Re: [MMUSIC] Signaling Additional SRTP Context information via SDP - draft-davis-mmusic-srtp-assurance

Christer Holmberg <christer.holmberg@ericsson.com> Tue, 10 October 2023 14:28 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6885FC1705FF for <mmusic@ietfa.amsl.com>; Tue, 10 Oct 2023 07:28:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.11
X-Spam-Level:
X-Spam-Status: No, score=-2.11 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GDkLzGqLpYKb for <mmusic@ietfa.amsl.com>; Tue, 10 Oct 2023 07:28:04 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2056.outbound.protection.outlook.com [40.107.20.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DDDFC14CE53 for <mmusic@ietf.org>; Tue, 10 Oct 2023 07:28:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Lrv4hXESM8VuR6CsgDPtF88aKqZ9qMMAvxK3GnRUZAORdwTWtLbraiOFySvjBQv0dDwxAKYYbh5t+63m/P4+DHTjmap4BpkknsCn2rxGuktNwa6kkEfxd1TvVF+eL2pMU7r2FYaLzbC3sHfqtiEu+IfKUWluhFRIkON7gsMkoLaUpyuJWvPCPDzoHr6RfYaXQh8Sm42EM3tOrsySC6HpX+aiLYnW6Dq8ubG134XKcR2nzCvZIrxqs+EBAX9xQvEz0+PmUPhxmmRKtEqne/WMwhwLrDAaWEhiMV+p4+LZRJMmA/o+b4EU46aMmS9Ob6jnrwOiAZaZR9eNCgriS3xPkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Y+8foFux9aNOJBoftcXg4RHMYdiVJyxzWmSLMUvxOi8=; b=kB00246cvF6QWNdkzmndvUSNa8TTwgE3HR3306Gj9WPF+RbdO/LVFFBo2CsD9msLau/q4+nKhzeSUwul3VjhB2IH6fXxRWfiDmwxt+8Va7XVkVbty5JWRgIPYVhdnVdIcMuFaDc4g37qoEyO6Ke4YXsAEO0oJc9oE80qbwdhFDk0arFpxRxiosz898kXsEwKXqP8/pk+uhU9TcM0om0iq2P+GeC/AM68/nSFB/pOVtFUoU6D/qwZKlQt1L1lngb695vJ4/NLAkYrAEGsWp/06pQNmmW5njrrJ/d4gvbWGWnBqp9XSIZ9edqQ4LTpBtJ/LM3mnsLQxs3rHjyZtVhOvg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y+8foFux9aNOJBoftcXg4RHMYdiVJyxzWmSLMUvxOi8=; b=jr1UhFqfGtdhrjDIHH2W3/k149AS7K7dOZtN9DqFwBzy/2xwxfEMvrnXg9TjBKJ7uW+W181mK6umz/CVdZtCeE+cVGvR1P7QlXUA40tgHziRGAC2ieLkCaihO9sP7WKJfCJA/pr43jT+xfSPVt4zqLdQ6Toewvj2xePsfVq2ZSc=
Received: from HE1PR07MB4441.eurprd07.prod.outlook.com (2603:10a6:7:9f::27) by AM9PR07MB7778.eurprd07.prod.outlook.com (2603:10a6:20b:30a::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6863.37; Tue, 10 Oct 2023 14:28:00 +0000
Received: from HE1PR07MB4441.eurprd07.prod.outlook.com ([fe80::303f:2d0:4b0b:a812]) by HE1PR07MB4441.eurprd07.prod.outlook.com ([fe80::303f:2d0:4b0b:a812%4]) with mapi id 15.20.6863.032; Tue, 10 Oct 2023 14:28:00 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Kyzer Davis (kydavis)" <kydavis=40cisco.com@dmarc.ietf.org>, "mmusic@ietf.org" <mmusic@ietf.org>
CC: "Esteban Valverde (jovalver)" <jovalver@cisco.com>
Thread-Topic: Signaling Additional SRTP Context information via SDP - draft-davis-mmusic-srtp-assurance
Thread-Index: AdnLnxa1oeUTBHs9SrOCZ4d9gnl/4AvUikQQACOy1sA=
Date: Tue, 10 Oct 2023 14:28:00 +0000
Message-ID: <HE1PR07MB44410065064B77A55A8493C993CDA@HE1PR07MB4441.eurprd07.prod.outlook.com>
References: <PH0PR11MB5029B53E9DF50EC1B420AF1EBB13A@PH0PR11MB5029.namprd11.prod.outlook.com> <PH0PR11MB5029896E1D6202953341CB27BBCEA@PH0PR11MB5029.namprd11.prod.outlook.com>
In-Reply-To: <PH0PR11MB5029896E1D6202953341CB27BBCEA@PH0PR11MB5029.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: HE1PR07MB4441:EE_|AM9PR07MB7778:EE_
x-ms-office365-filtering-correlation-id: d97e33a2-f812-4355-65ec-08dbc99d1afe
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: +ssEiq6wiX8B+wr9THGAAfUsskYF4rEOrTB6a1MLfzvPkctAqH8hTGj0HnzhMVNKRP6tzm6GDEu3BnTQKVD1IFzO9UDPW9FoGfZxo1HZ7eBhwhRxu3wrJPaN8ms+FgDDHWDTkAv09IL18CSaeqy4aIY1xw/J5/m6K+ZbgP/Zwi7i69GDCma3tUIcU0nQCL+O8zwqzVpXgUzajSep+Y5Wi7+wcsl90+36/3HYyBqnrEpMi2UfD1YlKeULHfd8K1cg/VhuS9IHwTBLxbzw9bb5IqkOA0d5ukuOM7gFVj5chY9yHL8XvCNL8bRGQzRRwCKQrDTrxvwsv27zZ2c8UAl9JYVB7/txxteQySJ8o3mfLQux4EALr82OCw39Ee8vKzlWk7CBCTjm75SVsUvZfkgkCtcM/BJ7VwT5LamHozKNSpT7oCIaHKx6/9I12a6biYJrgYib7dxzIf2yJNo9WWtDinVZq22ljM6ypp6LDJ3hNUcIswPv9ruEvs6vE7U+binPtRp6wVNaJR56izeR30rNrbQZufHqIF3FdviDSQhmmxBl6YcmsH4h36p0EdAcmXASPYm3vNncEimMwe79BQHcl7xe3HJlw2GwjcVvGzrJjsxVuHGEDBjLQsDfHM9cXThMy+D1t8jk0pIJNZTfpW9kPg14kWGqCSI252PuMOKP3XcwqzvKIz04nMfIJ33DON0U
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4441.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(39860400002)(136003)(376002)(346002)(366004)(396003)(230922051799003)(1800799009)(186009)(64100799003)(451199024)(478600001)(41300700001)(966005)(316002)(83380400001)(8676002)(44832011)(8936002)(4326008)(52536014)(5660300002)(64756008)(66556008)(66476007)(110136005)(66446008)(71200400001)(66946007)(76116006)(7696005)(2906002)(6506007)(9686003)(53546011)(55016003)(26005)(99936003)(82960400001)(33656002)(38100700002)(38070700005)(122000001)(86362001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: vWrmw25wXxsbcnGYU/dsOnM6vDccFyKT0HS5iz19QtFTv3XVRSsaopLuS7+11aT6ij1YKdmtGSLA6BBE4hct8eGshamUzBikKr0GYF9vdeb6a7citrqmdVoL/HAFLTqxsp/5Wwd+85APkhxFS8vW0HnqvTjPlFRiTC3gXXLkxwFltiQUdSj7ab7GFixuZKqaIbUCog0syY+FzrPn7jsbnEJ/COnYfgeoTl1QBwil8/FlRC3ooDk3TFPFW55RzbjM5bU9NS0hZJHL+tqx2wfgRDKrL7Ja8SmuJaPZIMK7bIpPEvoY8NKrLDc5MQVnZqe2DRjFbxVRXzNVRLljENyO10LE+4GLIDZeLXKh6DvIr7wcobIsbp3048tdvyHkCbAIvEgoPGzD1YPfjLatxoIovdGRyIHfFCTSC8tph3RCt3FCz1IgdbHB63/XJG3ONbf70+FXdHVeLr2btDVdwI8e9FAzjNpm8QkWbue2BEBaHO5ON5qZSI74j4R0NJ6r8LMuP3X4IMPZ7H6w74fzLa4y+uswoe9NAB/cGqnp6ym288MuHWtjLvwqKeJnmO6ZF0AZ0Sgan+kU5LjN/IbrpdiUZV9zH4eKorRAX7RngEI8vBdk8ONtO146jwUFz2SdMb9bCzDf8DKj4McYKfVte7Xu9a6TOfWUhl6SDeR4gWMKYOqUwAPRy7CgrCxQy5ZIPofqfDpa8G0sl6ilZqZmZj0PdGMFqbxrmF9S0HTOrutiROd64yBmgz/8/0f1dkYZ8HzMKBr8MVFsz4dD4ToHJWh63ISEq1nxx26/1bEbSL5qgy+8mIK6tC9vKaaU3Lmt8WZQ8zkrICKRJCC2mQeVxiJyLEpHvzQizIFRjmhl3Btg8x6svBz1bawMP4kUa7NAEQD5WlfmsAEuAarTPVIJHz22gMmocbTa7BZRtm+Cjrftni7v6pFSBlLtdSPJxeN9kpHxp5uGWfCo1yPIIoy17HnjdHM5nwHwAHuh4+/iV3swNnt2GZKGxMwPnaPBFmSW4kp/yse8iihHlwUSLlgbUJpDCRz8BOffdi3OwhjvBNMiC9uUavMh6fXTuF9zdXTUMgRkj3cO0o6XrpM64yR14u4jh2m3aBWJism35udXTZfdUDhHGKdsyl70/L9tN1fofSw6K4LineIGT+VD1V5bXmZSjWYNwtc167saxHUAerYEUwb7v0qXXSg688G8t2PkrZqiO1AOtsuUCUHJ3TD2F8wN9w6fFpaEgS2sh0hLGuwv1fybFm5GCFDmt3973BYQyn0KbgkPFmPtNOqaGMg5LnMdnPKd2QSN3Z7AI2oJ97uW737wW4u+J38dW9mpbRdXh/JYPFR4elDqq7Y0R21KtjxvFZy3j72JXzI2LZqyJNv2EdBuEu3t4AaXQuD0sIOAnsJE0KcWJHsYWpod275Jle09HPq8ynK0K6+2cIGUySbuCmL5H05lFONuwvdI+zVgByEACAx1NlfSSyB9T8GYUXwart/VjclxOYeSYB8usvq1Ic6jeadoLiyfjUSP7kBDJO8tBNEj6ORwvWIKs9yWlSUzYSRW0jQt1LnccZw0QbcPzSTWI4a41fQF+KqWvvXWfLMBB4N72TZ/OIuLVGcx3XePlw==
Content-Type: multipart/signed; micalg="SHA1"; protocol="application/x-pkcs7-signature"; boundary="----=_NextPart_000_0034_01D9FB9F.1D90C8E0"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4441.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d97e33a2-f812-4355-65ec-08dbc99d1afe
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Oct 2023 14:28:00.2647 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aG9mOcyONSOqfTqUhlIGgcqmbkUdQLbGD46VeT82n+MUQiSOdVD/goru0zJHQ+OFXeoNIvIKLq7Xz5s6ZnDEuwDRJosdR0f92vTRCQhjj1g=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM9PR07MB7778
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/pOc1eNB3XaES-IOrp6Ny-NLmXdQ>
Subject: Re: [MMUSIC] Signaling Additional SRTP Context information via SDP - draft-davis-mmusic-srtp-assurance
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2023 14:28:08 -0000

Hi,

A few questions, more related to the SDP usage than then mechanism itself.

---

Q1: Section 3.1 says:

srtp-context   = srtp-attr
                            srtp-tag
                            [srtp-ssrc";"]
                            [srtp-roc";"]
                            [srtp-seq";"]
                            [srtp-ext";"]

I don’t think this is what you want, because you would have to add “;” also after the last field.

Instead, you probably want something like:

srtp-context   = srtp-attr
                            srtp-tag
                            [srtp-param *(“;” srtp-param)]
srtp-param     = srtp-roc / srtp-seq / srtp-ext

---

Q2: Section 3.1 says:

srtp-ext       = 1*VCHAR "=" (1*VCHAR / "unknown")
...
VCHAR          = %x21-7E

I don't think you want to allow ";" (%x3B), because then one may not know whether it is part of the srtp-ext value or a separator between values.

---

Q3: Section 3.1 says:

   “The value of "unknown" MAY be used in place of any of the fields to
   indicate default behavior SHOULD be utilized by the receiving
   application” 

How is that different from when the field is not included to begin with?

Where are the default behaviors for the different fields defined?

---

Q4: Section 3.1 says:

   "The tag for an SRTP Context attribute MUST follow the peer SDP
   Security a=crypto tag for a given media stream (m=)."

It is unclear what "follow the tag" means. I assume you want to say that the SRTP Contect attribute MUST use the same tag value as the crypto attribute it is associated with?

---

Regards,

Christer





From: mmusic <mmusic-bounces@ietf.org> On Behalf Of Kyzer Davis (kydavis)
Sent: Monday, 9 October 2023 23.45
To: mmusic@ietf.org
Cc: Esteban Valverde (jovalver) <jovalver@cisco.com>
Subject: Re: [MMUSIC] Signaling Additional SRTP Context information via SDP - draft-davis-mmusic-srtp-assurance

Group,

I have posted draft 01 which covers the items from my previous email.

Name:     draft-davis-mmusic-srtp-assurance
Revision: 01
Title:    Signaling Additional SRTP Context information via SDP
Date:     2023-10-09
Group:    Individual Submission
Pages:    21
URL:      https://www.ietf.org/archive/id/draft-davis-mmusic-srtp-assurance-01.txt
Status:   https://datatracker.ietf.org/doc/draft-davis-mmusic-srtp-assurance/
HTML:     https://www.ietf.org/archive/id/draft-davis-mmusic-srtp-assurance-01.html
HTMLized: https://datatracker.ietf.org/doc/html/draft-davis-mmusic-srtp-assurance
Diff:     https://author-tools.ietf.org/iddiff?url2=draft-davis-mmusic-srtp-assurance-01

Thanks,

From: mmusic <mailto:mmusic-bounces@ietf.org> On Behalf Of Kyzer Davis (kydavis)
Sent: Thursday, August 10, 2023 11:30 AM
To: mailto:mmusic@ietf.org
Cc: Esteban Valverde (jovalver) <mailto:jovalver@cisco.com>
Subject: [MMUSIC] Signaling Additional SRTP Context information via SDP - draft-davis-mmusic-srtp-assurance

Hello all,

I presented draft-davis-valverde-srtp-assurance-00 at Dispatch and the outcome was to dispatch to MMUSIC WG.
I have re-submitted draft-davis-valverde-srtp-assurance-00 as draft-davis-mmusic-srtp-assurance-00 with no changes.

To view that session and/slides see below:
- https://youtu.be/KT3mMX9CMdA?t=3113
- https://datatracker.ietf.org/meeting/117/materials/slides-117-dispatch-sdp-security-assurance-for-secure-real-time-transport-protocol-srtp
- A quick slide note, before the dispatch session I was working on a draft-01 which leveraged Solution A in these slides while draft-00 uses Solution B.
  - Jonathan Lennox brought up a good point after the session which favors solution B:
  - Paraphrasing: "We know how implementations will handle unknown SDP attributes; we do not know well how well how implementations will handle unknown SDP Security Session Parameters"
    - I dug into this a bit more and tend to agree. So draft-01 now continues to use solution B (a=srtpctx) new SDP Attribute to convey the required SRTP Context information alongside a=crypto.
      - I have a full write-up on GitHub with far more details: https://github.com/kyzer-davis/srtp-assurance-rfc-draft/issues/5

In addition, some other draft-01 actions items that were brought up in chat, at the mic or in person 1:1:
- "Why this can't be a RTP Header Extension" from Richard Barnes. (https://github.com/kyzer-davis/srtp-assurance-rfc-draft/issues/11)
- "Discuss sending some update when ROC updates" from Jonathan Rosenberg. (https://github.com/kyzer-davis/srtp-assurance-rfc-draft/issues/10)
  - Already text in the draft around this; which covers "99.9% of scenarios".
- "Method to Convey Multiple SSRCs for a given stream" from various (https://github.com/kyzer-davis/srtp-assurance-rfc-draft/issues/1)
  - Two solutions proposed in the GitHub issue
- A statement Cullen Jennings made about focusing on the problem statements.
  - I want to re-write the problem sections like RFC7744 where each problem in a scenario is cited as Ux.y and then discussed (Section 2.1.1 and 2.1.2)
  - I took a stab at a rough draft of this in "Discuss why SEQ is signaled in the SDP" via (https://github.com/kyzer-davis/srtp-assurance-rfc-draft/issues/9)
  - Overall item is in https://github.com/kyzer-davis/srtp-assurance-rfc-draft/issues/13

Lastly, the following items are already merged into draft-01 over on GitHub:
- Change contact name from IESG to IETF in IANA Considerations #2
- Discuss RFC4568 "Late Joiner" in problem statement: #3
- Split Serial forking scenario into its own section #4
- Add MIKEY considerations to Protocol Design section #6
- Change doc title #7 (new title: "Signaling Additional SRTP Context information via SDP")
- Add SEQ abbreviation earlier #8
  
Thanks,

---
Kyzer Davis