Re: [Perc] Double questions
Nils Ohlmeier <nohlmeier@mozilla.com> Tue, 21 March 2017 23:43 UTC
Return-Path: <nohlmeier@mozilla.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7454129496 for <perc@ietfa.amsl.com>; Tue, 21 Mar 2017 16:43:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D7XCELID-IAN for <perc@ietfa.amsl.com>; Tue, 21 Mar 2017 16:43:41 -0700 (PDT)
Received: from mail-pf0-x229.google.com (mail-pf0-x229.google.com [IPv6:2607:f8b0:400e:c00::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6C23129409 for <perc@ietf.org>; Tue, 21 Mar 2017 16:43:41 -0700 (PDT)
Received: by mail-pf0-x229.google.com with SMTP id p189so62920816pfp.1 for <perc@ietf.org>; Tue, 21 Mar 2017 16:43:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=X8UwST7OaXw6R6km6Tdy+WDPIfLUHUBWAERJc0jW3e4=; b=I3KIrgf2WNBW/EfSzcaSz1i5K617KVEChggidZfYMMMGK70BNYPLB5UOJmgck+Edve L/TgUh90si8xcJ6bjk8tRNs87uRdRMHuQ86A3PFcAk3KOcsgZpEV/UzyJ2pqDEq190uo 55Rh6EWQOlErQ/zXzlaQvmNEMQDAxIop1qZRA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=X8UwST7OaXw6R6km6Tdy+WDPIfLUHUBWAERJc0jW3e4=; b=oLx1F5PALOP9hAhQjQegcA85ph0dIIt364cLsPZN7t5CUa0RJc+Ku+/t++oOhqw7+T IGISV6LTGYXibhSsqhf0iWbTo9M0c+qO0G5GYHgEHM8MGQ5cQ1cIT5AHCYQphfi+lQ7L hVDsPBTusv6kgfGxvL4NkEq3NKpTg0PbxbtJMV4+XcXRFsHhyZHJ5MUin7j7JQqTptY0 BmQzPX0qJYrilFh5nZDZ8gf7IgNE/de+zOTbvleiZWPiQ1sIydxEJVBTVxqPyC0DYzSo kseJa8YXMy6eBzdGvpn13D+7mQ4bDz7dIUL757qiT+Pdvg8VbKZAocks3tMB4VrSilW8 OKDQ==
X-Gm-Message-State: AFeK/H1gVJ1WxLZHxJfHN/sOGbTTXCapBzOofX4i8yBRmHTMZQ7IaMs7UktvJeknHEUJaUZY
X-Received: by 10.84.233.199 with SMTP id m7mr6321670pln.25.1490139821311; Tue, 21 Mar 2017 16:43:41 -0700 (PDT)
Received: from ?IPv6:2601:647:4601:ec84:ac8c:c9d5:2972:e3ff? ([2601:647:4601:ec84:ac8c:c9d5:2972:e3ff]) by smtp.gmail.com with ESMTPSA id g64sm41628074pfc.57.2017.03.21.16.43.39 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 Mar 2017 16:43:39 -0700 (PDT)
From: Nils Ohlmeier <nohlmeier@mozilla.com>
Message-Id: <9A3F5BE1-169D-43F0-85F6-BFEB0FBE4D62@mozilla.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_8DC580A7-5E8B-4263-84A0-689686435A85"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Tue, 21 Mar 2017 16:43:37 -0700
In-Reply-To: <CABcZeBNKZLww=iFutD_EVGzNJo0y6ieSoZ55LjCG4rnnn-bOhw@mail.gmail.com>
Cc: perc@ietf.org
To: Eric Rescorla <ekr@rtfm.com>
References: <CABcZeBNKZLww=iFutD_EVGzNJo0y6ieSoZ55LjCG4rnnn-bOhw@mail.gmail.com>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/LlLInkzYt_X7BAyRXdVM5nOKPL8>
Subject: Re: [Perc] Double questions
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Mar 2017 23:43:44 -0000
> On Mar 21, 2017, at 15:58, Eric Rescorla <ekr@rtfm.com> wrote: > - Normal header > - Non-modifiable Extensions > - OHB > - Modifiable Extensions > - Encrypted Payload > > And now you encrypt that. As I understand it, the OHB, if present, > must replicate the inner header: > > The OHB MUST replicate the information found in the > RTP header following the application of the inner cryptographic > transform. > > Does that mean it must be of 3-byte length? If so, why, because the > outer transform shouldn't be changing any of these values. I.e., > at the point where the packet gets to the media relay, PT and SEQ > should match between the header and OHB. Yes that is my current reading of the draft that if the originating client adds the OHB it needs to duplicate PT and SEQ even though it has obviously not modified these. I guess the question here is if it is worth to have a shorter OHB header for the scenarios where PT and SEQ are the same (which could be used by originating client as well as relays which don't change any of this)? > > DECRYPTION > Finally, upon decryption, you strip the outer transform, and get: > > - Normal header > - Non-modifiable Extensions > - OHB' > - Modifiable Extensions' > - Encrypted Payload > > You then remove the modifiable extensions, stomp the stuff in the > normal header with the OHB, and then strip the inner transform. To be precise I think you need to take OHB and modifiable extensions out to make the decryption work. After the decryption you re-insert the modifiable extensions into the packet, because they might be of interest for your RTP stack. > I note that S 5.3. says: > > o The PT from the outer SRTP packet is used for normal matching to > SDP and codec selection. > > o The sequence number from the outer SRTP packet is used for normal > RTP ordering. > > So, does that mean that the original PT/SEQ (as reconstructed from > OHB) are not used for anything other than to make the decryption work? > They're totally discarded? That is my understanding, yes. Nils
- [Perc] Double questions Eric Rescorla
- Re: [Perc] Double questions Nils Ohlmeier
- Re: [Perc] Double questions Paul E. Jones
- Re: [Perc] Double questions Cullen Jennings