IETF Logo Mail Archive

Re: [Moq] E2E encryption

Suhas Nandakumar <suhasietf@gmail.com> Wed, 22 March 2023 15:26 UTC

Return-Path: <suhasietf@gmail.com>
X-Original-To: moq@ietfa.amsl.com
Delivered-To: moq@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13478C1522C6 for <moq@ietfa.amsl.com>; Wed, 22 Mar 2023 08:26:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sT6lG-GlIiuQ for <moq@ietfa.amsl.com>; Wed, 22 Mar 2023 08:26:47 -0700 (PDT)
Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D313C13AE33 for <moq@ietf.org>; Wed, 22 Mar 2023 08:26:47 -0700 (PDT)
Received: by mail-wr1-x436.google.com with SMTP id m2so17489776wrh.6 for <moq@ietf.org>; Wed, 22 Mar 2023 08:26:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679498805; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=6oeY0MX4a9/qKEEvL1KV5r/oJvs0w++FiNhW1dS0fTE=; b=j/PONdF7bZ7m5RPfKswALfh/CDD7wV/uoSsnKb/+Uvu+jV/v518YlRrqUif9g2QQxW fypsBESxh/a0HbVAfyjOWnNTFs1qOYdWj1XIjbouq1LAQKrRGimCqvahDEJSAEgfVVve MkcHDYHedF+T5+nh45q3v/vmGnjB8Li8fxXIvDdi2bJIctxoA+XvHBsRzKJuuxgRF3Ba Dddn6XY/S6KdVsJI5cZFnoGSR5GBermCoMBWvSipdutqqkewpKIYcKLoHYUkd6aD06Qp klmhkQqYEG7JgtNPo8EAsLsWm11wehHT6LYX80vDu/fG5YM3k2ryskSTU/xLYnxCGrN+ ta1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679498805; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6oeY0MX4a9/qKEEvL1KV5r/oJvs0w++FiNhW1dS0fTE=; b=FessQLV0ckXhBANtNOdKDXa9GGpGXF/llXAfFCQV/yBThy7TaZdCdlBxfMzafj86au TrICiY50Ah+q0cmoG8hN5d+uSfqIpOSsYrqDFmNpjWS34a9lH+4cO+nLKBoqZ/Ilrrh+ Yumh+z3GpyRvVioQJnlQ6P7eYfu9PqC9bupRAw8buieupUtXVpyqpHsKxoZxosd72yr7 EXbLlu3iF6IZv0na8QlrLFVwUq6VTDeETP6FfdSYeB1P63quRVRpX0nrjpbxfiCJ3KmK 8DEEUM1A4OOOZHFaKZP4DY21gPVI5/DLE6D6iDGfuu3nAxkO7Ab5jtboVbPYKEZjunvx QP2g==
X-Gm-Message-State: AAQBX9ej8fuPhM33V3TDjw0Asuy2m+wiL4zb0e7U89pfPIp/jBr8jHPb MX/3fJZxNEI8yzlxfB4qE5YlsgNFc4oKhp9agZU=
X-Google-Smtp-Source: AKy350Ykjd65KaV1jrAnE2MeU+ymtrbE/Sxq3BhMA9Q5MwJF0N8usArIMxBj8Qo6ozx2LJIdhbb/nEoKZZ665lt4/tQ=
X-Received: by 2002:a5d:5a88:0:b0:2cf:ef9f:33f6 with SMTP id bp8-20020a5d5a88000000b002cfef9f33f6mr34682wrb.1.1679498804899; Wed, 22 Mar 2023 08:26:44 -0700 (PDT)
MIME-Version: 1.0
References: <1996E649-A467-4420-8C35-F50EF60536F0@cisco.com> <CAHVo=Zmuy=AgksZM2o75dbmDWv6_nSHZw-E8T_rVEtcqgqmA+g@mail.gmail.com> <CAMRcRGSdSUy8uU+UxrhxpsbxJncKfwoZgRLvoK-FzmgB+upn6Q@mail.gmail.com> <CAHVo=Zk1h5Jen3rDr1n8jrAUsJX5K2Nnyrbb-qrHP52Vw5M=JQ@mail.gmail.com> <fd3a2219294d44a18e9c7e6c11f067ad@huawei.com> <CAAZo2nEEo2VXJKQsY9kQUxR44RLm2m1wZct7dt0pvvCP3YwVJw@mail.gmail.com>
In-Reply-To: <CAAZo2nEEo2VXJKQsY9kQUxR44RLm2m1wZct7dt0pvvCP3YwVJw@mail.gmail.com>
From: Suhas Nandakumar <suhasietf@gmail.com>
Date: Wed, 22 Mar 2023 08:26:34 -0700
Message-ID: <CAMRcRGRkhWwSjryz1bWHTo_URdqZ-L0QwOY=GTkKwbf=8c1KFA@mail.gmail.com>
To: Chuan Ma <simonkorl0228@gmail.com>
Cc: "Shihang(Vincent)" <shihang9=40huawei.com@dmarc.ietf.org>, Luke Curley <kixelated@gmail.com>, "Mo Zanaty (mzanaty)" <mzanaty=40cisco.com@dmarc.ietf.org>, Victor Vasiliev <vasilvv=40google.com@dmarc.ietf.org>, Cullen Jennings <fluffy@iii.ca>, MOQ Mailing List <moq@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000aab29f05f77ec9e5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/moq/FIA6cpAqRJeP86IBG120gsenabU>
Subject: Re: [Moq] E2E encryption
X-BeenThere: moq@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Media over QUIC <moq.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/moq>, <mailto:moq-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/moq/>
List-Post: <mailto:moq@ietf.org>
List-Help: <mailto:moq-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/moq>, <mailto:moq-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2023 15:26:51 -0000

On the control channel, PRs 96
<https://github.com/kixelated/warp-draft/pull/96> and 97
<https://github.com/kixelated/warp-draft/pull/97> does provide support for
it. PR needs to be updated to reflect the multiple tracks in one
subscribe/publish message, if needed.

Also moq-transport
<https://datatracker.ietf.org/doc/html/draft-nandakumar-moq-transport-00#section-4.1>
proposes some ideas along those lines.

Agree that we need to discuss the scope and usage of control and data
streams in general.

Also  on E2E encryption, we need to spend some time defining its scope
(what aspect of OBJECT payload it applies to) and implications. For control
messages themselves, there might be few cases where one has to carry a
payload that is end to end encrypted and the same E2EE properties might
apply as well.






On Wed, Mar 22, 2023 at 5:59 AM Chuan Ma <simonkorl0228@gmail.com> wrote:

> Dear All:
>
> I agree that we should define a control stream to offer
> reliable transmission and be marked with the highest priority. Such a
> stream can not only solve the problem of E2E authentication but also
> transmit other control messages, such as updates of subscriptions. The side
> effect mentioned in Hang's reply may be solved by leaving multiple control
> stream channels and assigning different priorities to them. Then it is
> possible to avoid head-of-line blocking in the control stream and helps to
> offer a flexible extension to MoQ endpoints.
>
> Nevertheless, this issue heavily depends on the design of the behavior of
> the MoQ relays. The critical question is that a relay may act differently
> when it receives different types of OBJECTS while the data is encrypted. In
> this discussion, we have at least two basic behaviors of a relay: changing
> the sending order of packets and dropping the packets. If we try to solve
> this problem by adding more flags to the OBJECT, we should first define all
> the possible behaviors the relay can do and how to use the flag to
> enable/disable a behavior. Considering the current MoQ's design, there may
> be other scenarios when the relay must act differently, and we may define
> more relay behaviors. So it may be better for us to clarify* "What kinds
> of service the relay should offer" *and* "How the endpoint should 'ask
> for' the transport service the relays offer*." In the current scope, I'd
> like to say if we are trying to hide the relays from the endpoints, then we
> should design something like control flows; if we are trying to make the
> relays cooperate with the endpoints, then we should consider ways to change
> the relay's action like using flags. How do you like this idea?
>
> Thanks,
> Chuan Ma
>
> On Wed, Mar 22, 2023 at 4:20 PM Shihang(Vincent) <shihang9=
> 40huawei.com@dmarc.ietf.org> wrote:
>
>> It seems like the requirement of the E2E encryption is that some
>> message/OBJECT needs to be transmitted reliably. Are there any other
>> messages(SUBSCRIBE/SETUP/GOAWAY/CATALOG) sharing the same reliability
>> requirement?
>>
>> This is related to https://github.com/kixelated/warp-draft/issues/105
>> proposed by Luke. We can specify a dedicated stream(say stream 0) for these
>> messages which needs to transmitted reliably and ASAP(which means highest
>> priority). All other streams can be used to transmit the media data OBJECT
>> which can be dropped. The side effect of a dedicated stream is that they
>> all share the same priority, will be delivered in order(which implies that
>> the newer message depends on the older message). Are these side effects
>> acceptable?
>>
>>
>>
>> Cheers,
>>
>> Hang
>>
>> *From:* Moq <moq-bounces@ietf.org> *On Behalf Of *Luke Curley
>> *Sent:* Tuesday, March 21, 2023 7:41 AM
>> *To:* Suhas Nandakumar <suhasietf@gmail.com>
>> *Cc:* Mo Zanaty (mzanaty) <mzanaty=40cisco.com@dmarc.ietf.org>; Victor
>> Vasiliev <vasilvv=40google.com@dmarc.ietf.org>; Cullen Jennings <
>> fluffy@iii.ca>; MOQ Mailing List <moq@ietf.org>
>> *Subject:* Re: [Moq] E2E encryption
>>
>>
>>
>> Hey Suhas,
>>
>>
>>
>> We could add an incremental (or atomic) flag. It makes sense in Mo's
>> example; when packaging multiple frames into a single authenticated OBJECT
>> payload. I would still add text to say that a relay SHOULD NOT buffer
>> objects, even when flagged as atomic, because that will add latency at each
>> hop.
>>
>>
>>
>> On an implementation detail, we could reuse the message size. A size of 0
>> means incremental and continues until the end of the stream, while a
>> non-zero size means atomic and the specified number of bytes. A separate
>> flag works too.
>>
>>
>>
>>
>>
>> As for auth tags, the premise of end-to-end encryption is that a
>> middle-man (relay) cannot modify or drop any of the payload, including the
>> signature. The signature doesn't need any special treatment and should just
>> be part of the opaque object payload; with AEAD it's usually just appended
>> to the ciphertext. Could you explain why you think this would be an attack
>> vector?
>>
>>
>>
>>
>>
>> On Mon, Mar 20, 2023 at 11:40 AM Suhas Nandakumar <suhasietf@gmail.com>
>> wrote:
>>
>> Hey Luke,
>>
>> On Mon, Mar 20, 2023 at 10:49 AM Luke Curley <kixelated@gmail.com> wrote:
>> >
>> > On Mon, Mar 20, 2023 at 10:12 AM Mo Zanaty (mzanaty) <mzanaty=
>> 40cisco.com@dmarc.ietf.org> wrote:
>> >>
>> >> The problem is if relays are blind to E2E authentication, they can
>> make poor delivery decisions. For example, delivering most or all packets
>> except the last packet containing the E2E auth tag, which is highly likely
>> in a scheme like warp which starves or drops the tail of old data to send
>> new data.
>> >
>> >
>> > Just to clarify, Warp will only starve the tail of an OBJECT during
>> congestion if you send an even more important OBJECT (decreasing send
>> order). If you're going to put the auth tag at the end of a large object
>> (ex. an entire GoP), then you're going to want some form of head-of-line
>> blocking (increasing send order). Or possibly an incremental flag like
>> HTTP/3 Priority to indicate when OBJECTs are (not) atomic.
>>
>> That would work if we define how to identify the incremental chunks
>> and define where to find the authn tag.  Relays need to know this ,
>> otherwise, there is a security issue when relays don't forward the
>> authn tag and will be an attack vector.
>>
>> Thoughts ?
>>
>> > --
>> > Moq mailing list
>> > Moq@ietf.org
>> > https://www.ietf.org/mailman/listinfo/moq
>>
>> --
>> Moq mailing list
>> Moq@ietf.org
>> https://www.ietf.org/mailman/listinfo/moq
>>
>

v2.23.0 | Report a Bug | By Email