Re: [Perc] Minutes from Design Team call #3
"Paul E. Jones" <paulej@packetizer.com> Fri, 13 May 2016 02:27 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 538AA12B049 for <perc@ietfa.amsl.com>; Thu, 12 May 2016 19:27:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.998
X-Spam-Level:
X-Spam-Status: No, score=-2.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.996, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=packetizer.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EgBROIpLlJz9 for <perc@ietfa.amsl.com>; Thu, 12 May 2016 19:27:27 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E061F12B027 for <perc@ietf.org>; Thu, 12 May 2016 19:27:26 -0700 (PDT)
Received: from [192.168.1.20] (cpe-098-122-181-215.nc.res.rr.com [98.122.181.215] (may be forged)) (authenticated bits=0) by dublin.packetizer.com (8.15.2/8.15.2) with ESMTPSA id u4D2ROqp025488 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 12 May 2016 22:27:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1463106445; bh=GUo6EFfZnOwtcAKPiO0TSJROquwR19Sr1x/jLeMq7dE=; h=From:To:Subject:Cc:Date:In-Reply-To:Reply-To; b=uOzOkZZU1/v0kKu2IW2lFjVYW4H8W+XJqDDWVYhIxVAj2SNapOZFj2xMzgCitae9U L1ZmO0n07f3AF4rFmftSyuw+jDja2s5Mu7Vxju859FQpW2YCSeR3QwtSe/Mfcqty8D yv73jGJrccj1pKGV+A+scDz0yHPi9iJCFqnBSDRw=
From: "Paul E. Jones" <paulej@packetizer.com>
To: Emil Ivov <emcho@jitsi.org>
Date: Fri, 13 May 2016 02:27:30 +0000
Message-Id: <em0ec1188b-2d7b-412c-b682-1c7f8fa6c95e@sydney>
In-Reply-To: <CAPvvaaJFZtrgMeRVh5NvejyDuy5V8vGcDGGt8A_7Orrsm4ZGJg@mail.gmail.com>
User-Agent: eM_Client/6.0.24928.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.16 (dublin.packetizer.com [10.137.60.122]); Thu, 12 May 2016 22:27:25 -0400 (EDT)
Archived-At: <http://mailarchive.ietf.org/arch/msg/perc/sU11tSUZzLoBge1K-vVuDmP0BaE>
Cc: Richard Barnes <rlb@ipv.sx>, LuLop <lulop@kurento.com>, perc@ietf.org, Cullen Jennings <fluffy@iii.ca>, Bernard Aboba <bernard.aboba@gmail.com>
Subject: Re: [Perc] Minutes from Design Team call #3
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 May 2016 02:27:29 -0000
Emil, >Hey Paul > >On Wed, May 11, 2016 at 6:12 PM, Paul E. Jones <paulej@packetizer.com> >wrote: >> Emil, >> >>> A) Because otherwise that scr*ws up authentication because we cannot >>> keep track of the overwrites across RTP and RTCP: obviously this is >>> not true as we could simply not use SSRCs for PERC-specific purposes >>> and define PERC specific IDs >> >> I'm not following that one. RTCP is HBH, so not an issue. Why would >>we >> need a PERC-specific ID? > >My point is that if you need an immutable ID then you can define your >own. As I already stated in this thread: that new ID can be a copy of >the original SSRC or something new: whatever works. We do not really need an identifier, except to address the one security issue raised here: https://tools.ietf.org/html/draft-mattsson-perc-srtp-cloud-01#section-7.2.4 With the agreement reached (after a lot of discussion) back in December not to change the SSRC, this issue no longer exists. >> I assume this is as an alternative to the SSRC in >> the cryptographic context? We would not need that given "double" >>defined a >> field that could record the original E2E SSRC value. (Yes that is >>now >> removed, but see below.) >> >>> B) You are not correct and I, who have never implemented an SFU in >>>my >>> life, am telling you that you can reimplement your SFU to not rely >>>on >>> SSRC rewriting and it will be a piece of cake. I hope I don't have >>>to >>> comment on B. >> >> It is indeed a fact that you can write a switching function that does >>not >> require changing SSRCs. > >Yes you can do that. You can also travel from Paris to London via >Sydney: few people are making that choice though. All SFUs I am aware >of overwrite SSRCs even if the one that you wrote might have taken a >different path. I'm scratching my head on this. ISTM that remapping SSRC is the longer path from Paris to London. I appreciate that you might not have seen all of the products on the market; there certainly are some that do not rewrite SSRCs. So, I am curious why you cannot build a system that just leaves the SSRCs alone. >>> As an IETF WG, PERC's behaviour on this topic has been very >>>confusing >>> to me and I am almost at the point where willful disruption is the >>> only possible explanation that I can find. If we do proceed to >>>ignore >>> implementers the same way we are going to find ourselves debating >>>the >>> same concerns in IETF last call where reason would have a better >>> chance of prevailing. >> >> I think the issue is this: you've not attended the meetings. We had >> accommodated the option to change nearly everything in the RTP header >>via >> the OHB in "double". During a recent meeting, it was decided to >>limit the >> scope of what can be changed. We made the original "double" proposal >>to >> allow for anything to be changed >> (https://tools.ietf.org/html/draft-jennings-perc-double-00) and >>participants >> in the meeting said to reduce the possible set down to PT and >>sequence >> number, so we produced >> https://tools.ietf.org/html/draft-jennings-perc-double-01 >>accordingly. This >> change was proposed in a conference call, if I recall, and then >>discussed >> face-to-face before the document moved forward to WG adoption. >> >> I do not recall any person on a phone call or in the meeting room who >> opposed the changes. It came as a pleasant surprise to the authors >>that >> everyone was agreeable to such a narrow set of fields that could be >>changed. > >I am stunned! > >Paul, we first had this very conversation five months ago: > >https://www.ietf.org/mail-archive/web/perc/current/msg00136.html Yes, I recall the older conversation and, in fact, we had it in our draft to allow the SSRC to change. However, the decision to not modify the SSRC followed email exchange and the decision has been in place since at least early December. >Numerous implementors commented here. This should have been the end of >it. > >then a bit later I raised it again here: > >https://www.ietf.org/mail-archive/web/perc/current/msg00222.html > >Now this. Yes, at the time it was an active topic of discussion. The decision was made, minutes reported, documents updated, etc. I think it is the rest of us who were participating in the meetings who should be stunned at this issue being raised again. >So are you now saying: "well Emil the issue is that you are not >present on all meetings so every time we try to sneak this back in, >you are not there to stop us and that's your problem!" No, I don't expect anyone to be at every meeting. However, you do need to appreciate that the decision is now 5 months old the group has long-since considered this issue closed. >> Can we support changing SSRCs? Yes, we can put it back in. We will >>need to >> change the way we have the OHB encoded, but it's certainly possible. >> >>> E2E encryption is too important of a subject for us to botch this >>>work. >> >> I can only encourage you to participate in meetings when they're >>called and >> to comment on drafts as they're published. Heck, even if you cannot >>make a >> face-to-face meeting, the -01 draft has been out there since March 21 >>and >> nobody commented on that change until this week. > >It is one thing to encourage involvement when new decisions are being >made. I support this and we are all doing our best. > >It is a completely different thing to require participation so that >the same points can be made over and over and over again. I think you're mis-characterizing the events. The SSRC issue was an active topic of discussion back in November / December. We had to settle how we were going to deal with every header field and Magnus led that dialog taking us through a couple of hours of discussion as we went through each and every header value. That meeting was held on November 30 and a recording for that meeting posted to the list: https://cisco.webex.com/ciscosales/lsr.php?RCID=2684921e717d4b45aadb88d9a8774ce5 The SSRC dialog was at 1:01:43 and we talked about it for about 20 minutes. I think it might be worth your time to review that. Maybe you have a valid point not raised by others in the meeting, but I really think it's unfortunate that you re-raise this issue after we revised the drafts and went through another IETF meeting where the group adopted text based on this decision. Paul
- [Perc] Minutes from Design Team call #3 Richard Barnes
- Re: [Perc] Minutes from Design Team call #3 Richard Barnes
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Bernard Aboba
- Re: [Perc] Minutes from Design Team call #3 Cullen Jennings
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Luis Lopez
- Re: [Perc] Minutes from Design Team call #3 Bernard Aboba
- Re: [Perc] Minutes from Design Team call #3 Eric Rescorla
- Re: [Perc] Minutes from Design Team call #3 Bernard Aboba
- Re: [Perc] Minutes from Design Team call #3 Eric Rescorla
- Re: [Perc] Minutes from Design Team call #3 Cullen Jennings
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 David Benham (dbenham)
- Re: [Perc] Minutes from Design Team call #3 Luis Lopez
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Cullen Jennings
- Re: [Perc] Minutes from Design Team call #3 Cullen Jennings
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Lorenzo Miniero
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov
- Re: [Perc] Minutes from Design Team call #3 Drage, Keith (Nokia - GB)
- Re: [Perc] Minutes from Design Team call #3 Paul E. Jones
- Re: [Perc] Minutes from Design Team call #3 Hutton, Andrew
- Re: [Perc] Minutes from Design Team call #3 Bernard Aboba
- Re: [Perc] Minutes from Design Team call #3 Cullen Jennings
- Re: [Perc] Minutes from Design Team call #3 Emil Ivov