IETF Logo Mail Archive

Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard

Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Thu, 14 February 2019 23:48 UTC

Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51ABD12F1A6; Thu, 14 Feb 2019 15:48:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3dioNYYfc14p; Thu, 14 Feb 2019 15:48:20 -0800 (PST)
Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E841128B36; Thu, 14 Feb 2019 15:48:20 -0800 (PST)
Received: by mail-wm1-x342.google.com with SMTP id a62so8180868wmh.4; Thu, 14 Feb 2019 15:48:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=KoY4DCLboLakUxPFN70nL/AcW8bYbwpkDT1ijv3KYZM=; b=CISKcp55mZ3wWRFJR3VKEJV2Dx1MSP+Wi6ABjnBzVVY7vNWyZEB8b9SKYAk6CQKAci PF/GidWWNI/WMzKSGD/DXcb8cEPvB/h84/3A/Hb7YQo9wtrbZgRyKVgRJrykHuiHd2HV iFVjM6OEUEiPF8Wo4gNhI2XC0AlUF6/ReOXBnuwHd2kTDdFtoIr4LxTpPd6NIfpGhp2M XWgCitQ8bS2VrwokUuAQRlrRVpLy9+L83nfHOH5Z1eoGWJ4A0D/7XvD+MFxl0Ruoi8Hm lsNZq0JypKus5k0eqhzFegE9cOHLkOtB+eH/0IwCQHLw1wt07xMUDt9OxC/nPRkLzzu6 rnOw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=KoY4DCLboLakUxPFN70nL/AcW8bYbwpkDT1ijv3KYZM=; b=VYWDer23X0jRj5L+86s7B0mcoqQqRR0Lh6z1taPDJld/X+FYLB1qq9vjUtUShTfuwV DuWvMVfVsA+3fYdNL+RDgb2ka24YA7PgVgJWCitCVBc9Llv1CmORLqVTisbA/G+DgcFs 4EbtTDQQhJP3yOZfJ3ZbR55ChXJSbSlIUe6BmiG9OVU0LJa5txZ6PoUncDurmFQDj711 yOwQL77cGRgv8CzaSYBqyQeNR88cXW8zhyp5slmz5Qx4HcyL1u8wxEJdInF/E/4RKGn+ IGLhgrCo61r7PYVKVd2Ssu/9DQqL6j0C9G7ozP7qpGNhRMT/fRj/J13o0PvpkacfoT6D w7Hw==
X-Gm-Message-State: AHQUAuYkpKVcXS3J0GFSe17Jxx6WVthIanWGfNxMBxMucwS7pMeYLRFa BFUGIkTClSwY7nruezqpWl8=
X-Google-Smtp-Source: AHgI3IYhm8X/8RIeffXLsY2Vf/Qnr4M4gYmOg9khD8YsCshe+i2zA3DTQnJSAHq9Ds6GnD5P1NIB3Q==
X-Received: by 2002:a1c:b1d5:: with SMTP id a204mr4615010wmf.32.1550188098838; Thu, 14 Feb 2019 15:48:18 -0800 (PST)
Received: from [192.168.0.11] (79.108.125.160.dyn.user.ono.com. [79.108.125.160]) by smtp.googlemail.com with ESMTPSA id 2sm7421207wrj.27.2019.02.14.15.48.17 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Feb 2019 15:48:18 -0800 (PST)
Subject: Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard
To: Bernard Aboba <bernard.aboba@gmail.com>
Cc: Nils Ohlmeier <nohlmeier@mozilla.com>, Emil Ivov <emcho@jitsi.org>, IETF discussion list <ietf@ietf.org>, Emad Omara <emadomara@google.com>, perc@ietf.org, "hta@google.com" <hta@google.com>, Alexandre GOUAILLARD <alex.gouaillard@cosmosoftware.io>, Lorenzo Miniero <lorenzo@meetecho.com>
References: <154889546931.10496.2408974719921724953.idtracker@ietfa.amsl.com> <CAOW+2ducgj400pk3xPFAkRYxnYvqwhMsE9rOO0u9PgLpniaaRA@mail.gmail.com> <CAPvvaaLYFeNkZ4Pfdh4pa2btNW6EGZBnAOvXzVZ9egU8V-gBNQ@mail.gmail.com> <CAOW+2dvom822NgjF7OAa2A8YDeqZ+mbCqA=fUcq-Y49oFyGpsA@mail.gmail.com> <CAPvvaa+EzwgMXB_t7ZVTBgZH2y4=neUm1RymUNKnMV-6zyGPaQ@mail.gmail.com> <a74a8239-27dc-5704-096b-05cc5e02bd18@gmail.com> <543375ED-9A4F-452C-AE51-9499DAD5CEE0@gmail.com> <80a1f634-0888-c5e2-f6be-729d4cca3b28@cosmosoftware.io> <06d91175-b071-49fe-01cc-4a1323ad85f7@gmail.com> <91A16283-A392-4217-97E1-B04A5C8AD245@mozilla.com> <CAPvvaaJDo6vYj00NMVQEKHnrMHr1EoQydTsZ+7WtdEgyoy_GAQ@mail.gmail.com> <1F1100AC-B9D2-4650-8663-A6D380721688@mozilla.com> <2807c153-60ba-a741-f0ad-72c98d8d77bb@gmail.com> <753988DB-FC9A-4E8F-B495-347AD943B6C8@gmail.com> <CA+ag07bixdC9Uyj26XMf_PtNZQjgvGLm0RMLpSZmdmS5ndzS6A@mail.gmail.com> <CAOW+2dskwDGb-6XvWP0dE7+M=V3z0aDBOYcPmrXDEXvePs3g4A@mail.gmail.com>
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Message-ID: <e1b34b62-0440-23e2-61d3-8aafae4c4642@gmail.com>
Date: Fri, 15 Feb 2019 00:53:04 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <CAOW+2dskwDGb-6XvWP0dE7+M=V3z0aDBOYcPmrXDEXvePs3g4A@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/bZCRFPflIUssMtoW3Il7JCbWcT0>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 23:48:22 -0000

On 15/02/2019 0:19, Bernard Aboba wrote:
> "I don’t recall, and I don’t see anything in the notes or email 
> consensus call, that would suggest the consensus included anything 
> along the lines “it’s okay to let the js application have the media 
> keys.”
>
> [BA] The PERC framework document only mentions that the endpoint is 
> trusted, but does not go into further detail.  That detail becomes 
> important when attempting to understand the provable security 
> properties of PERC (e.g. what attacks are prevented, what attacks are 
> still allowed). As an example, if the goal is not only to protect 
> against access to cleartext media within the MDD, but also the ability 
> of endpoints to mis-use the cleartext media (e.g. to create "deep 
> fakes"), then it is necessary to restrict access to cleartext media 
> within the PERC application itself (e.g. no ability to record or even 
> modify cleartext media).  That goes beyond the "no access to media 
> keys in JS" dictum to "no access to cleartext media for any PERC 
> application, native or Web".  Once you've gone there, the distinction 
> between the problem solved by PERC and content protection technologies 
> begins to disappear.  Keep in mind though that technologies such as 
> EME are transport-independent - EME can be used when transporting 
> media over the SCTP data channel, for example.

Indeed. Any true end to end encryption for webrtc that must be 
integrated with IdP and isolated media streams IMHO.

Best regards

Sergio

v2.23.0 | Report a Bug | By Email