[MMUSIC] SDP Directorate review: draft-ietf-avtcore-cryptex

Christer Holmberg <christer.holmberg@ericsson.com> Fri, 10 June 2022 13:16 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF13FC1A7F0B; Fri, 10 Jun 2022 06:16:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.855
X-Spam-Level:
X-Spam-Status: No, score=-2.855 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C3A7w_QeGV5q; Fri, 10 Jun 2022 06:16:28 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-he1eur02on062e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe05::62e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E51EC15BE13; Fri, 10 Jun 2022 06:16:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LjSLBW60JPoYyCFDq54nal7X9dIq3ySY023l8LizL9FhEU6Lo10nWdeCvNwTYUuE0SjBNza/TFG1Etint7fIF89arflNea0LEsx8pq2b9cXrCX9pmA1rVfzlWnNR04yjf1NXbSZDnI5ILopNMMWC7g8Rqu7DiVz56cdOzc+q/aQFJqNk2naEbyPqdh0aeXv7VP36lJPlkqw44+Fh8Yq1hWijKRqvnrTERSBWL6tbu77vcn0PcxzxRvwkWP8Vx+7+NGBgYCPJ3mu7spZehP6AIco1xpPsVmBnJN4HRImiPe6LxN+W8ZLTGrffzEvUIIC5iWsibKZHemlHyYs8SFg7Fg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wHAJx1d9rf2M1oWv8xThvKrYQ3gz89qliItI1vocB7w=; b=clqCINGOFneR32Y4GId/0GEPfPE8quxy5GaXTJY+BOzBogkVxeQzsNz1vMv0n1rUP5KZ2OjL4+ecTSGX5GAyEzHEpQfhBZw56DEdcd5iOz9wRYPAxZPi04ZWqO/Y6NCelhpPVJ/DKTFuV/mylvin5x60ceHXGYN4BGybrbfMANoOczv69VgQW2660aL/+LTYFfjIYcAZQ2AJHROmwFTtiV6pRzfVboo/uEtecahOetQGmv5SKtX+K8ZgvscGlf4OYFJ1D6xJ+LrzuvFGe518z5jDYwhixjWLMslPe2KzxHlBParjh6+37BFKPQo9lbFqXBoDZMD+qfevD+vtH/usFw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=wHAJx1d9rf2M1oWv8xThvKrYQ3gz89qliItI1vocB7w=; b=c0eb9VG28rxQgFEdxVd+fBvHeUQ6fNi2d8nbPQWUoob4JXZJY6/TIkM/vO8Sr6vnDkZFxEHjRo2C2YkfODbO0vs9A4zT9xoab2Ux7jsbbgSdforLLtP9bcy7JGOVlPjHhD/q0ivrpElt7sE3IHocsizBG5AtTPXLX7JgEXsgSxg=
Received: from HE1PR07MB4441.eurprd07.prod.outlook.com (2603:10a6:7:9f::27) by AM0PR07MB6388.eurprd07.prod.outlook.com (2603:10a6:20b:157::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5332.12; Fri, 10 Jun 2022 13:16:21 +0000
Received: from HE1PR07MB4441.eurprd07.prod.outlook.com ([fe80::39f4:2b8e:e73:2c99]) by HE1PR07MB4441.eurprd07.prod.outlook.com ([fe80::39f4:2b8e:e73:2c99%5]) with mapi id 15.20.5353.005; Fri, 10 Jun 2022 13:16:21 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: IETF AVTCore WG <avt@ietf.org>, "Murray S. Kucherawy" <superuser@gmail.com>
CC: mmusic <mmusic@ietf.org>, "avtcore-chairs@ietf.org" <avtcore-chairs@ietf.org>
Thread-Topic: SDP Directorate review: draft-ietf-avtcore-cryptex
Thread-Index: Adh8y7jb9EknSxcHQ1qEgIsHKrcmdw==
Date: Fri, 10 Jun 2022 13:16:21 +0000
Message-ID: <HE1PR07MB4441160C0170EE3B9C827BD893A69@HE1PR07MB4441.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 45bfaa37-f3e2-4c61-dd4f-08da4ae369b0
x-ms-traffictypediagnostic: AM0PR07MB6388:EE_
x-microsoft-antispam-prvs: <AM0PR07MB63888A179D4F41643B02C34793A69@AM0PR07MB6388.eurprd07.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: VIiiP6jZVsngfW5+05K+3hU6AjzxENcwD4fQ7zAIJgFgZE94jRGF7dXTEY1YztGbE89YZcO/Hlzi5ODMYZsliex4E3b9S9KqLYN8gClf8OUQNgB4rg1ZtiQTw5GB2bt32Xir/Zx/w5KsfmAk7p519cvn7P4ddJTV/g2Rz19+9pXl8UoA1p8dFV+zl8u2U1HYh2xioi44FW2iG6votvNf4tYTVRm6mOhe8tfIDVQ++v2R6mTufjO73gmJrLdcOWPmrNeqRL+/VPG1gCklJY3I6lrEyqvwi+ljbe94q5x/hoGVJIghLaqUVoLJDhXabhjh9YkCrYraAlbVo2nd6Xo/5gdrohTJ+xwDjBAfYo4t4B753LFfz4hnZgx2qPd0Qu8+0XoFnns8Kosc46UuO/eYjeNqdLzkoqryEYU2bMpAm4kNA2E4RNhm9mIYi4z+pY+41EDVJhShLUX/Mw9WbFALgShbcgbeFPeHqKyiv1JWl+/Yg293CnoOmkq+BgrDbbuiBbfyVNvRq+hCAYuhI7sllgiAmKV22rhDOgi9bEk+0iHmtmGncToNtsIZI+zGCGrj3JAl6i9fpNAfJ+MOEYnDhuLS18E/3oBbbI8IgEK+xQN4oR2UBCJgJ3pKYEpHuiXDqPbvLf/Kh/7hdvM4Ucr4jGjiKWFPU6zQET9i74D0BXWstlVOBh0A76HV0wrLVUKpagDDTFcbLeuAy5eXT8a6VqVy6GLX6Q6NYkLxCH7WGnNSigiIJK/GDu8dVbKZRi1M
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4441.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(38100700002)(5660300002)(110136005)(8936002)(2906002)(71200400001)(4326008)(66946007)(86362001)(54906003)(8676002)(66556008)(66476007)(66446008)(64756008)(55016003)(38070700005)(186003)(44832011)(82960400001)(7696005)(83380400001)(76116006)(33656002)(52536014)(6506007)(9686003)(26005)(508600001)(316002)(122000001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: KrYfpb0LWiuwUupw9qBXpzjjItAGAt/EF4ZgNjuvK9xdOozhmcwvBEjcCweNc9p4+R0U+gzCzdnMlAEMYoJpjlxzMqoA918DvxRUM3hK+Yfh1VdTwZhYf+/twwArElRgK/4WN1Dha4Zb2lCr1tM2CtYiup9SisLN3+Yi0hrazc94i1YuF9butEwt161wY4uWLDd7D1dr0NW98SmTzqW6Rg5fXc6SBNHQFOpKoxWk1f6XklxU9HnVWg7mnJBx++UEd2EMcvvftd3zpEhG3pfAV2dncakffXcqc1ahvHfe4A+iyzhx9/RhdZI0tBj+fJ4hboxF8rd1InOhdLXEcmREB6gWpzQK2L6+09xTuHHSOnI+gLD5YfCTiLOBR3DCBO//JuqheaVLdMt5okLh4j0JeXITApuDxuzVc3Pgs4dqseOYR8T4ASy49sxxPZxgbz2zHT5RM0p5roYysZnGsXkT8xyJO0hPcLshGxnZ48bLFqkjp2iVud6GqwwHCBCB5ja3I1ywSH2FmKSeAmgMTDQ+YpNFgfubDXu+f1BTG6SKJRzbMsAhUA+0AgzqVAIkBNLaLrh9iI702DL+VJ9yJyk0iimdH7P67lYG389l+rOa8lMOqZuxGcj5H/MBUBUPG5QPSaJrib9vCKiLcu9nrVKBL1fPpbRmuZIPdtFwR+PVQ/ta3XsSUz2I3zGmqYH5ZMvVRZfLg2Q5xUcpl0ExpNfrnLwSjOwEmjFkUPOeLU6/HraQgQDM8vndCXYuWgmzMcmMg7Qy/4Wq56iD6x6UUlB/vm5Ut26VqTySFRCKlUyouCbXBchKg+DrtZWIvZ9DoT4FEwhfxy+KTiXNhEP8zZA2svl1ZSavGMtY3acUdR4yrKZOYOmCZo9aldRs49H0V5fMA3oXMyUOdfLV//0BB6ocEm3TLFXBcQB0nFOsDOs2pJckHbWGQeaNqttIDrW3O4vKp6ynQq2ghzAyt3dxWdqfHB6vjiHvf69yEF6t03DJXFjWgKLtPL7c4vOVLR5NMbkB0DdoNGQX7XLrU4AOKNIsi9Bn1ZTEZU/CeTvuJlNt/nrCfuwdVDv/3b9MaWB3ELcg/06DmKYGcwcXFUnT/SV/AfZ3tNdOBfaRQNr+dhZcO7FkMcYlvqmAdp+hp/7pEM1es7UDdcj9HcEmxDLnikDfyI3CIIrARKBwOmoFe29JODaw2sTAbql61nXguJ5mIoo4PMHynHIEmu5RDZcli7Zm0zkuvKOPbQZaUyDcMbPBxx03Lw177UVVaadoYBPFtjhS4RNC3IBqPNpyiGJOuI/Mo+UB+91exAUu3Z86Ru95AbWdBFtPCgV6hBADWUpurf0BY5vz2uoNrKqX5JJ1275zkuPQGTQ77HSN5rbprPaIZFlDQ0kBKUVmnl9tULc5yR+fIAAOzSKqIKanbk5w+f8MU2bHzkhW3wkXybhMSGq8gthtM5yFGmhUbJqn5p/1SS5cWTXfyRuOXpVFCtICkqlBxbqqTU3mXCCf5SC7yxBaIbQfPJ4yaECNNHFSUUPjW8TDyezQ8LICDUz24qD5oGRLPiQcNc4MSBt+kBW90JeHZt/do83nY5FaGiARUtii5o4GQB36x2UGcredNAQ6iSYXIEtyPX7LdgWxYUYCHCR/yrDHbMhycqJVzhYmwx60YFHecHWNn6f2Vq2UPspf/RfVFZUG2JRzoxXXbLIAdi14DASxRuo+XGGpgITsy/TIYFsBjSYHSnlFGtbnIeg3wFbNAo/UAetix8cnFG2/ftOoSh8=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4441.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 45bfaa37-f3e2-4c61-dd4f-08da4ae369b0
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Jun 2022 13:16:21.7108 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: GpYbGnzgZAIF2Kq+STcstYwgvZgQxszFwrAAYoWbVKSTHv4EydfsYHXL83be9o9kXS2aUew3Gn9e6DDP8RtKhBGhij+VM7z9xz7eDZUMLAA=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB6388
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/xzvTwE4RDnr0fZB73BtRIR8MY08>
Subject: [MMUSIC] SDP Directorate review: draft-ietf-avtcore-cryptex
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2022 13:16:32 -0000

Hi,

I have performed an SDP directorate review of the draft. The review only focuses on the SDP related aspects (Sections 4 and 9.1) of the draft.

---

Q1:

I suggest to change the Section 4 name from "Signaling" to "SDP Considerations", "SDP cryptex attrbute", or something like that.

---

Q2:

Section 4 does not talk about subsequent offers and answers. If the attribute is NOT present in a subsequent offer/answer, does that mean that the endpoint no longer
indicate support? If so, I think it would be good to explicitly indicate that, to avoid misunderstandings.

---

Q3:

Section 4 says:

   "Once each peer has verified that the other party supports receiving
   RTP packets encrypted with Cryptex, senders can unilaterally decide
   whether to use the Cryptex mechanism or not."

I think it is good to point out that the decision to use Cryptex is made for each individual RTP packet, i.e., the sender might use Cryptex for some packets and might not
use Cryptex for some packets (based on whatever policy).

---

Q4:

Section 4 says:

   "If BUNDLE is in use and the a=cryptex attribute is present for a
   media line, it MUST be present for all media lines belonging to the
   same bundle group.  This ensures that the encrypted MID header
   extensions used to demux BUNDLE can be processed correctly.  When
   used with BUNDLE, this attribute is assigned to the TRANSPORT
   category [RFC8859]."

First, as the usage of Cryptex is optional, why mandate it on all media lines? Could you explain the MID header processing justficiation?

Second, if mandated on all media lines, it will apply also to non-RTP media lines (e.g., a WebRTC data channel), and 
then I think you need to have some explicit text about that.

---

Q5:

The text says:

   "Peers MAY negotiate both Cryptex and the header extension mechanism
   defined in [RFC6904] via signaling, and if both mechanisms are
   supported, either one can be used for any given packet.  However, if
   a packet is encrypted with Cryptex, it MUST NOT also use [RFC6904]
   header extension encryption, and vice versa."

To me this does not seem like only an SDP issue, but more a functional issue that should be described elsewhere in the document.

---

Q6:

I suggest to rename Section 9.1 to "SDP cryptex Attribute".

---

Regards,

Christer