > > Isn’t the key stored in ContentEncKeyID ? If so the size of the key is the size of the data in the element. It doesn’t need to be written somewhere else. > So if your system only supports AES-256 but ContentEncKeyID only has 16 octets (128 bits) then you don’t support it. > > The WebM spec also doesn’t mention it but it’s implied by the elements necessary to support their encryption system. OK, now I understand we do not put any actual key in the Matroska files. So we can’t deduce the key size from our element. I added your text suggestion in the Pull Request [2] [1] https://www.w3.org/TR/encrypted-media/ [2] https://github.com/ietf-wg-cellar/matroska-specification/pull/797
- [Cellar] Roman Danyliw's Discuss on draft-ietf-ce… Roman Danyliw via Datatracker
- Re: [Cellar] Roman Danyliw's Discuss on draft-iet… Steve Lhomme
- Re: [Cellar] Roman Danyliw's Discuss on draft-iet… Steve Lhomme
- Re: [Cellar] Roman Danyliw's Discuss on draft-iet… Steve Lhomme
- Re: [Cellar] Roman Danyliw's Discuss on draft-iet… Roman Danyliw