Re: [dispatch] [Sframe] Dispatch of SFrame
Eric Rescorla <ekr@rtfm.com> Wed, 17 June 2020 13:20 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95FB23A0063 for <dispatch@ietfa.amsl.com>; Wed, 17 Jun 2020 06:20:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aB4q894sBrg0 for <dispatch@ietfa.amsl.com>; Wed, 17 Jun 2020 06:20:29 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2466B3A077D for <dispatch@ietf.org>; Wed, 17 Jun 2020 06:20:29 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id t74so1292253lff.2 for <dispatch@ietf.org>; Wed, 17 Jun 2020 06:20:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=e310yIn66AhApc2VGX2pFSpmG6R3vmL2+8lmaisRc2c=; b=eqPD6d3gundWP7qPWQdrFBYY3UrFFhMnaJ53/w3Zxu6KMYrSXgYO2295M4068sP2xa 208WCYmO/T19Qby5B2hZ9jZTlbPORKxm9dDUHBa2kJe1sRK9/ih8GsGTyohCjuo1iRVG Sl/v/mH+DXmBAQx3bKbLZ1iFPez/m8/9j486hV1MeOYFle6pBSo39sMPaQG46BAEVRmy vy++67392krqQCoSIkhi7z7r5xKHiEUwWE2Hh06FRW4g1KMz5v/oy87BPLS78M5p0UQv EX34SDuxntF/dmvSVPrPzHacNafDqbDypaD/jUWoXMsHpoJDrtkeYWrwNA53y2YSY88q 6lZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=e310yIn66AhApc2VGX2pFSpmG6R3vmL2+8lmaisRc2c=; b=R9jefU0W0IKozXFrF5n1fXQjFnXnItg6TnAySN8l63RTUimhjggxyi/Ju+qDn+AdfY PTIJyc+VKP4QppB7t4FuaQ32Uk9TdR6MiBxLNqzUnqT3/4TjI74m3PRKU9ZMYl0mScmw GD5oUunxAEht0GMOMVhrGA/dA32/9ZC4GAwfHC7ar2DG1+gnmCLXTBxJCWuqe5hhShCR VB0cHhTnsccD82I4hXUnz664wS0VOkdXf1wAv2qPFsrGr1aDfZJvjfZwglo8MwfD2qCQ 4A7d9AjjM2zckqTM32F6Y37jXOudwLecYJ2IEMwdDeEEOs38gE5Zy0mN9UTqBhDjnCAt 8/Fw==
X-Gm-Message-State: AOAM530hwug8uAHEmLKw2zARBujXSzTuYDfOqFpFG6/5DjMA+mFHWCFA qy9Vjz2iXz2TgmxIT2n4c6By4bktr2+80jpNwbZ2vw==
X-Google-Smtp-Source: ABdhPJwPRk02aXE56zY5cmQX0R93dZWpFMwA4WPPisXYF7t5m6OXFb5jxIEYnuoKl8b+ZLQllYiL7pbw0JB0sDUgCE8=
X-Received: by 2002:ac2:5197:: with SMTP id u23mr4627598lfi.109.1592400027297; Wed, 17 Jun 2020 06:20:27 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBOWU8G1p7zKYmUh+13+ZDgpuzgN737aJTNOfsdFTbKQxQ@mail.gmail.com> <355B2449-D396-4528-896B-CA2ED630ED35@gmail.com> <CABcZeBOLzTsKfv6WcPRLkFVc2RxJ3CTmjyLZf9pmESugsG=vag@mail.gmail.com> <CAAZdMadu1HBRWLjZtZ5sj4zYXffmP9xNjLoZAVqq5Otk4PB-Og@mail.gmail.com>
In-Reply-To: <CAAZdMadu1HBRWLjZtZ5sj4zYXffmP9xNjLoZAVqq5Otk4PB-Og@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 17 Jun 2020 06:19:50 -0700
Message-ID: <CABcZeBPRyJ2koGnB4Mxcfuatnw0idqQ3v8qmq6q4jE43an6FUg@mail.gmail.com>
To: Victor Vasiliev <vasilvv@google.com>
Cc: Bernard Aboba <bernard.aboba@gmail.com>, DISPATCH list <dispatch@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f7bdd805a84785c7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/-z2oL9f7qmvASiDvSQRh5TL28i8>
Subject: Re: [dispatch] [Sframe] Dispatch of SFrame
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jun 2020 13:20:43 -0000
On Tue, Jun 16, 2020 at 7:25 PM Victor Vasiliev <vasilvv@google.com> wrote: > I imagine that for high-bitrate traffic, the difference between encrypting > every packet and encrypting an entire frame at once is substantial enough > to make using asymmetric crypto feasible in practice. > A few points: 1. The current SFrame draft does not in fact sign every frame. Rather it signs the past N frames ( https://tools.ietf.org/html/draft-omara-sframe-00#section-4.4) "Adding a digital signature to each encrypted frame will be an overkill, instead we propose adding signature over multiple frames." 2. This is maybe sorta true for video in which the frames are large (though see below) but remember that audio frames are small and have to have low latency. 3. For video, it's true that I-Frames are enormous but the bulk of the frames are P-Frames and those would generally be on the order of 1 packet, at which point you're not getting much improvement. IOW, it's complicated, but if you're not a fan of the "sign every packet" strategy, you probably are going to find that "sign every frame" doesn't work super well either. -Ekr > On Tue, Jun 16, 2020 at 10:53 AM Eric Rescorla <ekr@rtfm.com> wrote: > >> >> >> On Tue, Jun 16, 2020 at 7:27 AM Bernard Aboba <bernard.aboba@gmail..com >> <bernard.aboba@gmail.com>> wrote: >> >>> On Jun 16, 2020, at 6:53 AM, Eric Rescorla <ekr@rtfm.com> wrote: >>> > >>> > Yes, I understand that the wire encoding supports signatures, but in >>> the discussions I've had (including with Emac) I don't think that people >>> believe that the latency/bandwidth/computation tradeoff is viable. >>> >>> [BA] Depends on the scenario. We are in a pandemic where conferences >>> are being used for all kinds of things that we haven’t seen before. For >>> example, consider a situation in which participants are answering a binding >>> poll and the responses (voice or data) need to be authenticated. SFrame can >>> handle that. PERC cannot. >> >> >> I don't really think framing this as "PERC vs. SFrame" is that helpful, >> but there's no in principle reason PERC couldn't have signatures, though of >> course one would need to define new algorithms. >> >> -Ekr >> >> _______________________________________________ >> dispatch mailing list >> dispatch@ietf.org >> https://www.ietf.org/mailman/listinfo/dispatch >> >
- Re: [dispatch] [Sframe] Dispatch of SFrame Bernard Aboba
- Re: [dispatch] [Sframe] Dispatch of SFrame Eric Rescorla
- Re: [dispatch] [Sframe] Dispatch of SFrame Sergio Garcia Murillo
- Re: [dispatch] [Sframe] Dispatch of SFrame Eric Rescorla
- Re: [dispatch] [Sframe] Dispatch of SFrame Bernard Aboba
- Re: [dispatch] [Sframe] Dispatch of SFrame Sergio Garcia Murillo
- Re: [dispatch] [Sframe] Dispatch of SFrame Eric Rescorla
- Re: [dispatch] [Sframe] Dispatch of SFrame Martin Thomson
- Re: [dispatch] [Sframe] Dispatch of SFrame Victor Vasiliev
- Re: [dispatch] [Sframe] Dispatch of SFrame Bernard Aboba
- Re: [dispatch] [Sframe] Dispatch of SFrame Eric Rescorla