IETF Logo Mail Archive

Re: [rtcweb] Mandating encryption of RTP header extensions for MID and RID SDES items

Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 14 October 2016 08:26 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 83E1A1296E3 for <rtcweb@ietfa.amsl.com>; Fri, 14 Oct 2016 01:26:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OxMNBYLC0QYc for <rtcweb@ietfa.amsl.com>; Fri, 14 Oct 2016 01:26:17 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80C6512963D for <rtcweb@ietf.org>; Fri, 14 Oct 2016 01:26:17 -0700 (PDT)
X-AuditID: c1b4fb25-15fff7000000793b-df-580096a6bc69
Received: from ESESSHC003.ericsson.se (Unknown_Domain [153.88.183.27]) by (Symantec Mail Security) with SMTP id B3.5A.31035.6A690085; Fri, 14 Oct 2016 10:26:15 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.29) with Microsoft SMTP Server id 14.3.319.2; Fri, 14 Oct 2016 10:26:14 +0200
To: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
References: <e536bad2-08b1-4f77-8c75-6bc3b639c398@ericsson.com> <998B7677-E967-45B0-8FE5-FD71930C380F@cisco.com>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <dca597f3-e23a-3dc6-f0e0-5c588729d7e1@ericsson.com>
Date: Fri, 14 Oct 2016 10:26:12 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <998B7677-E967-45B0-8FE5-FD71930C380F@cisco.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrILMWRmVeSWpSXmKPExsUyM2K7tO7yaQwRBi969Cw6JrNZrP3Xzu7A 5DHl90ZWjyVLfjIFMEVx2aSk5mSWpRbp2yVwZdxt7mIuaOWr+PhuG0sD40TuLkYODgkBE4kN O7W7GLk4hATWM0oc6ehngXCWM0p0HF3C3MXIySEskCDxa84HRhBbRMBQomnPPCYQW0igSOLE xc2sIDazgKLEl+Xz2UBsNgELiZs/GsFsXgF7iaurtoLVsAioSkw9cRxspqhAjMT1Z4+gagQl Ts58wgJicwrYSnxbsoQR5DhmoN4HW8sgxstLbH87hxlirbZEQ1MH6wRGgVlIumchdMxC0rGA kXkVo2hxanFSbrqRsV5qUWZycXF+nl5easkmRmBAHtzyW3UH4+U3jocYBTgYlXh4F5z+Hy7E mlhWXJl7iFGCg1lJhHffJIYIId6UxMqq1KL8+KLSnNTiQ4zSHCxK4rxmK++HCwmkJ5akZqem FqQWwWSZODilGhibovfdEXUNCuPake+sP8n2VgKf6zfZk4ciFnD7XjFa1/d5+WPRjSeurBBv PftZgM241n/H80fs4pHPl1duy6pMND3KZLBjmdzZzXsXTdV/8vXaOWWHp7Hb66ctXctqoJOw Tmnu+6Xv4tqfmM9c6zD59dfo/iJlud12DIcr2k+//X//ncgBm8vPlFiKMxINtZiLihMBQLZI f0QCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/-eQvL0em3m6x081035k_M-k0wEQ>
Cc: RTCWeb IETF <rtcweb@ietf.org>
Subject: Re: [rtcweb] Mandating encryption of RTP header extensions for MID and RID SDES items
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 08:26:19 -0000

Den 2016-10-13 kl. 20:12, skrev Cullen Jennings (fluffy):
>
> I think this is huge complexity that is not currently supported and
> not needed. How about we generate the RID such that the RID for the
> n'th m line is n. Or generate it as a random number. Do you see any
> problem with this?
>
> I think this removes all the fingerprinting issues. I'm fine with
> advice that say how to generate the RID in a way that is privacy
> sensitive but I'm not a fan of making RID require support for RTP
> header encryption.
>

So, let disregard the fingerprinting issue for now. It is clear that I 
am in the rough and that this whole issue would benefit from a broad 
review on what we leak when using ICE and RTP/RTCP.

What I don't understand here is that people have argued and agreed that 
we should encrypt the RTP and RTCP packets per default. Then when we 
comes to RTP header extensions we are no longer ready to provide that 
protection per default by ensuring RFC6904 implementation support. So 
RID and MID may not be the most sensitive fields if it has well 
constructed values. Then we have the audio level extensions where Client 
to mixer is RECOMMENDED to be implemented and REQUIRES RFC6904.

So what is the issue, is it that you currently lack RFC6904 
implementations, and thus this require more implementation work, or are 
there additional reasons for wanting to expose this information?

To conclude, I personally think default usage of RFC6904 on header 
extensions would be a good thing. I currently see no reasons for 
changing the requirements that RFC 7941 puts on WebRTC, forcing the 
usage of RFC6904 encryption. If you want to something else, please 
provide a proposal for what that alternative would be.

Cheers

Magnus Westerlund

v2.23.0 | Report a Bug | By Email