Re: [rtcweb] Require/Suggest AEAD GCM for SRTP

"Martin Thomson" <mt@lowentropy.net> Fri, 12 July 2019 10:19 UTC

Return-Path: <mt@lowentropy.net>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5681120169 for <rtcweb@ietfa.amsl.com>; Fri, 12 Jul 2019 03:19:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lowentropy.net header.b=BxdRlFLe; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ef7g/s6x
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XG_oFh4ODkIJ for <rtcweb@ietfa.amsl.com>; Fri, 12 Jul 2019 03:19:54 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A319B120113 for <rtcweb@ietf.org>; Fri, 12 Jul 2019 03:19:53 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 9CC7022289 for <rtcweb@ietf.org>; Fri, 12 Jul 2019 06:19:52 -0400 (EDT)
Received: from imap2 ([10.202.2.52]) by compute1.internal (MEProxy); Fri, 12 Jul 2019 06:19:52 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lowentropy.net; h=mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type:content-transfer-encoding; s=fm2; bh=2cc2i 0euzVgNd4NeB2wMoK2+/Mx2TfAheNK6RQ0yRmY=; b=BxdRlFLewmWwUONmfyG7C 1sAbw8yIBII+Og4v3CbGROfz0jO4kstfhTsv/rXJuSnGASUgcjkHxXK0/+tJCeFL VNZ3iQS2YxNz+vbcI/ThLbSMCWZl1Nj/9nZGZKi7OzmU/Lv5Tqx16WqcL5n+HUsm cstRtosYI3PbyZQmveF0YLYByWlPYQPVlOqDL/rEkVqZGAbonozZcp1/sMaG1F1I RTxMpWw2h3mocJm/4oUEs0tgo4sKsvAxCUvHVlt3OnO2o6ea8WotNNcgPe9uI65F AOnu7LLUDOSVvoXQ5iBJaBYYyDf4B0ZiY0useeWK27ojIiHe8ze4tuHgnDQCnMRm g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=2cc2i0euzVgNd4NeB2wMoK2+/Mx2TfAheNK6RQ0yR mY=; b=ef7g/s6xaBJjYvMROolG+gxDRM3lzpBc2i/HyWwWg/DJX2PhNMrdqpzrH LWnrpJWp+e+drPRle4HLPgmeSaOkROg2JnhD+POMHh8684qxvzXOr8IimbQNZ/7K OQa7rwFzx1fm/ol38BZ4kWlcJqVV6EhjGklC851oLs0aGIfJ+t+GaKkMpRUDbVGQ jLaeuLx8NIlqvi4bDC2NlFQoP4Os+wUJaAVGgAhqYkmNOHScWmsGwRMBRWPr9hOL Rp4g01aa+wklZTdmc6e74wrnIyR2VBRE0RZSR+7rOGAvZshULQcrm45m2L18kc+G 6Tz5NR0KH2y/m5aiWJSjw4YUkH8Sw==
X-ME-Sender: <xms:yF4oXSpf_lZuXrXYzwQ5jhEaB3RNF15x-FI5He8iL7vgjcW6Nzc47A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduvddrhedtgddvhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfggfkjghffffhvffutgfgsehtqh ertderreejnecuhfhrohhmpedfofgrrhhtihhnucfvhhhomhhsohhnfdcuoehmtheslhho figvnhhtrhhophihrdhnvghtqeenucfrrghrrghmpehmrghilhhfrhhomhepmhhtsehloh ifvghnthhrohhphidrnhgvthenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:yF4oXU42q1vIDlWjJ2xajMTDmohCbkpniT9LJLR342H0jDHZbK3dgg> <xmx:yF4oXSMgQ1CE6zFgwzyLtVBYdoAOmxMkc-ElS2VKO6_50rL5S-Rvuw> <xmx:yF4oXWMqt4RU6zLc751QmGsRWamUrE-bnGnGKUKpQzobDm7dfHbNiQ> <xmx:yF4oXRD-LhzHHgis8FBOC-lA5MssS-p8vPIsGHgvbEHtDLYsfIjweg>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 3B054E0128; Fri, 12 Jul 2019 06:19:52 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-731-g19d3b16-fmstable-20190627v1
Mime-Version: 1.0
Message-Id: <c877dca1-6615-46de-8532-52f1b8e0ae3b@www.fastmail.com>
In-Reply-To: <9C56BC65-852C-406C-B1CB-AB692C25F522@sn3rd.com>
References: <CA+b7xQtG-PLo8i3ojOs2pmiVbuKU0aFGRMsdQss22rEnqRgybg@mail.gmail.com> <3f1e01bf-1119-a912-2449-1329ee253b00@alvestrand.no> <9C56BC65-852C-406C-B1CB-AB692C25F522@sn3rd.com>
Date: Fri, 12 Jul 2019 20:19:52 +1000
From: "Martin Thomson" <mt@lowentropy.net>
To: rtcweb@ietf.org
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/-3tDjlS90bafmwE7iAm2esW1CBA>
Subject: Re: [rtcweb] Require/Suggest AEAD GCM for SRTP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 10:19:56 -0000

On Fri, Jul 12, 2019, at 10:07, Sean Turner wrote:
> I think there’s general consensus that we should be updating the 
> algorithm requirements every couple of years after the specifications 
> are published.  But, we have not yet actually published cluster 238 
> yet.  We need to get that done first and then we should entertain 
> updates; it is never as easy as one thinks it is to update the MTIs.

This sounds like a great policy.  238 will take long enough that we should have some time to consider our options more fully.  Maybe we also have enough time to do something about finding an AEAD with a smaller authentication tag that can be used here.