IETF Logo Mail Archive

Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard

Emil Ivov <emcho@jitsi.org> Sat, 02 February 2019 16:46 UTC

Return-Path: <emcho@jitsi.org>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 777F41200D7 for <perc@ietfa.amsl.com>; Sat, 2 Feb 2019 08:46:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.042
X-Spam-Level:
X-Spam-Status: No, score=-2.042 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jitsi-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1xjp18GldoO5 for <perc@ietfa.amsl.com>; Sat, 2 Feb 2019 08:46:22 -0800 (PST)
Received: from mail-vk1-xa43.google.com (mail-vk1-xa43.google.com [IPv6:2607:f8b0:4864:20::a43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7964A124B0C for <perc@ietf.org>; Sat, 2 Feb 2019 08:46:22 -0800 (PST)
Received: by mail-vk1-xa43.google.com with SMTP id 197so2311424vkf.4 for <perc@ietf.org>; Sat, 02 Feb 2019 08:46:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jitsi-org.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MN/iL8vg0fdky6WrYTaG/yjjmQDZMtpGCRPv5hXeKxs=; b=GnP2hmY3VZvLnSMX9NXIW+4Aov1bksdt7fZBTo4Sr3XTWurhBELo8koTfEi1/SUOGs 5kZXBVmsnVqxqbPVqrzIuiBARA10Xs2yu931v+2tUVjos5joEyZ4ZTSMGurwipvFJ8LJ wXAD/uPzsJwFvampKdmsWPrQWClr8B6nX6qaXGkd7DnBDAdLHkHtsL6S2zJITFDSHiCe Qpqh0Z1HiJCSQxIyc1VdXOiRrQimUXy/IAXYrk4a3eDQMzXvTUmo2vcVy4NMiWctyknj oqHxbGLC+r4FUgvbStpAu9+k3+stAkirCmwOGDz6/Suz4MrqnvoYD3wd1Zal/clXyypu hh0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MN/iL8vg0fdky6WrYTaG/yjjmQDZMtpGCRPv5hXeKxs=; b=I49lIkFj8gZxPfCG9knqNnghYBzGQHTCWsqMcBSxRGBj4Qmci4HkC7ssU/ZjenTJgI gXHa3rQtIs1QpLZH4zQ5MJeOBvlU4wAf/q/CQ2eszZnq//xz00pUUYr+xJ7Ci6sWSDaA oUoAgRwQ9+vrfOZ+INmZZ+kyAz6OnOP+BE+rGN9+yNahzD4Qnh+sezmQkWjKjVzHTP7e PDaWF03xNOxQFCfR5p99T57C579fw4/RxDzuNloWXSXgcs6AMPVHfnlp2oP8RFNeTBOp MI5S8qDb81F2WqLr+TjKoHu/E8fAzV1GpbBqaTZcg9h9hCkUWwOcWffB1OX2Rrnwct06 CgWg==
X-Gm-Message-State: AJcUukdjLbQCik9s1EviLgYXVoIC/V5CuU3q03vk7F825j5ULXOR/K56 LjlV9Y4cJ7XTeJxz9tQFXnHSV0gReKYsDP5CqGdUYA==
X-Google-Smtp-Source: ALg8bN4vJvc/7tCRg4i9haVivLB/cpIlIEIkSDd//bofJqqiU0tdOAnoPNjnY647yxAsr13i1Fxb1NAt3KW9yGtUB08=
X-Received: by 2002:a1f:7cca:: with SMTP id x193mr19123886vkc.89.1549125981258; Sat, 02 Feb 2019 08:46:21 -0800 (PST)
MIME-Version: 1.0
References: <154889546931.10496.2408974719921724953.idtracker@ietfa.amsl.com> <CAOW+2dui_imxyysOCrtdH7OiDcbooi83qtCDifEY3HQ6MpigWA@mail.gmail.com> <CAL02cgSip2cLr8a1+zfK2cg+n8gqUMc9CKPmb7mWd2iLSiRf-g@mail.gmail.com> <8e40d0db-cacb-db93-f2fe-db5b4a7cf7cf@gmail.com> <CAOW+2dtxnSYOPPWxodN633O=dPOQaUnu7eYvgUYkPYRt6iWbaw@mail.gmail.com> <CAPvvaaK_VUXvy2=1TBGfBWWYxiBdXBzuR=Y-rnAdJyg=M8OfQQ@mail.gmail.com> <5486C91C-48EA-4AA1-85EE-05A0B01C1E70@meetecho.com> <C6FEAEB9-CF8E-48AF-B03F-1406FF9CB303@cosmosoftware.io> <CAOW+2ducgj400pk3xPFAkRYxnYvqwhMsE9rOO0u9PgLpniaaRA@mail.gmail.com>
In-Reply-To: <CAOW+2ducgj400pk3xPFAkRYxnYvqwhMsE9rOO0u9PgLpniaaRA@mail.gmail.com>
From: Emil Ivov <emcho@jitsi.org>
Date: Sat, 02 Feb 2019 16:46:10 +0000
Message-ID: <CAPvvaaLYFeNkZ4Pfdh4pa2btNW6EGZBnAOvXzVZ9egU8V-gBNQ@mail.gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
Cc: Alexandre GOUAILLARD <alex.gouaillard@cosmosoftware.io>, Emad Omara <emadomara@google.com>, IETF discussion list <ietf@ietf.org>, Lorenzo Miniero <lorenzo@meetecho.com>, Sergio Garcia Murillo <sergio.garcia.murillo@cosmosoftware.io>, "hta@google.com" <hta@google.com>, perc@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d367ac0580ebffd4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/5vkBtBVZPAMQ-5NxJnFpA9OcNDI>
Subject: Re: [Perc] Last Call: <draft-ietf-perc-private-media-framework-08.txt> (A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing) to Proposed Standard
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Feb 2019 16:46:27 -0000

Yes pretty much those.

The need to do a triple encryption for example is a particularly egregious
consequence of the order problem. That’s a problem specific to the “double”
documents.

I would however also say that the decision to bake one specific way of
performing key negotiation into the framework rather than leaving it open
was both unnecessary and quite problematic.

Emil

On Sat 2 Feb 2019 at 12:23, Bernard Aboba <bernard.aboba@gmail.com> wrote:

> "on the consensus not reached on this and other topics."
>
> [BA] Out of curiosity, what other topics do you consider to be problematic
> within the framework?  I am aware of at least two others where implementers
> have chosen different paths than in the PERC framework:
>
> * Order of application of encryption versus FEC/RTX/RED
> * Whole frame encryption versus payload encryption
>
> With respect to consensus, this is IETF last call, one of whose purposes
> is to determine whether there is IETF consensus to publish this document as
> a Proposed Standard.  Are you saying that you do not agree that there is an
> IETF consensus to publish this document as a Proposed Standard?  Or that
> there is no IETF consensus to publish *any* of the PERC WG output as a
> Proposed Standard?
>
> On Sat, Feb 2, 2019 at 5:40 AM Alexandre GOUAILLARD <
> alex.gouaillard@cosmosoftware.io> wrote:
>
>> +1 on ssrc rewriting, and on the consensus not reached on this and other
>> topics.
>>
>> Sent from my iPhone
>>
>> On 2 Feb 2019, at 17:18, Lorenzo Miniero <lorenzo@meetecho.com> wrote:
>>
>> +1, SSRC rewriting is pretty much fundamental to all SFUs out there.
>>
>> Lorenzo
>>
>> Il 2 febbraio 2019 10:19:06 CET, Emil Ivov <emcho@jitsi.org> ha scritto:
>>>
>>> I want to second that as it is a particularly major problem: not
>>> allowing SSRC rewriting makes the entire framework unusable with SFU
>>> implementation I represent as well as every other SFU I am familiar with.
>>>
>>> I am also not sure that I agree with “SSRC rewriting could not be
>>> allowed” is a conclusion that ever had any consensus in PERC, regardless of
>>> what WG leadership is trying to make everyone believe.
>>>
>>> On Sat 2 Feb 2019 at 06:21, Bernard Aboba <bernard.aboba@gmail.com>
>>> wrote:
>>>
>>>> Richard said:
>>>>
>>>> "Again, the answer is clear here, but the document should be clearer.
>>>> The working group discussed SSRC rewriting several times, and concluded
>>>> that SSRC rewriting could not be allowed in this system.  This decision is
>>>> reflected, e.g., in the fact that the Double transform does not allow
>>>> modification of SSRCs."
>>>>
>>>> [BA]  Not being able to rewrite SSRCs has some major implications with
>>>> respect to requirements on PERC endpoints.  Typically today's MDD will
>>>> switch between the simulcast streams provided by an endpoint, forwarding
>>>> only a single stream to other participants, based on the bandwidth,
>>>> resolution and framerates.  If rewriting of SSRCs is not possible, do PERC
>>>> endpoints need to be able to receive simulcast? If PERC endpoints do need
>>>> to be able to receive simulcast, what are the requirements for endpoints?
>>>> For example, should endpoints expect the MDD to use RID header extensions
>>>> to identify the incoming simulcast streams?
>>>>
>>>> Receiving of simulcast is tricky because the endpoint is receiving
>>>> multiple streams with different sequence number spaces which may contain
>>>> holes because of reordering or loss. This not only complicates the
>>>> application of RTX, RED and FEC, but also the operation of the endpoint.
>>>> As a result, as noted in the WEBRTC specification Section 5.4.1, support
>>>> for reception of simulcast is optional. I am aware of two ORTC
>>>> implementations that have attempted to support simulcast reception, neither
>>>> of which is robust in scenarios with considerable loss and/or reordering.
>>>> And neither implementation supports the RID header extension on received
>>>> simulcast streams.
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Feb 1, 2019 at 12:23 PM Sergio Garcia Murillo <
>>>> sergio.garcia.murillo@gmail.com> wrote:
>>>>
>>>>> On 01/02/2019 17:18, Richard Barnes wrote:
>>>>>
>>>>> So I would propose we add something like the following to this
>>>>> definition:
>>>>>
>>>>> "In the context of WebRTC, where control of a session is divided
>>>>> between a JavaScript application and a browser, the browser acts as the
>>>>> Trusted Endpoint for purposes of this framework (just as it acts as the
>>>>> endpoint for DTLS-SRTP in one-to-one calls).
>>>>>
>>>>>
>>>>> If we decide to adopt perc (big if) in webrtc, shouldn't this be
>>>>> defined within the
>>>>> https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-17 doc ?
>>>>>
>>>>>
>>>>>    Optimally, we would not rely on trust in any entities other than the
>>>>>    browser.  However, this is unfortunately not possible if we wish to
>>>>>    have a functional system.  Other network elements fall into two
>>>>>    categories: those which can be authenticated by the browser and thus
>>>>>    can be granted permissions to access sensitive resources, and those
>>>>>    which cannot be authenticated and thus are untrusted.
>>>>>
>>>>>
>>>>> WebRTC already IdP as trusted for identity purposes, so it should be
>>>>> up to the RTCWEB group to decide what is a trusted endpoint and what is not
>>>>> in webrtc. As Bernard is stating, we could decide that there are other key
>>>>> management solutions trusted (even in JS or WASM), as for for example is
>>>>> being done in EME:
>>>>>
>>>>>
>>>>> https://github.com/WICG/media-capabilities/blob/master/explainer.md#encryption
>>>>>
>>>>> Best regards
>>>>>
>>>>> Sergio
>>>>> _______________________________________________
>>>>> Perc mailing list
>>>>> Perc@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/perc
>>>>>
>>>> --
>>> sent from my mobile
>>>
>>
>> --
>> Inviato dal mio dispositivo Android con K-9 Mail. Perdonate la brevità.
>>
>> --
sent from my mobile

v2.23.0 | Report a Bug | By Email