IETF Logo Mail Archive

[Perc] Review of draft-ietf-perc-srtp-ekt-diet-07

Jonathan Lennox <jonathan@vidyo.com> Mon, 19 March 2018 10:44 UTC

Return-Path: <jonathan@vidyo.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8657C126DEE for <perc@ietfa.amsl.com>; Mon, 19 Mar 2018 03:44:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=vidyo-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vMQ6ON5X8STP for <perc@ietfa.amsl.com>; Mon, 19 Mar 2018 03:44:53 -0700 (PDT)
Received: from mail-wr0-x22d.google.com (mail-wr0-x22d.google.com [IPv6:2a00:1450:400c:c0c::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 99A75126E64 for <perc@ietf.org>; Mon, 19 Mar 2018 03:44:53 -0700 (PDT)
Received: by mail-wr0-x22d.google.com with SMTP id z12so18093715wrg.4 for <perc@ietf.org>; Mon, 19 Mar 2018 03:44:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vidyo-com.20150623.gappssmtp.com; s=20150623; h=from:content-transfer-encoding:mime-version:subject:message-id:date :to; bh=W3fRpk1R2NUUpkWpECtyMUAdFXId35sVY2zFmQxxQvo=; b=wFc9S25nJgF+yGvIV5k32kBrEuS0cq5dYBMG0EIp4qAud9b7sjfKZwl8RUa+g/2jC2 HqSrgGFaEqAHxLgBkg62inBJn/15GRLsk2K6q5lcGJ/sEDBq+G1q+cCXV2apkFz3Qryb pXbC8Z0syc5BoMaVuEUZRlDj6gMnN1yzTpIcUEEuxfMlbSWRw4S01vcQFCYqRmA9+mbW HfkMfq66DaY1hQHcysj43HbXn9cGiY+mbci/aJtSzeVtuokKSEKwdP3nABZzrYvQ9pCC TyKUH8I8uFWEZWAXfyHIZ/V/M6w9LYTexooq4OmSQjtoRFxlkhJRAItvXk8N8SJ/jFhu v4mA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:message-id:date:to; bh=W3fRpk1R2NUUpkWpECtyMUAdFXId35sVY2zFmQxxQvo=; b=SaVvtBo4A8PWDTQ3COzv6rzX3/CQWpUepeGSidtE0AgDGIzRuEA71SYsYgm6+2gTJJ J2hHDarbk5MkAP/obFoqBDAf4sljIrP2tffNbMui8nmtW1avijQH3dJ/2Y1mdIA/yZXX /7pvLAveX6sgVK2mwIZsJ5ODE1UfnjxA6r1aOgF4o8WZ6mB100PvQpvSJ4BDn+h7AZPT Lv1TzLTbrTD1ernfI9RiyFF3EXztv3Fl+Gv9c7A9S1tOmhu7BYZb6meGqmSxmMCKrFQn Mv6jHuvjAy2jpfvst5kROsIGni77D20fPj8Br3XOF+lhOp+Q/ckXcxPfqwZfKHKPSeD6 8Gdg==
X-Gm-Message-State: AElRT7HNNCCbBMApmnpphjoBldWjY2hkrJ7H9niiwdXUR5hH91kAcA3H RSDXa6PvHi23A6FJgJI0r4QDx4Ye1Jg=
X-Google-Smtp-Source: AG47ELvMl4ckwuHrfbFWaGdfcsVpiAQt3wL1LUUVXX4+J2yt7I0gM5Oqyo3hyFQcE02YoaNdK8AgLQ==
X-Received: by 10.223.158.196 with SMTP id b4mr8779527wrf.112.1521456291699; Mon, 19 Mar 2018 03:44:51 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:128:c8da:977b:d1e4:c720? ([2001:67c:370:128:c8da:977b:d1e4:c720]) by smtp.gmail.com with ESMTPSA id m190sm71068wmb.6.2018.03.19.03.44.50 for <perc@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 19 Mar 2018 03:44:50 -0700 (PDT)
From: Jonathan Lennox <jonathan@vidyo.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Message-Id: <85D13597-FFEC-41E4-BFEA-A7A58DA4198B@vidyo.com>
Date: Mon, 19 Mar 2018 10:44:50 +0000
To: perc@ietf.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/MFSAA4ap8WXH_ArWlkzuaTwQ1Bg>
Subject: [Perc] Review of draft-ietf-perc-srtp-ekt-diet-07
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2018 10:44:55 -0000

Hi - I reviewed ekt-diet.  Sorry for this not coming in until the meeting.

Substantive:

   SRTPMasterKeyLength: The length of the SRTPMasterKey in bytes.  This
   depends on the cipher suite negotiated for SRTP using SDP Offer/
   Answer [RFC3264] for the SRTP.

This should say using DTLS/SRTP.  There are other references to Offer/Answer scattered around the descriptions as well.


  A receiver
   SHOULD discard the whole EKTField if it contains any message type
   value that is less than 64 and that is not understood.  Message type
   values that are 64 or greater but not implemented or understood can
   simply be ignored.

What is the difference between discarding and ignoring?  Is there an implication that a packet can carry more than one EKTField? How does this affect the treatment of the rest of the SRTP packet?

At any given time, each SRTP/SRTCP source has associated with it a
   single EKT parameter set
In RFC 7656 terminology (which we’re trying to get all RTP-related documents to use), this should be a stream, not a source.  Source is a higher-level concept.

Generally, this document should be checked for RFC 7656 alignment, and either brought into alignment or (if you must) have the differences called out.

There may be other EKT parameter sets that are used by other
   SRTP/SRTCP sources in the same session, including other SRTP/SRTCP
   sources on the same endpoint (e.g., one endpoint with voice and video
   might have two EKT parameter sets, or there might be multiple video
   sources on an endpoint each with their own EKT parameter set).
Is it valid for multiple sources (streams) from the same endpoint to share an EKT parameter set if the sender wishes? Or must every source have a unique parameter set?

I think the latter is the case (because the parameter set includes SSRC and ROC) but it’s not clear.

  The ROC, SRTP
       Master Key, and SSRC used in EKT processing SHOULD be the same as
       the one used in the SRTP processing.
Why is this only SHOULD?  When would a sender want them to be different?  Especially since 4.2.2 Step 5 says the values MUST be discarded if the SSRCs don’t match.

       *  Note: the value of the EKTCiphertext field is identical in
          successive packets protected by the same EKTKey and SRTP
          master key.  This value MAY be cached by an SRTP sender to
          minimize computational effort.
This is true except when the RTP sequence number rolls over, causing the ROC to increment.  (This is explained later, but should be said here as well.)

       If the SRTP Master
       Key recovered from the EKTPlaintext is shorter than needed by
       SRTP transform in use, then the bytes received replace the first
       bytes in the existing key but the other bytes after that remain
       the same as the old key.  This allows for replacing just half the
       key for transforms such as [I-D.ietf-perc-double].
This feels unnecessarily, and dangerously, over-general to me.  I’d suggest that specific transforms MAY allow specific sets of key bytes to be replaced, but the default is that all bytes MUST be replaced.

Note that if the same
   FullEKTField is retransmitted 3 times, that only counts as 1
   encryption.

Is “3” a special value here, or do you mean “multiple”?

   EKT SHOULD be used over SRTP, and other specification MAY define how
   to use it over SRTCP.  SRTP is preferred because it shares fate with
   transmitted media, because SRTP rekeying can occur without concern
   for RTCP transmission limits, and to avoid SRTCP compound packets
   with RTP translators and mixers.

Does this mean that SRTCP packets always carry just a short EKT field, or do they not carry an EKT suffix at all?

Editorial:

1.
Real-time Transport Protocol (RTP) is designed 
Should be *The* Real-time Transport Protocol

2.
   EKT does not control the manner in which the SSRC is generated; it is
   only concerned with their secure transport.
Number agreement: “the SSRC” vs. “their”.  Probably the former should be “the manner in which SSRCs are generated.”

4.1
 EKTMsgLength: All EKT message other that ShortEKTField
“All EKT messages”; “than”

4.2.1:

   When a packet is sent with the Short EKT Field, the ShortEKFField is
   simply appended to the packet.
“ShortEKTField”

4.2.2:
   2.  The Security Parameter Index (SPI) field is used to find which
       EKT parameter set to be used when processing the packet.
“which EKT parameter set is to be used”


4.3:

At this point
   implementation need to either use the call signaling to renegotiation
   a new session or need to terminate the existing session.

“Implementations need”; “to renegotiate”.

v2.23.0 | Report a Bug | By Email