[rtcweb] Require/Suggest AEAD GCM for SRTP
Sean DuBois <sean@pion.ly> Wed, 10 July 2019 18:06 UTC
Return-Path: <sean@pion.ly>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E4B8120626 for <rtcweb@ietfa.amsl.com>; Wed, 10 Jul 2019 11:06:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.602
X-Spam-Level:
X-Spam-Status: No, score=-0.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pion-ly.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pl1QbqU5CWu8 for <rtcweb@ietfa.amsl.com>; Wed, 10 Jul 2019 11:06:25 -0700 (PDT)
Received: from mail-pg1-x530.google.com (mail-pg1-x530.google.com [IPv6:2607:f8b0:4864:20::530]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 368071205CD for <rtcweb@ietf.org>; Wed, 10 Jul 2019 11:06:12 -0700 (PDT)
Received: by mail-pg1-x530.google.com with SMTP id q4so1604562pgj.8 for <rtcweb@ietf.org>; Wed, 10 Jul 2019 11:06:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pion-ly.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=b117qXXF4Ejqcn3OJ9QrXjFPFgFEjw6MO75OFVvTGEw=; b=cAF9ILkUftXQr++nKwnuMsZekGvBNp27OlL7zWjU/nQc47L8C/OYnE/sI5poCO4KUb /e/miywMbtR5iGmyPDeGe1/2hXP68vacOSLNPIhOtotJVL4bUJR+Fg+j2xpaLSyY+fI3 5ZTZCiazRHrm9YllaRUXwu1nbprWNhx+a4RArUoIXInjd9mpPHVLfaGsU9LAIsHfAd8Y B750Lccky0/MiWwZSrQoQiYiuSIhqktnWfebqOBrj2q9yL8V76eQ9LHwSQobtl8UA1MY rzbXZVAwepiR/JxKDauSW298SVC6UTx5fu3Xwp7SQaO9WIwBbTNHqv37oTot/OBGbMtC XUzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=b117qXXF4Ejqcn3OJ9QrXjFPFgFEjw6MO75OFVvTGEw=; b=ZqPBkc4qSQV8d9keK4ztwoK0rsVcAEfwyNgTY1flVzCemKp2RtKnieqqsCP04gNCow b2tocFo3nDrZHAuPHmuxSqWl6W2p2MYEiucADTBtr5mA8qCn2BfZXBjMy9OVx69J0jKA 8UZPgP/6sMRjfnnxnpThMLNYamkFgHdZXLS+2XbQBYI4ijOnErO4ci2FzRtWVmUbeCEs /REUQKAb2QUHLdL1uBhC5mpPFhT/TtwTSrANYXrEim+rKEaEN0oZ0qWY2WwJEnyjWvtZ o2TLwYGVyGUuw7PaQqEBMmdCS3MBBe5Cx+HQYQlrK/zSvcfM2a7HkF63KoM/oNAmd5vQ WQVQ==
X-Gm-Message-State: APjAAAWpaTvP0ntdu3fIjiv9dRa8aSNsRk9bTDetnxqgdmesGXjWWufy Tjh6LeL81vVJXr/VPCmuKiQ0rSUWhznMg6JwX5xfMGuh2r4YPQ==
X-Google-Smtp-Source: APXvYqxIdgn7JTH1ZU9TkGHCWpCNWNMeSRA7xfQo7uFTy2sklrpzBCeWHMGd6I+/7KbCfjEgUFq3wForuBls0ujm0GE=
X-Received: by 2002:a65:4cc4:: with SMTP id n4mr39752705pgt.307.1562781971251; Wed, 10 Jul 2019 11:06:11 -0700 (PDT)
MIME-Version: 1.0
From: Sean DuBois <sean@pion.ly>
Date: Wed, 10 Jul 2019 19:06:22 +0100
Message-ID: <CA+b7xQtG-PLo8i3ojOs2pmiVbuKU0aFGRMsdQss22rEnqRgybg@mail.gmail.com>
To: rtcweb@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/LDG-MKnEe64G-ReMsLv86TOnKRE>
Subject: [rtcweb] Require/Suggest AEAD GCM for SRTP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 18:07:52 -0000
Hello, I am Sean DuBois, I work on Pion [0] a 100% Go implementation of WebRTC. I have a user that is trying to do a large deployment, and performance is very important to them. They see a 10x performance improvement when using AEAD GCM for SRTP (thanks to HW acceleration) and is the most obvious improvement we can make. Having this would be a pretty fantastic improvement for very little work. Especially for weak devices/scaling servers, AES-NI is a huge deal. Also great for security, avoids possible timing attacks from software implementation and just less for developers can mess up when implementing SRTP themselves! This also should be pretty painless change. * FireFox already supports it * Chromium is just behind a flag [1] * Most other implementations also use libsrtp (where it is already available) * Adding more protection profiles will have zero impact if they aren't supported. ---- I have never been involved with the IETF before, but this seems the best way to push implementations to support it. [0] https://github.com/pion/webrtc [0] https://bugs.chromium.org/p/chromium/issues/detail?id=713701#c20
- [rtcweb] Require/Suggest AEAD GCM for SRTP Sean DuBois
- Re: [rtcweb] Require/Suggest AEAD GCM for SRTP Nils Ohlmeier
- Re: [rtcweb] Require/Suggest AEAD GCM for SRTP Philipp Hancke
- Re: [rtcweb] Require/Suggest AEAD GCM for SRTP Sean DuBois
- Re: [rtcweb] Require/Suggest AEAD GCM for SRTP Justin Uberti
- Re: [rtcweb] Require/Suggest AEAD GCM for SRTP Martin Thomson
- Re: [rtcweb] Require/Suggest AEAD GCM for SRTP Harald Alvestrand
- Re: [rtcweb] Require/Suggest AEAD GCM for SRTP Sean DuBois
- Re: [rtcweb] Require/Suggest AEAD GCM for SRTP Sean Turner
- Re: [rtcweb] Require/Suggest AEAD GCM for SRTP Martin Thomson