Re: [Perc] Request for decision review
Emil Ivov <emcho@jitsi.org> Tue, 17 May 2016 01:50 UTC
Return-Path: <emcho@sip-communicator.org>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9476912D1B0 for <perc@ietfa.amsl.com>; Mon, 16 May 2016 18:50:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=jitsi-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d3Pm2YAMc8Mi for <perc@ietfa.amsl.com>; Mon, 16 May 2016 18:50:49 -0700 (PDT)
Received: from mail-oi0-x230.google.com (mail-oi0-x230.google.com [IPv6:2607:f8b0:4003:c06::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C2CC12B018 for <perc@ietf.org>; Mon, 16 May 2016 18:50:49 -0700 (PDT)
Received: by mail-oi0-x230.google.com with SMTP id x201so3113557oif.3 for <perc@ietf.org>; Mon, 16 May 2016 18:50:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jitsi-org.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=ve4jCg0/NhxKxv1fauNFgD462z3uuVm/Ejd9GZriGVg=; b=Qvf8eSpKynkzlM/bG5xPQML1DxNqU/a6n3L8HTJ2HRROYH0nR7teYUKJZuN7G1swmN JqLaSd4a/d1Gt4YCSoQY808gXZs8gxB8JBZtbnWlKKTdmx9tjHgQhx66gzTXkVKrlc8/ fXD40uEkQTvCdJOfeeLm7pbn9RBpTI++XTNZ5YowsEfTY2DZu1D8gfLM/fR0Z52fZdgb 7KrisSCejq0EB0gBYJnu6r4lnIebSrRSqy7D74j5zAbEX7Xf0ZLlp4y4cARd0+ycEJ26 jwbvVbKSdsW4yHy1IUNNTGsshZ64sUmLQUGfNiCpc85fZzGIqemTRK0tx0L4cLBvBb2W Hc5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=ve4jCg0/NhxKxv1fauNFgD462z3uuVm/Ejd9GZriGVg=; b=XJte7asyD/78uODD9t5XCr07OVYjgp7PVN8b+BlqojoUxjZejDCD6eoYn8KOhEC2UO 3vlPvW0Y0eSI/4m7Yo+275EszSYHxj7UsjiaXp8G3SgddqIwoMIaqPHaRiwwkvbaKEES yrqbOnhIK448Ko2ez7OvnmEaf8b51X4LKPfEivzv20ZgeJJnjcGYalUMHW535Wp5FQCu jAK1O3AbTtfpxN+TS/2GhT2qcFVBEBQOwKYacujxzT1m22NDCmAldGtgQ5/LaB7yHO0X pNR7W6ij0lNJmi7yl8n90/1iQGFzkKXHuX9WdELypLnPrN3TweFKgQ9lj5ULVS6jydrV Fgsg==
X-Gm-Message-State: AOPr4FVvoPmegc+FfpoYPy+cbyew0NKngwJtTAVyxVVQvq7Zl+37hxPXxT1l1552Xn1tgQ==
X-Received: by 10.202.90.212 with SMTP id o203mr19233478oib.117.1463449848591; Mon, 16 May 2016 18:50:48 -0700 (PDT)
Received: from camionet.local ([2602:306:83fc:cd90:adbf:6a92:36dc:3e41]) by smtp.googlemail.com with ESMTPSA id aq9sm119125obc.12.2016.05.16.18.50.46 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 16 May 2016 18:50:46 -0700 (PDT)
To: "Paul E. Jones" <paulej@packetizer.com>, Adam Roach <adam@nostrum.com>, perc@ietf.org
References: <embf772d31-22be-4f64-b05f-67e7b89e4d81@sydney>
From: Emil Ivov <emcho@jitsi.org>
Message-ID: <4a0ba091-74e3-3adf-7e2d-7ea5d7f76ebe@jitsi.org>
Date: Mon, 16 May 2016 20:50:45 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.0
MIME-Version: 1.0
In-Reply-To: <embf772d31-22be-4f64-b05f-67e7b89e4d81@sydney>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/perc/gBmf9Zzl_difQAOCykY4WIzNHms>
Subject: Re: [Perc] Request for decision review
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 May 2016 01:50:51 -0000
Hey Paul, On 16.05.16 г. 16:47, Paul E. Jones wrote: > Emil, > >> The second problem mentioned by Cullen on May 10 is the one about >> splicing that's also described here: >> https://tools.ietf.org/html/draft-mattsson-perc-srtp-cloud-01#section-7.2.4 >> >> >> This can be resolved by simply having an rtp-hdrext attached and >> signed by the sender that carries the original SSRC. That part will >> not be allowed to change and needs to be copied over by the MDD/SFU >> together with the rests of the immutable parts. > > I don't think there is even an additional signing process required. No of course not. I just meant that it would be part of the data that is signed E2E. > The > sender of the packet will encrypt the packet containing the original > SSRC value, with the authentication including that SSRC field. If the > MDD preserves that value in the OHB (described in the "double" draft), > then the receiving endpoint could restore the original SSRC value in the > packet header before attempting to decrypt. If the wrong SSRC is > provided, the packet will fail authentication. So ... I admit I haven't fully wrapped my head around the OBH thing just yet. Specifically I don't understand the wording about how it should be placed after the original header extensions and why that even matters given that it's removed before verification ... I also don't understand exactly how it allows for changing other fields, such as the timestamp, or whether it is meant to allow for changing of (which) header extensions. That said, I agree that if we tweak these definitions then using the OBH could work. > Having two SSRC numbering spaces that can overlap is unfortunate, > though. Using libraries like libsrtp, we would need to have an E2E > context and a HBH context. That is, we have to initialize the library > twice, because every SSRC and related cryptograhic parameters, replay > database, etc. expects a single number space. Thus, to decrypt a packet > we would have to do this: > > srtp_unprotect(hbh_context, packet); > do_perc_stuff(packet); // Such as dealing with the OHB field > srtp_unprotect(e2e_context, packet); > > We could hide that extra step by having the library create the second > context under-the-covers or creating a wrapper layer around libsrtp (or > whatever SRTP library is employed). If we did not create overlapping > number spaces, this could be avoided. I don't get it. Given your sample above, it sounds to me that this issue is bound to happen exactly when you are not changing the SSRC because you have two crypto contexts for the same SSRC. You are actually avoiding that issue if you can be certain of using different SSRCs in HBH and E2E, which you can't anyway in either of the solutions we are discussing. What am I missing? > I personally think having overlapping number spaces is messy. And for > what? I still fail to see how performing a 1:1 mapping of an SSRC value > does anything to make building the MDD any easier. I am not sure if my previous explanations were unclear or unconvincing so I am just going to try and explain again: The way simulcast is being implemented in SFUs today is by having all the logic at the sender and at the SFU. There is never any of it in the receiver. This essentially means that the sender feeds two or three SSRCs to the SFU. The SFU then makes sure that what goes out on the other side is one single and coherent RTP flow with a single SSRC. This allows it to handle all the logic of layer switching including things like requesting keyframes, detecting layer drops, detecting keyframes during layer switches, timestamp uplifts and others. The receiver in this picture lives with the impression that it only ever gets a single video stream that simply happens to change its resolution every now and again. This makes things much simpler and quicker than trying to have the receiver detect and juggle with layers, request keyframes and such ... No receiver does that today and PERC would be a much tougher sell if you tried to get people to not only implement a new SRTP layer but also force them into adopting receiver side simulcast support which virtually no one does today. > In fact, I see it as > just more complexity. And, it's more complexity for the endpoint (as I > note above), juggling E2E and HBH SSRC values. I really fail to understand how immutable SSRCs would fix your issue above (and again, I am probably the one missing something here) but even with that I can assure you that having one extra libsrtp call is incomparably simpler than trying to get a receiver to handle simulcast layer switching. Emil -- https://jitsi.org
- Re: [Perc] Request for decision review Miguel París Díaz
- Re: [Perc] Request for decision review Roni Even
- Re: [Perc] Request for decision review David Benham (dbenham)
- Re: [Perc] Request for decision review Roni Even
- Re: [Perc] Request for decision review David Benham (dbenham)
- Re: [Perc] Request for decision review Roni Even
- Re: [Perc] Request for decision review David Benham (dbenham)
- Re: [Perc] Request for decision review Roni Even
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Miguel París Díaz
- Re: [Perc] Request for decision review Bernard Aboba
- [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Adam Roach
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Bernard Aboba
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Bernard Aboba
- Re: [Perc] Request for decision review Cullen Jennings
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Adam Roach
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Eric Rescorla
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Bernard Aboba
- Re: [Perc] Request for decision review Miguel París Díaz