Re: [Perc] Minutes from Design Team call #3
Lorenzo Miniero <lorenzo@meetecho.com> Fri, 13 May 2016 17:27 UTC
Return-Path: <lorenzo@meetecho.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E0DF12B043 for <perc@ietfa.amsl.com>; Fri, 13 May 2016 10:27:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h2f9EyNG6Ms9 for <perc@ietfa.amsl.com>; Fri, 13 May 2016 10:27:54 -0700 (PDT)
Received: from smtpcmd05149.aruba.it (smtpcmd0871.aruba.it [62.149.156.71]) by ietfa.amsl.com (Postfix) with ESMTP id E7A8812D09E for <perc@ietf.org>; Fri, 13 May 2016 10:27:53 -0700 (PDT)
Received: from lminiero ([79.56.51.76]) by smtpcmd08.ad.aruba.it with bizsmtp id ttTm1s00D1eee6701tTmzg; Fri, 13 May 2016 19:27:52 +0200
Date: Fri, 13 May 2016 19:27:45 +0200
From: Lorenzo Miniero <lorenzo@meetecho.com>
To: Emil Ivov <emcho@jitsi.org>
Message-ID: <20160513192745.0d482b62@lminiero>
In-Reply-To: <49a58087-59d1-a388-2772-92294ce8dda6@jitsi.org>
References: <em0ec1188b-2d7b-412c-b682-1c7f8fa6c95e@sydney> <49a58087-59d1-a388-2772-92294ce8dda6@jitsi.org>
Organization: Meetecho
X-Mailer: Claws Mail 3.13.1 (GTK+ 2.24.29; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/perc/eUwodZdOo4ubDzRKRha1FfWh5i4>
Cc: Richard Barnes <rlb@ipv.sx>, LuLop <lulop@kurento.com>, perc@ietf.org, "Paul E. Jones" <paulej@packetizer.com>, Cullen Jennings <fluffy@iii.ca>, Bernard Aboba <bernard.aboba@gmail.com>
Subject: Re: [Perc] Minutes from Design Team call #3
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2016 17:27:58 -0000
On Fri, 13 May 2016 12:05:18 -0500 Emil Ivov <emcho@jitsi.org> wrote: > Hey Paul, > > On 12.05.16 г. 21:27, Paul E. Jones wrote: > > Emil, > > > >> Hey Paul > >> > >> On Wed, May 11, 2016 at 6:12 PM, Paul E. Jones > >> <paulej@packetizer.com> wrote: > >>> Emil, > >>> > >>>> A) Because otherwise that scr*ws up authentication because we > >>>> cannot keep track of the overwrites across RTP and RTCP: > >>>> obviously this is not true as we could simply not use SSRCs for > >>>> PERC-specific purposes and define PERC specific IDs > >>> > >>> I'm not following that one. RTCP is HBH, so not an issue. Why > >>> would we > >>> need a PERC-specific ID? > >> > >> My point is that if you need an immutable ID then you can define > >> your own. As I already stated in this thread: that new ID can be a > >> copy of the original SSRC or something new: whatever works. > > > > We do not really need an identifier, except to address the one > > security issue raised here: > > https://tools.ietf.org/html/draft-mattsson-perc-srtp-cloud-01#section-7.2.4 > > > > With the agreement reached (after a lot of discussion) back in > > December not to change the SSRC, this issue no longer exists. > > Let's please get that reversed. We need SSRC and seq num rewriting to > be possible so let's find a different solution to that *one* security > issue that wouldn't make a bunch of implementers whine on this list > every few months. > > It is not a big deal for this WG's work. It has a huge impact on the > adoption of that work though. > > >>> I assume this is as an alternative to the SSRC in > >>> the cryptographic context? We would not need that given "double" > >>> defined a > >>> field that could record the original E2E SSRC value. (Yes that > >>> is now removed, but see below.) > >>> > >>>> B) You are not correct and I, who have never implemented an SFU > >>>> in my life, am telling you that you can reimplement your SFU to > >>>> not rely on SSRC rewriting and it will be a piece of cake. I > >>>> hope I don't have to comment on B. > >>> > >>> It is indeed a fact that you can write a switching function that > >>> does not > >>> require changing SSRCs. > >> > >> Yes you can do that. You can also travel from Paris to London via > >> Sydney: few people are making that choice though. All SFUs I am > >> aware of overwrite SSRCs even if the one that you wrote might have > >> taken a different path. > > > > I'm scratching my head on this. ISTM that remapping SSRC is the > > longer path from Paris to London. > > You will understand as soon as you try to implement an SFU that works > well with WebRTC today. > > > I appreciate that you might not have seen all > > of the products on the market; > > I am pretty sure I know about most of the WebRTC compatible ones. > > > there certainly are some that do not > > rewrite SSRCs. > > And they, whoever they are, would be just fine if we relaxed the > requirements on immutable seq nums and SSRCs. > > > So, I am curious why you cannot build a system that just > > leaves the SSRCs alone. > > I have already built my system. So have Google and Vidyo and Janus > and Microsoft and Kurento. We are *all* rewriting sequence numbers > and SSRCs. > > >>>> As an IETF WG, PERC's behaviour on this topic has been very > >>>> confusing to me and I am almost at the point where willful > >>>> disruption is the only possible explanation that I can find. If > >>>> we do proceed to ignore implementers the same way we are going > >>>> to find ourselves debating the same concerns in IETF last call > >>>> where reason would have a better chance of prevailing. > >>> > >>> I think the issue is this: you've not attended the meetings. We > >>> had accommodated the option to change nearly everything in the RTP > >>> header via > >>> the OHB in "double". During a recent meeting, it was decided to > >>> limit the > >>> scope of what can be changed. We made the original "double" > >>> proposal to > >>> allow for anything to be changed > >>> (https://tools.ietf.org/html/draft-jennings-perc-double-00) and > >>> participants > >>> in the meeting said to reduce the possible set down to PT and > >>> sequence number, so we produced > >>> https://tools.ietf.org/html/draft-jennings-perc-double-01 > >>> accordingly. This > >>> change was proposed in a conference call, if I recall, and then > >>> discussed > >>> face-to-face before the document moved forward to WG adoption. > >>> > >>> I do not recall any person on a phone call or in the meeting > >>> room who opposed the changes. It came as a pleasant surprise to > >>> the authors that > >>> everyone was agreeable to such a narrow set of fields that could > >>> be changed. > >> > >> I am stunned! > >> > >> Paul, we first had this very conversation five months ago: > >> > >> https://www.ietf.org/mail-archive/web/perc/current/msg00136.html > > > > Yes, I recall the older conversation and, in fact, we had it in our > > draft to allow the SSRC to change. However, the decision to not > > modify the SSRC followed email exchange and the decision has been > > in place since at least early December. > > > >> Numerous implementors commented here. This should have been the > >> end of it. > >> > >> then a bit later I raised it again here: > >> > >> https://www.ietf.org/mail-archive/web/perc/current/msg00222.html > >> > >> Now this. > > > > Yes, at the time it was an active topic of discussion. The > > decision was made, minutes reported, documents updated, etc. I > > think it is the rest of us who were participating in the meetings > > who should be stunned at this issue being raised again. > > I cannot believe you are making that point. Did you at any point see > any of the concerned implementers come back and say: "Oh right! That > totally makes sense now! Forget about immutable seq nums and SSRCs, > we can do with out them. Roll on!" > > As a responsible document editor, *that* is what you should be > looking for. Same for all actively participating WG members. > > You know me, you know Lorenzo, you know Bernard I assume you also > know people from the other companies/orgs implementing simulcast > through SSRC and seq num rewrites. > > Did you see them take part of the discussion? Did you take any steps > to go and check with them? > > "You weren't there to complain then, so get lost now" is a pretty bad > argument and I certainly didn't expect it from someone with your > experience. > That's probably needless to say, but I obviously support Emil, Luis and other implementors on this. Emil has already voiced my concerns much better than I would have been able to do, so I won't add to that. What I'd like to highlight, though, is that I certainly don't recall such a decision being echoed on the ML, as I would expect in the IETF typically, especially on an aspect that had seen such controversy. Had this happened, we definitely would have made our point timely again, and not 5 months later. Lorenzo > >> So are you now saying: "well Emil the issue is that you are not > >> present on all meetings so every time we try to sneak this back in, > >> you are not there to stop us and that's your problem!" > > > > No, I don't expect anyone to be at every meeting. However, you do > > need to appreciate that the decision is now 5 months old the group > > has long-since considered this issue closed. > > I fail to see how that is in any way relevant. The concerns were > stated before the decision was made. The people having made the > concerns were absent when it was decided to not address them. > > This doesn't mean they didn't care. If they didn't they wouldn't have > stated them. This simply means that they trusted the WG to do the > right thing. > > It did not! > > >>> Can we support changing SSRCs? Yes, we can put it back in. We > >>> will need to > >>> change the way we have the OHB encoded, but it's certainly > >>> possible. > >>>> E2E encryption is too important of a subject for us to botch > >>>> this work. > >>> > >>> I can only encourage you to participate in meetings when they're > >>> called and > >>> to comment on drafts as they're published. Heck, even if you > >>> cannot make a > >>> face-to-face meeting, the -01 draft has been out there since > >>> March 21 and > >>> nobody commented on that change until this week. > >> > >> It is one thing to encourage involvement when new decisions are > >> being made. I support this and we are all doing our best. > >> > >> It is a completely different thing to require participation so that > >> the same points can be made over and over and over again. > > > > I think you're mis-characterizing the events. The SSRC issue was an > > active topic of discussion back in November / December. We had to > > settle how we were going to deal with every header field and Magnus > > led that dialog taking us through a couple of hours of discussion > > as we went through each and every header value. That meeting was > > held on November 30 and a recording for that meeting posted to the > > list: > > https://cisco.webex.com/ciscosales/lsr.php?RCID=2684921e717d4b45aadb88d9a8774ce5 > > > > > > The SSRC dialog was at 1:01:43 and we talked about it for about 20 > > minutes. I think it might be worth your time to review that. > > Maybe you have a valid point not raised by others in the meeting, > > but I really think it's unfortunate that you re-raise this issue > > after we revised the drafts and went through another IETF meeting > > where the group adopted text based on this decision. > > I couldn't agree more. It is very unfortunate and so easily avoidable > if only steps had been taken to ping the concerned parties. > > Now ... can we please stop this arguing and just work around the > issue with s.num/ssrc rewriting? > > Please! > > Emil > >
- [Perc] Minutes from Design Team call #3 Richard Barnes
- Re: [Perc] Minutes from Design Team call #3 Richard Barnes
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Bernard Aboba
- Re: [Perc] Minutes from Design Team call #3 Cullen Jennings
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Luis Lopez
- Re: [Perc] Minutes from Design Team call #3 Bernard Aboba
- Re: [Perc] Minutes from Design Team call #3 Eric Rescorla
- Re: [Perc] Minutes from Design Team call #3 Bernard Aboba
- Re: [Perc] Minutes from Design Team call #3 Eric Rescorla
- Re: [Perc] Minutes from Design Team call #3 Cullen Jennings
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 David Benham (dbenham)
- Re: [Perc] Minutes from Design Team call #3 Luis Lopez
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Cullen Jennings
- Re: [Perc] Minutes from Design Team call #3 Cullen Jennings
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Lorenzo Miniero
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Drage, Keith (Nokia - GB)
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 Hutton, Andrew
- Re: [Perc] Minutes from Design Team call #3 Bernard Aboba
- Re: [Perc] Minutes from Design Team call #3 Cullen Jennings
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov