IETF Logo Mail Archive

Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard

Bernard Aboba <bernard.aboba@gmail.com> Sat, 02 February 2019 12:51 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E540130DEF; Sat, 2 Feb 2019 04:51:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ME894gzj6U0l; Sat, 2 Feb 2019 04:51:06 -0800 (PST)
Received: from mail-vk1-xa42.google.com (mail-vk1-xa42.google.com [IPv6:2607:f8b0:4864:20::a42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E9239128D09; Sat, 2 Feb 2019 04:51:05 -0800 (PST)
Received: by mail-vk1-xa42.google.com with SMTP id y14so2243463vkd.1; Sat, 02 Feb 2019 04:51:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iKufF17BUQNj9rN4Z8rYz7haZzn3+Ei3EifdXOO0Hjo=; b=h/5hKegAxoUs2YAhDKjDfrfL/o6jzSW8w3KzUCrnE4ApFh8G4LJdKUTn7Us49e82EC qjrUS0PhEJKGyvTnQlHRZ8wN0UK9RIOR4cdBW8MP7OVAZQnF5txsemgY78GHhzogVmrq 3lgE3SZXdsbDA+If+qXxxf/KdQ2WXv7idiX4dZaR23lrLN1jQXE+9vgrY4wfvyfc3ZyA jaYrrU4Q53fAwg7pH17rSzuAMnipAYGMycoOKWHZISkcY0EGZgew/qa5+qNa/jVKuSBp 21ib8kzOgi/mGWS6FT5xUNtwlAi96ADEX5zAVinKhOYdjeZv+2pBrx6fMHHGHFVO+2CV Y5vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iKufF17BUQNj9rN4Z8rYz7haZzn3+Ei3EifdXOO0Hjo=; b=IlABQS2cPuqoVjvbt+vTVAm1YhGmIo2KCBgyp/oDdFVk5HzvCVWyl9lVyAHI5iGygR KqT4XVQP4PkZoYYwzrdO9jCvglDchqmRJCDaradfoUaiTQm2YcGZisAqTfhIOOT0pdQQ gbDCT89f86OTmLTFgwVAr/VuY5fc3Qym0/Q8zhjZ9XDQQBRre91ieXjIneOtQP7Ae/bu R4S4o4p3zWChZt3QC6QIdKnj16To35m0WepKkSmZgltrTHgR7lbfFOkSV2SOOgx0O5d9 nMYLH012e1WpzUMn854kgyLjKXkavQ46GpYrpvfjUBV2A54REWQBquyV5UItdl0mI9cG o9VQ==
X-Gm-Message-State: AJcUuke1vG5UTFSAhX0u5TgryjlgqDSPU3TagRPdyLPmsmk3hXM0GIMz n0quTUIt9SkssmSNn6OvIrW/XOMR8/dmfBcRy/s=
X-Google-Smtp-Source: ALg8bN49nAgQVC4HlMeBLO42AouEkJ9eKXWo+kshVQjaa0SJwphgzfbwwPZSWe4ReZbFQjJblTMsGt3ODiRkH/YOWlg=
X-Received: by 2002:a1f:944f:: with SMTP id w76mr17763755vkd.77.1549111864569; Sat, 02 Feb 2019 04:51:04 -0800 (PST)
MIME-Version: 1.0
References: <154889546931.10496.2408974719921724953.idtracker@ietfa.amsl.com> <CAOW+2dui_imxyysOCrtdH7OiDcbooi83qtCDifEY3HQ6MpigWA@mail.gmail.com> <CAL02cgSip2cLr8a1+zfK2cg+n8gqUMc9CKPmb7mWd2iLSiRf-g@mail.gmail.com> <8e40d0db-cacb-db93-f2fe-db5b4a7cf7cf@gmail.com> <CAOW+2dtxnSYOPPWxodN633O=dPOQaUnu7eYvgUYkPYRt6iWbaw@mail.gmail.com> <CAPvvaaK_VUXvy2=1TBGfBWWYxiBdXBzuR=Y-rnAdJyg=M8OfQQ@mail.gmail.com>
In-Reply-To: <CAPvvaaK_VUXvy2=1TBGfBWWYxiBdXBzuR=Y-rnAdJyg=M8OfQQ@mail.gmail.com>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Sat, 02 Feb 2019 07:58:38 -0500
Message-ID: <CAOW+2dvnoOZJLJWtLBc+T1hwyuDP7-dykg54RS4Kng1rtbbMSA@mail.gmail.com>
Subject: Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard
To: Emil Ivov <emcho@jitsi.org>
Cc: Alexandre GOUAILLARD <alex.gouaillard@cosmosoftware.io>, Emad Omara <emadomara@google.com>, IETF discussion list <ietf@ietf.org>, Sergio Garcia Murillo <sergio.garcia.murillo@cosmosoftware.io>, "hta@google.com" <hta@google.com>, perc@ietf.org
Content-Type: multipart/alternative; boundary="00000000000067b57b0580e8b604"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/GJ8WWjJIhnP1JKjrONer2lrM3EA>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Feb 2019 12:51:09 -0000

Emil said:

"I want to second that as it is a particularly major problem: not allowing
SSRC rewriting makes the entire framework unusable with SFU implementation
I represent as well as every other SFU I am familiar with."

[BA] Can you articulate why you consider SSRC rewriting essential to SFU
operation?

I can think of one scenario where SSRC rewriting does seem to be *required*
-  Massive Online Courses (MOOCs). In these scenarios, there can be
hundreds or even thousands of students, most of whom never speak during
class, and teachers, who send media frequently.  MOOCs can be implemented
via streaming media instead of RTP, but this complicates the interactive
aspect.

So there are implementations of MOOCs that use RTP, and I believe that SSRC
rewriting is an important part of the design of these systems. For example,
there are currently limitations in browsers as to the number of
transceivers that can be active, so that providing a transceiver for each
of the participants in the conference could conceivably cause the browser
to run out of memory.

This is circumvented by not exposing participants to the SSRCs of all of
the users.  For example, the SFU may only allocate SSRCs for the professor
and the "last N" students who have asked questions, so that a participant
will only be aware of those SSRCs plus their own, instead of potentially
needing to deal with the SSRCs of all the participants in the conference.
This also has the effect of limiting the transceivers needed, most of which
are in "recv-only" mode from the perspective of the course participants.

When students wish to ask a question, permission is requested to access
their devices (but not before).  Then once the student is speaking, their
SSRC is translated, so that participants do not necessary see a new SSRC
but only the SSRC of "the current speaking student".  Also, the SFU will
typically consume the RTCP packets from students who are sending.

On Sat, Feb 2, 2019 at 4:19 AM Emil Ivov <emcho@jitsi.org> wrote:

> I want to second that as it is a particularly major problem: not allowing
> SSRC rewriting makes the entire framework unusable with SFU implementation
> I represent as well as every other SFU I am familiar with.
>
> I am also not sure that I agree with “SSRC rewriting could not be allowed”
> is a conclusion that ever had any consensus in PERC, regardless of what WG
> leadership is trying to make everyone believe.
>
> On Sat 2 Feb 2019 at 06:21, Bernard Aboba <bernard.aboba@gmail.com> wrote:
>
>> Richard said:
>>
>> "Again, the answer is clear here, but the document should be clearer.
>> The working group discussed SSRC rewriting several times, and concluded
>> that SSRC rewriting could not be allowed in this system.  This decision is
>> reflected, e.g., in the fact that the Double transform does not allow
>> modification of SSRCs."
>>
>> [BA]  Not being able to rewrite SSRCs has some major implications with
>> respect to requirements on PERC endpoints.  Typically today's MDD will
>> switch between the simulcast streams provided by an endpoint, forwarding
>> only a single stream to other participants, based on the bandwidth,
>> resolution and framerates.  If rewriting of SSRCs is not possible, do PERC
>> endpoints need to be able to receive simulcast? If PERC endpoints do need
>> to be able to receive simulcast, what are the requirements for endpoints?
>> For example, should endpoints expect the MDD to use RID header extensions
>> to identify the incoming simulcast streams?
>>
>> Receiving of simulcast is tricky because the endpoint is receiving
>> multiple streams with different sequence number spaces which may contain
>> holes because of reordering or loss. This not only complicates the
>> application of RTX, RED and FEC, but also the operation of the endpoint.
>> As a result, as noted in the WEBRTC specification Section 5.4.1, support
>> for reception of simulcast is optional. I am aware of two ORTC
>> implementations that have attempted to support simulcast reception, neither
>> of which is robust in scenarios with considerable loss and/or reordering.
>> And neither implementation supports the RID header extension on received
>> simulcast streams.
>>
>>
>>
>>
>> On Fri, Feb 1, 2019 at 12:23 PM Sergio Garcia Murillo <
>> sergio.garcia.murillo@gmail.com> wrote:
>>
>>> On 01/02/2019 17:18, Richard Barnes wrote:
>>>
>>> So I would propose we add something like the following to this
>>> definition:
>>>
>>> "In the context of WebRTC, where control of a session is divided between
>>> a JavaScript application and a browser, the browser acts as the Trusted
>>> Endpoint for purposes of this framework (just as it acts as the endpoint
>>> for DTLS-SRTP in one-to-one calls).
>>>
>>>
>>> If we decide to adopt perc (big if) in webrtc, shouldn't this be defined
>>> within the
>>> https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-17 doc ?
>>>
>>>
>>>    Optimally, we would not rely on trust in any entities other than the
>>>    browser.  However, this is unfortunately not possible if we wish to
>>>    have a functional system.  Other network elements fall into two
>>>    categories: those which can be authenticated by the browser and thus
>>>    can be granted permissions to access sensitive resources, and those
>>>    which cannot be authenticated and thus are untrusted.
>>>
>>>
>>> WebRTC already IdP as trusted for identity purposes, so it should be up
>>> to the RTCWEB group to decide what is a trusted endpoint and what is not in
>>> webrtc. As Bernard is stating, we could decide that there are other key
>>> management solutions trusted (even in JS or WASM), as for for example is
>>> being done in EME:
>>>
>>>
>>> https://github.com/WICG/media-capabilities/blob/master/explainer.md#encryption
>>>
>>> Best regards
>>>
>>> Sergio
>>> _______________________________________________
>>> Perc mailing list
>>> Perc@ietf.org
>>> https://www.ietf.org/mailman/listinfo/perc
>>>
>> --
> sent from my mobile
>

v2.23.0 | Report a Bug | By Email