Re: [dispatch] Proposal for a new WG: Privacy Enhanced RTP Conferencing (PERC)
"David Benham (dbenham)" <dbenham@cisco.com> Tue, 14 April 2015 23:12 UTC
Return-Path: <dbenham@cisco.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1085E1B3057 for <dispatch@ietfa.amsl.com>; Tue, 14 Apr 2015 16:12:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -13.311
X-Spam-Level:
X-Spam-Status: No, score=-13.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, J_CHICKENPOX_31=0.6, J_CHICKENPOX_51=0.6, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id taOKTG9h6dx1 for <dispatch@ietfa.amsl.com>; Tue, 14 Apr 2015 16:12:14 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 809591B3056 for <dispatch@ietf.org>; Tue, 14 Apr 2015 16:12:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6946; q=dns/txt; s=iport; t=1429053134; x=1430262734; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=RGH8aFNvEwbqg2ExrntKgDDscN2nY9pAHOrvXBdg/1s=; b=WV4FhH+ks0BsE2xqxtE9Armg8fNTmQblBTZCausF8d0VjQHVUAYkhdhT LDAmnx4WHtClvJyz+mmAxBpC+6DQVn5rBu1FuCfWzAsL7FBRcxFACGQhH k/2mAkzQ+GEZEYfG3VWUNGquRPvnSlwU4rNAal8dWDP1m41Jx8kGhOlPl E=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AcBQAmni1V/4cNJK1TCYMMUlwFxzkMhTFOAoFETAEBAQEBAX6EHwEBAQMBAQEBNy4GEAkEAQgRAQIBAgEKFAkiDAsUAwYJAQQBEggTiAcIDcpDAQEBAQEBAQEBAQEBAQEBAQEBAQEBEwQEiyeEICsGOIMRgRYFhiaKaIN5hzWDN5AYIoNvb4FEfwEBAQ
X-IronPort-AV: E=Sophos;i="5.11,578,1422921600"; d="scan'208";a="408754207"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-1.cisco.com with ESMTP; 14 Apr 2015 23:12:12 +0000
Received: from xhc-aln-x10.cisco.com (xhc-aln-x10.cisco.com [173.36.12.84]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id t3ENCCcn032401 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 14 Apr 2015 23:12:12 GMT
Received: from xmb-aln-x10.cisco.com ([169.254.5.214]) by xhc-aln-x10.cisco.com ([173.36.12.84]) with mapi id 14.03.0195.001; Tue, 14 Apr 2015 18:12:12 -0500
From: "David Benham (dbenham)" <dbenham@cisco.com>
To: "dispatch@ietf.org" <dispatch@ietf.org>, "ben@nostrum.com" <ben@nostrum.com>
Thread-Topic: [dispatch] Proposal for a new WG: Privacy Enhanced RTP Conferencing (PERC)
Thread-Index: AdB3CIWIxzHYODvwQv+pmhwOwoSRPw==
Date: Tue, 14 Apr 2015 23:12:11 +0000
Message-ID: <0683D6CB32AC424D8AF52C0F660E5DC56B984445@xmb-aln-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.35.132.38]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dispatch/PRNKsH4KN3JG7Kvdl6mSK2zg474>
Subject: Re: [dispatch] Proposal for a new WG: Privacy Enhanced RTP Conferencing (PERC)
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2015 23:12:17 -0000
> Date: Thu, 09 Apr 2015 16:29:03 -0500 > From: "Ben Campbell" <ben@nostrum.com> > To: "Magnus Westerlund" <magnus.westerlund@ericsson.com> > Cc: DISPATCH list <dispatch@ietf.org> > Subject: Re: [dispatch] Proposal for a new WG: Privacy Enhanced RTP > Conferencing (PERC) > Message-ID: <DF642B61-47ED-4F33-BE7F-3F70FF80B294@nostrum.com> > Content-Type: text/plain; charset=utf-8; format=flowed > > For the record, I'd love to see this get chartered. I think the charter > is on the right track. It might be worth mentioning the drafts in the > charter as "inputs" to the work. > > Is anyone else interested in working on this? Yes, fully behind this! David Benham > /Ben > > On 25 Mar 2015, at 18:27, Magnus Westerlund wrote: > > > Dispatch, > > > > AVTCORE WG has discussed a couple of proposals that discusses > > end-to-end > > security in centralized RTP based conferences. > > > > Drafts for these Proposals: > > https://datatracker.ietf.org/doc/draft-jones-avtcore-private-media-reqts/ > > https://datatracker.ietf.org/doc/draft-jones-avtcore-private-media- > framework/ > > https://datatracker.ietf.org/doc/draft-cheng-avtcore-srtp-cloud/ > > > > In these discussions one has reached the conclusion that this work > > requires its own venue to continue the work. Therefore a number of > > interested has put together a initial draft charter for a new WG. > > > > Please review and provide feedback. > > > > > > Name: Privacy Enhanced RTP Conferencing (PERC) > > Area: ART > > Chairs: TBD > > Mailing List: <using dispatch@ietf.org for now> > > > > Motivation for new WG > > --------------------- > > > > RTP-based real-time multi-party interactive media conferencing is > > today > > in widespread use. Many of the deployments uses one or more centrally > > located media distribution devices that perform selective forwarding > > or > > mixes media streams received from the participating endpoints. The > > media > > transport protocol commonly used is RTP (RFC3550). There are various > > signaling systems used to establish these multi-party conferences. > > > > These conferences require security to ensure that the RTP media and > > related meta data of the conference is kept private to the set of > > invited participants and only other devices trusted by those > > participants with their media. At the same time, multi-party media > > conferences do need source authentication and integrity checks to > > protect against modifications, insertions or replay attacks. Media > > distribution devices supporting these conferences may also perform RTP > > header changes and often consume and create RTCP messages for > > efficient > > media handling. > > > > To date, deployment models for these multi-party media distribution > > devices do not enable them to perform their functions without having > > keys to decrypt the participants? media, primarily using Secure RTP > > (RFC3711) to provide session security. > > > > A new architecture model and related specifications is needed, with a > > focused effort from the RTP and Security communities. > > > > WG Objectives > > ------------- > > > > This WG will work on a solution that enables centralized SRTP based > > conferencing where the central device distributing the media is not > > required to be trusted with the keys to decrypt the participant?s > > media. > > The media must be kept confidential and authenticated between an > > originating endpoint and the explicitly allowed receiving endpoints or > > other devices. Further it is desired that a solution still provide > > replay protection so that the media distribution devices can?t > > replay > > previous parts of the media. > > > > The solution must also provide security for each hop between endpoints > > and multi-party media distribution devices and between multi-party > > media > > distribution devices. The RTCP messages and RTP header extensions > > required for the media distribution device to perform the selective > > media forwarding may require both source authentication and integrity > > as > > well as confidentiality. The solution may also consider providing > > end-to-end security for a subset of the RTCP messages or header > > extensions. > > > > The solution should be usable from both SIP and WebRTC endpoints that > > implement the extension defined by this WG. > > > > This WG will perform the following work: > > > > 1. Define a general architecture and RTP topology(s) that enables > > end-to-end media security for multi-party RTP conferencing. > > > > 2. Define the trust model and describe the resulting security > > properties. > > > > 3. Specify any necessary extensions to SRTP. > > > > 4. Define a Key Management Function that distributes the keys. The > > system needs to be able to bind the media to the sender of the > > media?s identity and/or the identity of the conference. > > > > Collaboration > > ------------- > > > > If there is identification of missing protocols or functionalities, > > such > > work can be requested to be done in another working group with a > > suitable charter or by requests for chartering it in this WG or > > another > > WG. Potential work that might require work in other WGs are DTLS > > extensions (TLS) as well as RTP header extensions (AVTEXT). This > > requires strong collaboration with the security area. We will notify > > SIPREC, W3C WebRTC, AVTCore, and other related groups about this work. > > > > Non-Goals > > --------- > > > > The WG is not chartered to extend any signaling system used to > > establish > > the RTP based conferences. It will however, need to consider in its > > architecture how the solution may integrate with these systems. > > > > Will not consider non-real-time usages, multicast based media > > distribution, or Security descriptions-based keying. > > > > Goals and Milestones > > -------------------- > > > > TBD Submit architecture or framework specification to IESG (Standards > > Track) > > > > TBD Submit protocol specification(s) to IESG (Standards Track) > > > > > > > > > > Cheers > > > > Magnus Westerlund > > (AVTCORE WG chair) > > > > > > ---------------------------------------------------------------------- > > Services, Media and Network features, Ericsson Research EAB/TXM > > ---------------------------------------------------------------------- > > Ericsson AB | Phone +46 10 7148287 > > F?r?gatan 6 | Mobile +46 73 0949079 > > SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com > > ---------------------------------------------------------------------- > > _______________________________________________ > > dispatch mailing list > > dispatch@ietf.org > > https://www.ietf.org/mailman/listinfo/dispatch
- [dispatch] Proposal for a new WG: Privacy Enhance… Magnus Westerlund
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Ben Campbell
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Simon Perreault
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Magnus Westerlund
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Robert Sparks
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Ben Campbell
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Magnus Westerlund
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Paul Kyzivat
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Jonathan Lennox
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Jonathan Lennox
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Robert Sparks
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Jonathan Lennox
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Robert Sparks
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Adam Roach
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Christian Groves
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Christian Groves
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Paul Kyzivat
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Paul E. Jones
- Re: [dispatch] Proposal for a new WG: Privacy Enh… David Benham (dbenham)
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Adam Roach
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Paul Kyzivat
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Eric Rescorla
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Adam Roach
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Paul Kyzivat
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Paul Kyzivat
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Christian Groves
- Re: [dispatch] Proposal for a new WG: Privacy Enh… Roni Even