IETF Logo Mail Archive

Re: [Perc] Minutes from Design Team call #3

"Paul E. Jones" <paulej@packetizer.com> Fri, 13 May 2016 02:27 UTC

Return-Path: <paulej@packetizer.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 538AA12B049 for <perc@ietfa.amsl.com>; Thu, 12 May 2016 19:27:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.998
X-Spam-Level:
X-Spam-Status: No, score=-2.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=packetizer.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EgBROIpLlJz9 for <perc@ietfa.amsl.com>; Thu, 12 May 2016 19:27:27 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E061F12B027 for <perc@ietf.org>; Thu, 12 May 2016 19:27:26 -0700 (PDT)
Received: from [192.168.1.20] (cpe-098-122-181-215.nc.res.rr.com [98.122.181.215] (may be forged)) (authenticated bits=0) by dublin.packetizer.com (8.15.2/8.15.2) with ESMTPSA id u4D2ROqp025488 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 May 2016 22:27:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1463106445; bh=GUo6EFfZnOwtcAKPiO0TSJROquwR19Sr1x/jLeMq7dE=; h=From:To:Subject:Cc:Date:In-Reply-To:Reply-To; b=uOzOkZZU1/v0kKu2IW2lFjVYW4H8W+XJqDDWVYhIxVAj2SNapOZFj2xMzgCitae9U L1ZmO0n07f3AF4rFmftSyuw+jDja2s5Mu7Vxju859FQpW2YCSeR3QwtSe/Mfcqty8D yv73jGJrccj1pKGV+A+scDz0yHPi9iJCFqnBSDRw=
From: "Paul E. Jones" <paulej@packetizer.com>
To: Emil Ivov <emcho@jitsi.org>
Date: Fri, 13 May 2016 02:27:30 +0000
Message-Id: <em0ec1188b-2d7b-412c-b682-1c7f8fa6c95e@sydney>
In-Reply-To: <CAPvvaaJFZtrgMeRVh5NvejyDuy5V8vGcDGGt8A_7Orrsm4ZGJg@mail.gmail.com>
User-Agent: eM_Client/6.0.24928.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.16 (dublin.packetizer.com [10.137.60.122]); Thu, 12 May 2016 22:27:25 -0400 (EDT)
Archived-At: <http://mailarchive.ietf.org/arch/msg/perc/sU11tSUZzLoBge1K-vVuDmP0BaE>
Cc: Richard Barnes <rlb@ipv.sx>, LuLop <lulop@kurento.com>, perc@ietf.org, Cullen Jennings <fluffy@iii.ca>, Bernard Aboba <bernard.aboba@gmail.com>
Subject: Re: [Perc] Minutes from Design Team call #3
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2016 02:27:29 -0000

Emil,

>Hey Paul
>
>On Wed, May 11, 2016 at 6:12 PM, Paul E. Jones <paulej@packetizer.com> 
>wrote:
>>  Emil,
>>
>>>  A) Because otherwise that scr*ws up authentication because we cannot
>>>  keep track of the overwrites across RTP and RTCP: obviously this is
>>>  not true as we could simply not use SSRCs for PERC-specific purposes
>>>  and define PERC specific IDs
>>
>>  I'm not following that one.  RTCP is HBH, so not an issue.  Why would 
>>we
>>  need a PERC-specific ID?
>
>My point is that if you need an immutable ID then you can define your
>own. As I already stated in this thread: that new ID can be a copy of
>the original SSRC or something new: whatever works.

We do not really need an identifier, except to address the one security 
issue raised here:
https://tools.ietf.org/html/draft-mattsson-perc-srtp-cloud-01#section-7.2.4

With the agreement reached (after a lot of discussion) back in December 
not to change the SSRC, this issue no longer exists.

>>  I assume this is as an alternative to the SSRC in
>>  the cryptographic context?  We would not need that given "double" 
>>defined a
>>  field that could record the original E2E SSRC value.  (Yes that is 
>>now
>>  removed, but see below.)
>>
>>>  B) You are not correct and I, who have never implemented an SFU in 
>>>my
>>>  life, am telling you that you can reimplement your SFU to not rely 
>>>on
>>>  SSRC rewriting and it will be a piece of cake. I hope I don't have 
>>>to
>>>  comment on B.
>>
>>  It is indeed a fact that you can write a switching function that does 
>>not
>>  require changing SSRCs.
>
>Yes you can do that. You can also travel from Paris to London via
>Sydney: few people are making that choice though. All SFUs I am aware
>of overwrite SSRCs even if the one that you wrote might have taken a
>different path.

I'm scratching my head on this. ISTM that remapping SSRC is the longer 
path from Paris to London. I appreciate that you might not have seen all 
of the products on the market; there certainly are some that do not 
rewrite SSRCs.  So, I am curious why you cannot build a system that just 
leaves the SSRCs alone.

>>>  As an IETF WG, PERC's behaviour on this topic has been very 
>>>confusing
>>>  to me and I am almost at the point where willful disruption is the
>>>  only possible explanation that I can find. If we do proceed to 
>>>ignore
>>>  implementers the same way we are going to find ourselves debating 
>>>the
>>>  same concerns in IETF last call where reason would have a better
>>>  chance of prevailing.
>>
>>  I think the issue is this: you've not attended the meetings.  We had
>>  accommodated the option to change nearly everything in the RTP header 
>>via
>>  the OHB in "double".  During a recent meeting, it was decided to 
>>limit the
>>  scope of what can be changed.  We made the original "double" proposal 
>>to
>>  allow for anything to be changed
>>  (https://tools.ietf.org/html/draft-jennings-perc-double-00) and 
>>participants
>>  in the meeting said to reduce the possible set down to PT and 
>>sequence
>>  number, so we produced
>>  https://tools.ietf.org/html/draft-jennings-perc-double-01 
>>accordingly.  This
>>  change was proposed in a conference call, if I recall, and then 
>>discussed
>>  face-to-face before the document moved forward to WG adoption.
>>
>>  I do not recall any person on a phone call or in the meeting room who
>>  opposed the changes.  It came as a pleasant surprise to the authors 
>>that
>>  everyone was agreeable to such a narrow set of fields that could be 
>>changed.
>
>I am stunned!
>
>Paul, we first had this very conversation five months ago:
>
>https://www.ietf.org/mail-archive/web/perc/current/msg00136.html

Yes, I recall the older conversation and, in fact, we had it in our 
draft to allow the SSRC to change.  However, the decision to not modify 
the SSRC followed email exchange and the decision has been in place 
since at least early December.

>Numerous implementors commented here. This should have been the end of 
>it.
>
>then a bit later I raised it again here:
>
>https://www.ietf.org/mail-archive/web/perc/current/msg00222.html
>
>Now this.

Yes, at the time it was an active topic of discussion.  The decision was 
made, minutes reported, documents updated, etc.  I think it is the rest 
of us who were participating in the meetings who should be stunned at 
this issue being raised again.


>So are you now saying: "well Emil the issue is that you are not
>present on all meetings so every time we try to sneak this back in,
>you are not there to stop us and that's your problem!"

No, I don't expect anyone to be at every meeting.  However, you do need 
to appreciate that the decision is now 5 months old the group has 
long-since considered this issue closed.


>>  Can we support changing SSRCs?  Yes, we can put it back in.  We will 
>>need to
>>  change the way we have the OHB encoded, but it's certainly possible.
>>
>>>  E2E encryption is too important of a subject for us to botch this 
>>>work.
>>
>>  I can only encourage you to participate in meetings when they're 
>>called and
>>  to comment on drafts as they're published.  Heck, even if you cannot 
>>make a
>>  face-to-face meeting, the -01 draft has been out there since March 21 
>>and
>>  nobody commented on that change until this week.
>
>It is one thing to encourage involvement when new decisions are being
>made. I support this and we are all doing our best.
>
>It is a completely different thing to require participation so that
>the same points can be made over and over and over again.

I think you're mis-characterizing the events.  The SSRC issue was an 
active topic of discussion back in November / December.  We had to 
settle how we were going to deal with every header field and Magnus led 
that dialog taking us through a couple of hours of discussion as we went 
through each and every header value.  That meeting was held on November 
30 and a recording for that meeting posted to the list:
https://cisco.webex.com/ciscosales/lsr.php?RCID=2684921e717d4b45aadb88d9a8774ce5

The SSRC dialog was at 1:01:43 and we talked about it for about 20 
minutes.  I think it might be worth your time to review that.  Maybe you 
have a valid point not raised by others in the meeting, but I really 
think it's unfortunate that you re-raise this issue after we revised the 
drafts and went through another IETF meeting where the group adopted 
text based on this decision.

Paul

v2.23.0 | Report a Bug | By Email