IETF Logo Mail Archive

Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard

Bernard Aboba <bernard.aboba@gmail.com> Sat, 02 February 2019 16:50 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7BDEA124BE5; Sat, 2 Feb 2019 08:50:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8ZHihqlhLvJb; Sat, 2 Feb 2019 08:50:54 -0800 (PST)
Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BED941200D7; Sat, 2 Feb 2019 08:50:53 -0800 (PST)
Received: by mail-ua1-x929.google.com with SMTP id v24so3209482uap.13; Sat, 02 Feb 2019 08:50:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=S2VOGI5KA8z7mKSOlpXtqX8hoQZqs9k3MCp8EP4eP2E=; b=MtVb4w4RpkC4zKQmhl2jzsFZ6JMp7YCtpncUqMUb4lv6pTae9sRJwLwzkJvwRrYHk4 kuLNlI2fkJzhjpkamcyLiUUh4F5u5Nc5yiMCEDj5xzYzyheeXspTUhfObwFWODP3muWk 57YKIr3WKRu2tiHs8MWOO36a6jfR7K7zOz7CFJrfFIFsR0K+7I5tX8IEFiTweH6UmmJY UCbP36969hUkVPJYvSko+FGoJs/BO4qRZP+nbpD00GfT8+pm3i6tJXMuWJKMY80wi0Hq mAxWvkxyDRWGFpJF9C/sfj1PZGuTc3p895NgvdvlcVO5lQkDOCtEnM3umckIgmSiXNeC 3d/A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=S2VOGI5KA8z7mKSOlpXtqX8hoQZqs9k3MCp8EP4eP2E=; b=WG26Bf4GA7XtvKnFKwepOlb+iBE4VEmtfaxhqK5wXugjFqx3182x0aoy6dpyKXCvLY ob//Hz58vXgiuoB262b+pEqXN60PebMu65/EzlMSAA8SwtuwRvU7wAYa3ZN0TFt27Ryv PIMGp8WzNtHSnJMGlkfGDhLyg+s3T4ut3iow2y7NsKkj+heGaE9p7UcRbhvVlc1PYCxw JyuzyikHngHsPGe3goLna/IcAtMcaR5zsS/eyshMOBc8W0cE36vJoFL0gPl/C6itufEl qIgmSdLPtkAowAXyiN93UEnnn4goXYI2ejR2+eOS8ahF4zE9YTcOz9/0iRWihw0lq/y0 7jGQ==
X-Gm-Message-State: AHQUAuYxr6WctB5FDsbKWwiPH3ytQSi7dfBIM7BwU7o6jR22h+QylCy7 CxspsOeEZFfu3ql3B0PtN9NgZkXjBHLBv6EFV2o=
X-Google-Smtp-Source: AHgI3Ib1y/XORF1kE1EoJRtBilbEXPa/jYL0xkPESediwEFEB+9boEeUDWX9PWcBT4tXIyO14Kv5Ihbxyf1CzX7+ysk=
X-Received: by 2002:ab0:59ef:: with SMTP id k44mr11645530uad.118.1549126252246; Sat, 02 Feb 2019 08:50:52 -0800 (PST)
MIME-Version: 1.0
References: <154889546931.10496.2408974719921724953.idtracker@ietfa.amsl.com> <CAOW+2dui_imxyysOCrtdH7OiDcbooi83qtCDifEY3HQ6MpigWA@mail.gmail.com> <CAL02cgSip2cLr8a1+zfK2cg+n8gqUMc9CKPmb7mWd2iLSiRf-g@mail.gmail.com> <8e40d0db-cacb-db93-f2fe-db5b4a7cf7cf@gmail.com> <CAOW+2dtxnSYOPPWxodN633O=dPOQaUnu7eYvgUYkPYRt6iWbaw@mail.gmail.com> <CAPvvaaK_VUXvy2=1TBGfBWWYxiBdXBzuR=Y-rnAdJyg=M8OfQQ@mail.gmail.com> <5486C91C-48EA-4AA1-85EE-05A0B01C1E70@meetecho.com> <C6FEAEB9-CF8E-48AF-B03F-1406FF9CB303@cosmosoftware.io> <CAOW+2ducgj400pk3xPFAkRYxnYvqwhMsE9rOO0u9PgLpniaaRA@mail.gmail.com> <CAPvvaaLYFeNkZ4Pfdh4pa2btNW6EGZBnAOvXzVZ9egU8V-gBNQ@mail.gmail.com>
In-Reply-To: <CAPvvaaLYFeNkZ4Pfdh4pa2btNW6EGZBnAOvXzVZ9egU8V-gBNQ@mail.gmail.com>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Sat, 02 Feb 2019 11:50:40 -0500
Message-ID: <CAOW+2dvom822NgjF7OAa2A8YDeqZ+mbCqA=fUcq-Y49oFyGpsA@mail.gmail.com>
Subject: Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard
To: Emil Ivov <emcho@jitsi.org>
Cc: Alexandre GOUAILLARD <alex.gouaillard@cosmosoftware.io>, Emad Omara <emadomara@google.com>, IETF discussion list <ietf@ietf.org>, Lorenzo Miniero <lorenzo@meetecho.com>, Sergio Garcia Murillo <sergio.garcia.murillo@cosmosoftware.io>, "hta@google.com" <hta@google.com>, perc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000fa3f2b0580ec0f14"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/LGmV917RXLxTH-h0dRqQ3GnMSCQ>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Feb 2019 16:50:57 -0000

Emil said:

"The need to do a triple encryption for example is a particularly egregious
consequence of the order problem. That’s a problem specific to the “double”
documents."

[BA] Can you describe how the need for "triple encryption" arises?  The
framework document doesn't even mention the issues with ordering of
FEC/RTX/RED and encryption, let alone the need for "triple encryption".

On Sat, Feb 2, 2019 at 11:46 AM Emil Ivov <emcho@jitsi.org> wrote:

> Yes pretty much those.
>
> The need to do a triple encryption for example is a particularly egregious
> consequence of the order problem. That’s a problem specific to the “double”
> documents.
>
> I would however also say that the decision to bake one specific way of
> performing key negotiation into the framework rather than leaving it open
> was both unnecessary and quite problematic.
>
> Emil
>
> On Sat 2 Feb 2019 at 12:23, Bernard Aboba <bernard.aboba@gmail.com> wrote:
>
>> "on the consensus not reached on this and other topics."
>>
>> [BA] Out of curiosity, what other topics do you consider to be
>> problematic within the framework?  I am aware of at least two others where
>> implementers have chosen different paths than in the PERC framework:
>>
>> * Order of application of encryption versus FEC/RTX/RED
>> * Whole frame encryption versus payload encryption
>>
>> With respect to consensus, this is IETF last call, one of whose purposes
>> is to determine whether there is IETF consensus to publish this document as
>> a Proposed Standard.  Are you saying that you do not agree that there is an
>> IETF consensus to publish this document as a Proposed Standard?  Or that
>> there is no IETF consensus to publish *any* of the PERC WG output as a
>> Proposed Standard?
>>
>> On Sat, Feb 2, 2019 at 5:40 AM Alexandre GOUAILLARD <
>> alex.gouaillard@cosmosoftware.io> wrote:
>>
>>> +1 on ssrc rewriting, and on the consensus not reached on this and other
>>> topics.
>>>
>>> Sent from my iPhone
>>>
>>> On 2 Feb 2019, at 17:18, Lorenzo Miniero <lorenzo@meetecho.com> wrote:
>>>
>>> +1, SSRC rewriting is pretty much fundamental to all SFUs out there.
>>>
>>> Lorenzo
>>>
>>> Il 2 febbraio 2019 10:19:06 CET, Emil Ivov <emcho@jitsi.org> ha scritto:
>>>>
>>>> I want to second that as it is a particularly major problem: not
>>>> allowing SSRC rewriting makes the entire framework unusable with SFU
>>>> implementation I represent as well as every other SFU I am familiar with.
>>>>
>>>> I am also not sure that I agree with “SSRC rewriting could not be
>>>> allowed” is a conclusion that ever had any consensus in PERC, regardless of
>>>> what WG leadership is trying to make everyone believe.
>>>>
>>>> On Sat 2 Feb 2019 at 06:21, Bernard Aboba <bernard.aboba@gmail.com>
>>>> wrote:
>>>>
>>>>> Richard said:
>>>>>
>>>>> "Again, the answer is clear here, but the document should be
>>>>> clearer.  The working group discussed SSRC rewriting several times, and
>>>>> concluded that SSRC rewriting could not be allowed in this system.  This
>>>>> decision is reflected, e.g., in the fact that the Double transform does not
>>>>> allow modification of SSRCs."
>>>>>
>>>>> [BA]  Not being able to rewrite SSRCs has some major implications with
>>>>> respect to requirements on PERC endpoints.  Typically today's MDD will
>>>>> switch between the simulcast streams provided by an endpoint, forwarding
>>>>> only a single stream to other participants, based on the bandwidth,
>>>>> resolution and framerates.  If rewriting of SSRCs is not possible, do PERC
>>>>> endpoints need to be able to receive simulcast? If PERC endpoints do need
>>>>> to be able to receive simulcast, what are the requirements for endpoints?
>>>>> For example, should endpoints expect the MDD to use RID header extensions
>>>>> to identify the incoming simulcast streams?
>>>>>
>>>>> Receiving of simulcast is tricky because the endpoint is receiving
>>>>> multiple streams with different sequence number spaces which may contain
>>>>> holes because of reordering or loss. This not only complicates the
>>>>> application of RTX, RED and FEC, but also the operation of the endpoint.
>>>>> As a result, as noted in the WEBRTC specification Section 5.4.1, support
>>>>> for reception of simulcast is optional. I am aware of two ORTC
>>>>> implementations that have attempted to support simulcast reception, neither
>>>>> of which is robust in scenarios with considerable loss and/or reordering.
>>>>> And neither implementation supports the RID header extension on received
>>>>> simulcast streams.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Feb 1, 2019 at 12:23 PM Sergio Garcia Murillo <
>>>>> sergio.garcia.murillo@gmail.com> wrote:
>>>>>
>>>>>> On 01/02/2019 17:18, Richard Barnes wrote:
>>>>>>
>>>>>> So I would propose we add something like the following to this
>>>>>> definition:
>>>>>>
>>>>>> "In the context of WebRTC, where control of a session is divided
>>>>>> between a JavaScript application and a browser, the browser acts as the
>>>>>> Trusted Endpoint for purposes of this framework (just as it acts as the
>>>>>> endpoint for DTLS-SRTP in one-to-one calls).
>>>>>>
>>>>>>
>>>>>> If we decide to adopt perc (big if) in webrtc, shouldn't this be
>>>>>> defined within the
>>>>>> https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-17 doc ?
>>>>>>
>>>>>>
>>>>>>    Optimally, we would not rely on trust in any entities other than the
>>>>>>    browser.  However, this is unfortunately not possible if we wish to
>>>>>>    have a functional system.  Other network elements fall into two
>>>>>>    categories: those which can be authenticated by the browser and thus
>>>>>>    can be granted permissions to access sensitive resources, and those
>>>>>>    which cannot be authenticated and thus are untrusted.
>>>>>>
>>>>>>
>>>>>> WebRTC already IdP as trusted for identity purposes, so it should be
>>>>>> up to the RTCWEB group to decide what is a trusted endpoint and what is not
>>>>>> in webrtc. As Bernard is stating, we could decide that there are other key
>>>>>> management solutions trusted (even in JS or WASM), as for for example is
>>>>>> being done in EME:
>>>>>>
>>>>>>
>>>>>> https://github.com/WICG/media-capabilities/blob/master/explainer.md#encryption
>>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> Sergio
>>>>>> _______________________________________________
>>>>>> Perc mailing list
>>>>>> Perc@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/perc
>>>>>>
>>>>> --
>>>> sent from my mobile
>>>>
>>>
>>> --
>>> Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la brevità.
>>>
>>> --
> sent from my mobile
>

v2.23.0 | Report a Bug | By Email