Re: [Gen-art] Genart last call review of draft-ietf-perc-private-media-framework-08

"Paul E. Jones" <> Sat, 16 February 2019 04:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7B5EB13108C; Fri, 15 Feb 2019 20:53:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jPW6WrNUCCYo; Fri, 15 Feb 2019 20:53:03 -0800 (PST)
Received: from ( [IPv6:2600:1f18:24d6:2e01:e842:9b2b:72a2:d2c6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id B963812958B; Fri, 15 Feb 2019 20:53:02 -0800 (PST)
Received: from authuser (localhost [])
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=dublin; t=1550292773; bh=0U9Dt/tluuhbDMAqAhpxGS6vqyrwqMda9LMNRhOT35I=; h=From:To:Subject:Cc:Date:In-Reply-To:References:Reply-To; b=DSvKlr3uDPuRqC1eCdaf+98iBM1fyCQv3GeRWVhrjjNoE4ug7gQXD1LzUO8qyNCrD srXtP2vnRy3WuebdyHsF+/N40dkNR9v0/Gta7ZepOigZA0GOCgeTJxjn+pgpOqLjm8 JyoE8nG7yy1wot/wxMAHTpvRRPOw2FuOgmHewPSs=
From: "Paul E. Jones" <>
To: Linda Dunbar <>,
Date: Sat, 16 Feb 2019 04:52:50 +0000
Message-Id: <em639e9494-3c73-49cb-896d-332030356f0d@sydney>
In-Reply-To: <>
References: <>
Reply-To: "Paul E. Jones" <>
User-Agent: eM_Client/7.2.34208.0
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="------=_MB00792A76-DBB6-40DD-9FE5-5A70ACACB35E"
Archived-At: <>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-perc-private-media-framework-08
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 16 Feb 2019 04:53:06 -0000


Thanks for your feedback.  Please see comments inline.

>Major issues:
>  The SRTP Master Key described in Section 6.4 is not listed in the Figure 4 Key
>  Inventory. What is the relationship between the KEK listed in the Figure 4 Key
>  Inventory and the SRTP Master Key?

The SRTP master key is the E2E key in this case. I can see why this is 
confusing. I'll revise the table to add "SRTP master key" in place of 
"Key" on each of the last two entries in Figure 4 and add "E2E" before 
"master key" in section 6.4. I think that should make things clearer.

>Section 6.3 talks about Key distributor sending KEK to endpoints.  Is it via
>untrusted network?  how to prevent the KEK from leaking to other points?
>  Is KEK same as EKT Key? if yes, why use two names? it is confusing.

The network is untrusted, but the key delivery uses DTLS-SRTP, which 
ensures that the entity delivering the key is trusted (since 
certificates are verified). KEK and EKT Key are the same, yes. That was 
explained in section 4.2. (Personally, I don't like using both terms, 
but I lost that battle long ago. KEK is a more generic term for the 
function/role of the key commonly used in security [e.g., see], whereas EKT Key 
is more specific in defining what the KEK is. This is like saying "I 
drive a car [KEK], specifically a Ford Focus [EKT Key]." That's not the 
best analogy, but I think it explains the difference more clearly than 
just repeating the same words. In PERC, we have only one type of KEK, 
which is the EKT Key. And that was why I was arguing to avoid KEK 
entirely. That said, the counter-argument is that KEK immediately tells 
a security person about the nature of the key.)

>Section 5: the first paragraph says that the "Key requirements are that
>endpoint can verify it is connected to the correct Key Distributor..", But How?
>can you include a reference to the method?

PERC is focused on securing the media end-to-end, but the problem of 
properly identifying endpoints or the Key Distributor is a separate 
issue. However, it's absolutely a key requirement to building a secure 
system. Section 5.1 and 5.2 provide two possible approaches to trying to 
tackle that problem, but those are merely options for consideration.

>Minor issues:
>Nits/editorial comments:
>Section 3.2.2: is it a typo? extra "to" in the following sentence?
>" necessary to for proper conference-to-endpoint mappings."

Yep, definitely another typo.