Re: [rtcweb] Require/Suggest AEAD GCM for SRTP

Justin Uberti <juberti@google.com> Wed, 10 July 2019 23:03 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B4F41200B9 for <rtcweb@ietfa.amsl.com>; Wed, 10 Jul 2019 16:03:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -16.204
X-Spam-Level:
X-Spam-Status: No, score=-16.204 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1JqKIPgM7Kz2 for <rtcweb@ietfa.amsl.com>; Wed, 10 Jul 2019 16:03:13 -0700 (PDT)
Received: from mail-ua1-x92c.google.com (mail-ua1-x92c.google.com [IPv6:2607:f8b0:4864:20::92c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C73971200C7 for <rtcweb@ietf.org>; Wed, 10 Jul 2019 16:03:12 -0700 (PDT)
Received: by mail-ua1-x92c.google.com with SMTP id o19so1557005uap.13 for <rtcweb@ietf.org>; Wed, 10 Jul 2019 16:03:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=DYmEHmYuqPZCN87lz7AfIx+piw0qe3wlG94JpzROkMs=; b=CZLyttiIqv6/f6tUB+dhVezxfKjprJu5bUV69d4uERe/KYqW88zUrjI6AXsd/LvpKV sv6mYxQDTeALdFiIfZ2bMK8wN2v7AdXFfjgyVyF5/exhFJea9S7o7ONVHPXdW3iHlo8D uYP9ZUcva1hLVLfEtCefrmKwtrkLdG2zmX/iibhlYactwpXgGDC/Z5Q9Sg4nZ1qpDjrm RN+n53RbdVae4utn8F1PZ+MfcQAmKVQTlgBoBZ1Q7rEVV/Ibx6VN0mTMZzXO5N+VRZl8 d/fvshcmesNb392xHZiBAa7QXp4SfH18nvqS2KyMAmzhq2JenXl6lmOEtVlzqOuDosoK t8KQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=DYmEHmYuqPZCN87lz7AfIx+piw0qe3wlG94JpzROkMs=; b=g93m5JIDuHx7byxb6hhlmIBEedS4+gy//bC9Z4tB9/PKfOisxmAoK2yQ+hIbZLhkXd mmys8DRFG6MhEdVVATpyVBx6WG5gVnxuRTEsOOJNde336bmlX53CuvhDX93z/lu6tysm DrhB6Iy1QxN0PJ0TORcsUdZLYE+tsurxMIUE3NzbP2isdYqrKeuwSxuWcNr6xNCozfrV VJ7KMkSawHcDMHzY+iPSL0qckKYMlndCP0cGVCrY/JL1h+up7ZEYhYg2HZaoxNCNtzah NsEYbmVlX7Uo6o0frkCyTzXdj2NcJ1HF25aYgU4wdOH8yqqTrzYVMr+VZmE48DJ0XMO8 ejFQ==
X-Gm-Message-State: APjAAAXyUgusXdAgwISlcFwma8dKqsRUK4122B6aXIxpMjqTM9t+G+3d nmcXoE3zZLB2q0pdIwS4c3384+fKSK90uYO6noXU1A==
X-Google-Smtp-Source: APXvYqxoZGRr9bg3LEEXo0UfyqLrcCo8eTAhCj0rhMRSJOj1CFMg+JamJuutcb/tr24ULEvMpe77G65kssR3OydVEgE=
X-Received: by 2002:ab0:6e2:: with SMTP id g89mr311547uag.56.1562799791167; Wed, 10 Jul 2019 16:03:11 -0700 (PDT)
MIME-Version: 1.0
References: <CA+b7xQtG-PLo8i3ojOs2pmiVbuKU0aFGRMsdQss22rEnqRgybg@mail.gmail.com> <385683CD-3B17-4A11-8B39-F300FB861964@mozilla.com> <dacfb776-b7bf-c262-03a4-662175e35233@goodadvice.pages.de> <20190710222800.cyjvtkek7rbhy72k@38f9d359441f.ant.amazon.com>
In-Reply-To: <20190710222800.cyjvtkek7rbhy72k@38f9d359441f.ant.amazon.com>
From: Justin Uberti <juberti@google.com>
Date: Wed, 10 Jul 2019 16:02:59 -0700
Message-ID: <CAOJ7v-2m_dAHXi__2pqe-DYamuhZrmcjgZbhSFXsF5EsOrSdLg@mail.gmail.com>
To: Sean DuBois <sean@pion.ly>
Cc: Philipp Hancke <fippo@goodadvice.pages.de>, RTCWeb IETF <rtcweb@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000068bcbb058d5bae1f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/00xuCmdpX_zwgJ6wt71yiAD-jqk>
Subject: Re: [rtcweb] Require/Suggest AEAD GCM for SRTP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 23:03:15 -0000

We looked into this in Chrome in
https://bugs.chromium.org/p/chromium/issues/detail?id=713701, but we
decided not to proceed because of the resultant blowup from using the
non-truncatable AEAD MAC (16 bytes per packet vs 4/10 for HMAC-SHA1).

I think we'd be open to revisiting this if there were obvious performance
benefits, but your numbers for HMAC-SHA1 seem unusually bad. For example,
"openssl speed sha1" yields 500 MB/s for 256-byte packets on my MacBook
Pro, compared to the 28 MB/s that you noted in the bug. "openssl speed
aes-128-gcm" does yield 1500 MB/s, so there's clearly some upside here, but
it's hard to see this as a must-have.

On Wed, Jul 10, 2019 at 3:27 PM Sean DuBois <sean@pion.ly> wrote:

> On Wed, Jul 10, 2019 at 10:20:24PM +0200, Philipp Hancke wrote:
> > Am 10.07.19 um 20:25 schrieb Nils Ohlmeier:
> > <snip/>
> >
> > > As Firefox supports GCM already I’m in favor of adding it to the spec.
> > >
> > > AFAIK GCM support in Chrome is behind a flag because they ran into
> some interop issues with early GCM implementations.
> > >
> > > But it is pretty late in the standardization process to make/request
> such changes. I’ll leave it to other to judge this.
> >
> > I don't think we need any mandatory requirement, we have negotiation
> built
> > in. AES-NI does not require GCM though?
> Agree! I do get hw-accel right now when encrypting, but it is the HMAC-SHA1
> for the authentication tag that takes up most of the time.
>
> Lots of calls to HMAC-SHA1 for both send/recv
>
> I don't know libsrtp well enough, but I assume the situation is the same?
>
> >
> > I tested GCM with both Chrome and Firefox, found a small bug in the
> latter
> > (which was quickly fixed by you) but other than that it worked like
> charm.
> >
> > How chrome solves their "stuff bitrotting behind flags forever" is not an
> > IETF problem thankfully.
> I am happy to help with this case! I am just hoping if I go the
> IETF route. It will make it easier to get things merged/enabled in
> projects.
>
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>