Re: [rtcweb] Require/Suggest AEAD GCM for SRTP

Philipp Hancke <> Wed, 10 July 2019 20:20 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id A48AC12004A for <>; Wed, 10 Jul 2019 13:20:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sqON45WNyk3C for <>; Wed, 10 Jul 2019 13:20:35 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id F12F512012A for <>; Wed, 10 Jul 2019 13:20:34 -0700 (PDT)
Received: from [] ( []) (authenticated bits=0) by (8.14.3/8.14.3/Debian-9.4) with ESMTP id x6AKKgFE005935 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <>; Wed, 10 Jul 2019 22:20:44 +0200
References: <> <>
From: Philipp Hancke <>
Message-ID: <>
Date: Wed, 10 Jul 2019 22:20:24 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [rtcweb] Require/Suggest AEAD GCM for SRTP
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 10 Jul 2019 20:20:38 -0000

Am 10.07.19 um 20:25 schrieb Nils Ohlmeier:

> As Firefox supports GCM already I’m in favor of adding it to the spec.
> AFAIK GCM support in Chrome is behind a flag because they ran into some interop issues with early GCM implementations.
> But it is pretty late in the standardization process to make/request such changes. I’ll leave it to other to judge this.

I don't think we need any mandatory requirement, we have negotiation 
built in. AES-NI does not require GCM though?

I tested GCM with both Chrome and Firefox, found a small bug in the 
latter (which was quickly fixed by you) but other than that it worked 
like charm.

How chrome solves their "stuff bitrotting behind flags forever" is not 
an IETF problem thankfully.