Re: [rtcweb] Require/Suggest AEAD GCM for SRTP

Sean Turner <sean@sn3rd.com> Fri, 12 July 2019 00:07 UTC

Return-Path: <sean@sn3rd.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65C77120155 for <rtcweb@ietfa.amsl.com>; Thu, 11 Jul 2019 17:07:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.704
X-Spam-Level:
X-Spam-Status: No, score=-0.704 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fGqdNmUcoV_g for <rtcweb@ietfa.amsl.com>; Thu, 11 Jul 2019 17:07:19 -0700 (PDT)
Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 837A512011B for <rtcweb@ietf.org>; Thu, 11 Jul 2019 17:07:19 -0700 (PDT)
Received: by mail-qt1-x829.google.com with SMTP id r6so2170974qtt.0 for <rtcweb@ietf.org>; Thu, 11 Jul 2019 17:07:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=from:content-transfer-encoding:mime-version:subject:date:references :to:in-reply-to:message-id; bh=oV/X+d/a2lPVuq6djEvIht5SIkQ5dUR71xuhAxu6T2Y=; b=FXvF5mspL+ULsCK39O1F+kfEV9Eqcl3Y4lshKc+bFOVsGHkZwU0xnUVjA2mbCQJib7 xeb2kkw4P4MFFk4c4gx/AcLM5d31fFqRQfUFYRq2d1tzi1Sq2Jjr08iic46bmgUJEAiu 1P3GLrP8JgJ15dZD5/v/7vNgmeRk3qkAJ6md8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:content-transfer-encoding:mime-version :subject:date:references:to:in-reply-to:message-id; bh=oV/X+d/a2lPVuq6djEvIht5SIkQ5dUR71xuhAxu6T2Y=; b=Y031Nn/lPkbfNgd+b6vGuIcUgf+XFP0C4e/ydRMeuiWeobX7S51QYy09uchzvXxCgv yGFTaeN5oGEX0aiV+AV273WwmgntziNLxCFRnv6MbAeiH98M87bVwUzmOQ/qqbNxJBK3 Z3SPAnYfrDJELv6uED1MYsoZXFvlepCieb/mXw/H0ozO7dhCYPOCI4qEusbWLqMDHO2Q BippD2NIGiR8FoGSk7RWKuUyoAqrvbBSOu0lCpcr5LE++z10RO5+zM1iVD3EPHKgLFap E/BfeVBzujS+Erf4hCxPB5u3Tq6cWw8OEbCUkTgyIr3XC/TnjFA07V6nE2hUczKuYE+x NBfw==
X-Gm-Message-State: APjAAAVZFd9FC8rjmAdVZ5/WaaACFiMkDjAv6TziMITFzrAs5xpgQc+D nCEKhnp5HjdQuyEDaJBMMU2fSaLi
X-Google-Smtp-Source: APXvYqwfnJYFNAUANklD7gyAKs6pWZxS7ripzk6PBtEE18XaRl3iPPexJEQFtrdiCvj7Wr6uOiYVPg==
X-Received: by 2002:ac8:688:: with SMTP id f8mr3988979qth.130.1562890038442; Thu, 11 Jul 2019 17:07:18 -0700 (PDT)
Received: from sn3rd.lan ([75.102.131.36]) by smtp.gmail.com with ESMTPSA id z19sm3114553qkg.28.2019.07.11.17.07.17 for <rtcweb@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 11 Jul 2019 17:07:17 -0700 (PDT)
From: Sean Turner <sean@sn3rd.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 11 Jul 2019 20:07:17 -0400
References: <CA+b7xQtG-PLo8i3ojOs2pmiVbuKU0aFGRMsdQss22rEnqRgybg@mail.gmail.com> <3f1e01bf-1119-a912-2449-1329ee253b00@alvestrand.no>
To: RTCWeb IETF <rtcweb@ietf.org>
In-Reply-To: <3f1e01bf-1119-a912-2449-1329ee253b00@alvestrand.no>
Message-Id: <9C56BC65-852C-406C-B1CB-AB692C25F522@sn3rd.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/VObJ1HDV2l0kDLOs0gl9JFfTVDA>
Subject: Re: [rtcweb] Require/Suggest AEAD GCM for SRTP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jul 2019 00:07:21 -0000

Hi,

I think there’s general consensus that we should be updating the algorithm requirements every couple of years after the specifications are published.  But, we have not yet actually published cluster 238 yet.  We need to get that done first and then we should entertain updates; it is never as easy as one thinks it is to update the MTIs.

spt

> On Jul 11, 2019, at 03:22, Harald Alvestrand <harald@alvestrand.no> wrote:
> 
> Once cluster 238 is published, I'm in favor of looking at the
> mandatory-to-implement ciphersuites in RTCWEB and consider updating
> them. It's been a few years since we went through that exercise.
> 
> I am not in favor of proposing changes to the current documents.
> 
> Den 10.07.2019 20:06, skrev Sean DuBois:
>> Hello,
>> I am Sean DuBois, I work on Pion [0] a 100% Go implementation of
>> WebRTC. I have a user that is trying to do a large deployment, and
>> performance is very important to them. They see a 10x performance
>> improvement when using AEAD GCM for SRTP (thanks to HW acceleration)
>> and is the most obvious improvement we can make.
>> 
>> Having this would be a pretty fantastic improvement for very little
>> work. Especially for weak devices/scaling servers, AES-NI is a huge
>> deal. Also great for security, avoids possible timing attacks from
>> software implementation and just less for developers can mess up when
>> implementing SRTP themselves!
>> 
>> This also should be pretty painless change.
>> * FireFox already supports it
>> * Chromium is just behind a flag [1]
>> * Most other implementations also use libsrtp (where it is already available)
>> * Adding more protection profiles will have zero impact if they aren't
>> supported.
>> 
>> ----
>> I have never been involved with the IETF before, but this seems the
>> best way to push implementations to support it.
>> 
>> [0] https://github.com/pion/webrtc
>> [0] https://bugs.chromium.org/p/chromium/issues/detail?id=713701#c20
>> 
>> _______________________________________________
>> rtcweb mailing list
>> rtcweb@ietf.org
>> https://www.ietf.org/mailman/listinfo/rtcweb
>> 
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb