Re: [dispatch] Proposal for a new WG: Privacy Enhanced RTP Conferencing (PERC)

Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 10 April 2015 12:03 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 350321B2CE8 for <dispatch@ietfa.amsl.com>; Fri, 10 Apr 2015 05:03:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j8nEkPz8CsQi for <dispatch@ietfa.amsl.com>; Fri, 10 Apr 2015 05:03:41 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C28C1B2C78 for <dispatch@ietf.org>; Fri, 10 Apr 2015 05:03:39 -0700 (PDT)
X-AuditID: c1b4fb25-f79126d000004b89-6f-5527bc1990bc
Received: from ESESSHC006.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id CF.4B.19337.91CB7255; Fri, 10 Apr 2015 14:03:38 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.38) with Microsoft SMTP Server id 14.3.210.2; Fri, 10 Apr 2015 14:03:37 +0200
Message-ID: <5527BC19.5000103@ericsson.com>
Date: Fri, 10 Apr 2015 14:03:37 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Ben Campbell <ben@nostrum.com>
References: <55134454.9050302@ericsson.com> <DF642B61-47ED-4F33-BE7F-3F70FF80B294@nostrum.com>
In-Reply-To: <DF642B61-47ED-4F33-BE7F-3F70FF80B294@nostrum.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrELMWRmVeSWpSXmKPExsUyM+Jvja7UHvVQgxnneCzmd55mt1g6aQGr A5PHkiU/mTxm7XzCEsAUxWWTkpqTWZZapG+XwJXxYtIhxoIn5hV/zq9ha2A8rNvFyMkhIWAi saFpExuELSZx4d56MFtI4CijxKy/FV2MXED2ckaJe/vOMoIkeAW0JX6dawIrYhFQlWj9fJ0V xGYTsJC4+aMRLC4qECzR9KKRHaJeUOLkzCcsILaIgJLE8+atYDYzUO/5U53MILawQKTE76d9 7BCL4yS+nzoHNIeDg1PAXmLJEX0Qk1lAU2L9Ln2ITnmJ5q2zmSGqtSUamjpYJzAKzkKybBZC xywkHQsYmVcxihanFiflphsZ66UWZSYXF+fn6eWllmxiBAbqwS2/VXcwXn7jeIhRgINRiYf3 QZp6qBBrYllxZe4hRmkOFiVxXjvjQyFCAumJJanZqakFqUXxRaU5qcWHGJk4OKUaGCMP7J59 mSV1j/s8m6k9LN+e7S58uekcw8bFMuENy06bhu9xYXWWr59WfLfivMP2iguyKR1Cvq9sllwq Ltnxs7PHTaigTLEpTr4pvVhYsXPzxpOJPk7FD6X69l5SmZ0a0bBeJ3aK2pGs4+zWKy59Pj15 1W4liYuXr9+eqLk4ZN/CPzdT/b01liixFGckGmoxFxUnAgCUZmwBNQIAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/dispatch/muDnK5nFfKWGO2ezq0KsAZj2UYc>
Cc: DISPATCH list <dispatch@ietf.org>
Subject: Re: [dispatch] Proposal for a new WG: Privacy Enhanced RTP Conferencing (PERC)
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Apr 2015 12:03:43 -0000

On 2015-04-09 23:29, Ben Campbell wrote:
> For the record, I'd love to see this get chartered. I think the charter
> is on the right track. It might be worth mentioning the drafts in the
> charter as "inputs" to the work.
> 
> Is anyone else interested in working on this?

To be clear, one benefit of getting the work out of my WG (AVTCORE) is
that I can be an active contributor, rather than a chair of this.

I do hope that people speak up, we had close to 20 persons in the room
when we had a drafting session of the charter in Dallas.

Cheers

Magnus


> 
> /Ben
> 
> On 25 Mar 2015, at 18:27, Magnus Westerlund wrote:
> 
>> Dispatch,
>>
>> AVTCORE WG has discussed a couple of proposals that discusses end-to-end
>> security in centralized RTP based conferences.
>>
>> Drafts for these Proposals:
>> https://datatracker.ietf.org/doc/draft-jones-avtcore-private-media-reqts/
>> https://datatracker.ietf.org/doc/draft-jones-avtcore-private-media-framework/
>>
>> https://datatracker.ietf.org/doc/draft-cheng-avtcore-srtp-cloud/
>>
>> In these discussions one has reached the conclusion that this work
>> requires its own venue to continue the work. Therefore a number of
>> interested has put together a initial draft charter for a new WG.
>>
>> Please review and provide feedback.
>>
>>
>> Name: Privacy Enhanced RTP Conferencing (PERC)
>> Area: ART
>> Chairs: TBD
>> Mailing List: <using dispatch@ietf.org for now>
>>
>> Motivation for new WG
>> ---------------------
>>
>> RTP-based real-time multi-party interactive media conferencing is today
>> in widespread use. Many of the deployments uses one or more centrally
>> located media distribution devices that perform selective forwarding or
>> mixes media streams received from the participating endpoints. The media
>> transport protocol commonly used is RTP (RFC3550). There are various
>> signaling systems used to establish these multi-party conferences.
>>
>> These conferences require security to ensure that the RTP media and
>> related meta data of the conference is kept private to the set of
>> invited participants and only other devices trusted by those
>> participants with their media.  At the same time, multi-party media
>> conferences do need source authentication and integrity checks to
>> protect against modifications, insertions or replay attacks.  Media
>> distribution devices supporting these conferences may also perform RTP
>> header changes and often consume and create RTCP messages for efficient
>> media handling.
>>
>> To date, deployment models for these multi-party media distribution
>> devices do not enable them to perform their functions without having
>> keys to decrypt the participants’ media, primarily using Secure RTP
>> (RFC3711) to provide session security.
>>
>> A new architecture model and related specifications is needed, with a
>> focused effort from the RTP and Security communities.
>>
>> WG Objectives
>> -------------
>>
>> This WG will work on a solution that enables centralized SRTP based
>> conferencing where the central device distributing the media is not
>> required to be trusted with the keys to decrypt the participant’s media.
>> The media must be kept confidential and authenticated between an
>> originating endpoint and the explicitly allowed receiving endpoints or
>> other devices.  Further it is desired that a solution still provide
>> replay protection so that the media distribution devices can’t replay
>> previous parts of the media.
>>
>> The solution must also provide security for each hop between endpoints
>> and multi-party media distribution devices and between multi-party media
>> distribution devices. The RTCP messages and RTP header extensions
>> required for the media distribution device to perform the selective
>> media forwarding may require both source authentication and integrity as
>> well as confidentiality. The solution may also consider providing
>> end-to-end security for a subset of the RTCP messages or header
>> extensions.
>>
>> The solution should be usable from both SIP and WebRTC endpoints that
>> implement the extension defined by this WG.
>>
>> This WG will perform the following work:
>>
>> 1.    Define a general architecture and RTP topology(s) that enables
>>    end-to-end media security for multi-party RTP conferencing.
>>
>> 2.    Define the trust model and describe the resulting security
>>    properties.
>>
>> 3.    Specify any necessary extensions to SRTP.
>>
>> 4.    Define a Key Management Function that distributes the keys. The
>>    system needs to be able to bind the media to the sender of the
>>    media’s identity and/or the identity of the conference.
>>
>> Collaboration
>> -------------
>>
>> If there is identification of missing protocols or functionalities, such
>> work can be requested to be done in another working group with a
>> suitable charter or by requests for chartering it in this WG or another
>> WG. Potential work that might require work in other WGs are DTLS
>> extensions (TLS) as well as RTP header extensions (AVTEXT). This
>> requires strong collaboration with the security area. We will notify
>> SIPREC, W3C WebRTC, AVTCore, and other related groups about this work.
>>
>> Non-Goals
>> ---------
>>
>> The WG is not chartered to extend any signaling system used to establish
>> the RTP based conferences. It will however, need to consider in its
>> architecture how the solution may integrate with these systems.
>>
>> Will not consider non-real-time usages, multicast based media
>> distribution, or Security descriptions-based keying.
>>
>> Goals and Milestones
>> --------------------
>>
>> TBD  Submit architecture or framework specification to IESG (Standards
>> Track)
>>
>> TBD  Submit protocol specification(s) to IESG (Standards Track)
>>
>>
>>
>>
>> Cheers
>>
>> Magnus Westerlund
>> (AVTCORE WG chair)
>>
>>
>> ----------------------------------------------------------------------
>> Services, Media and Network features, Ericsson Research EAB/TXM
>> ----------------------------------------------------------------------
>> Ericsson AB                 | Phone  +46 10 7148287
>> Färögatan 6                 | Mobile +46 73 0949079
>> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
>> ----------------------------------------------------------------------
>>
>> _______________________________________________
>> dispatch mailing list
>> dispatch@ietf.org
>> https://www.ietf.org/mailman/listinfo/dispatch
> 
> 


-- 

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Färögatan 6                 | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------