Re: [rtcweb] Mandating encryption of RTP header extensions for MID and RID SDES items
Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 10 October 2016 09:05 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1EB3C129469 for <rtcweb@ietfa.amsl.com>; Mon, 10 Oct 2016 02:05:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OqDQvemxEezb for <rtcweb@ietfa.amsl.com>; Mon, 10 Oct 2016 02:05:27 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16D0E1294BA for <rtcweb@ietf.org>; Mon, 10 Oct 2016 02:05:26 -0700 (PDT)
X-AuditID: c1b4fb25-14bff7000000793b-58-57fb59d49eb5
Received: from ESESSHC006.ericsson.se (Unknown_Domain [153.88.183.36]) by (Symantec Mail Security) with SMTP id 2D.8D.31035.4D95BF75; Mon, 10 Oct 2016 11:05:25 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.38) with Microsoft SMTP Server id 14.3.319.2; Mon, 10 Oct 2016 11:05:24 +0200
To: Christer Holmberg <christer.holmberg@ericsson.com>, "Mo Zanaty (mzanaty)" <mzanaty@cisco.com>, Bernard Aboba <bernard.aboba@gmail.com>
References: <e536bad2-08b1-4f77-8c75-6bc3b639c398@ericsson.com> <B6ECFC24-F28E-4E35-9437-B7DACB41EF69@iii.ca> <DD1447CA-29F2-44FF-B08F-3CC0814C9748@gmail.com> <E772E39B-80FA-4C82-901F-CE1DBE750027@cisco.com> <7594FB04B1934943A5C02806D1A2204B4BD3D9C8@ESESSMB209.ericsson.se>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <51176963-4334-ace3-4bc3-cba9c4121379@ericsson.com>
Date: Mon, 10 Oct 2016 11:05:21 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B4BD3D9C8@ESESSMB209.ericsson.se>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrHLMWRmVeSWpSXmKPExsUyM2K7iu7VyN/hBiu6JC027PvPbPHiwRwm i7X/2tkdmD2m/N7I6rFz1l12jyVLfjIFMEdx2aSk5mSWpRbp2yVwZcxpnM1YsF6oYv/HWawN jE/4uhg5OSQETCRWHPvJ1MXIxSEksJ5R4vaVNkYIZzmjxLFfRxlBqoQFEiR+zfkAlhAR6GGU 2H94HStIQkhgJpPEqjWRIDazgKLEl+Xz2UBsNgELiZs/GsFsXgF7iSdb7jOB2CwCqhIrDm4G 6xUViJG4/uwRVI2gxMmZT1hAbE4BP4kzj76wdzFyAM20l3iwtQxivLxE89bZzBBrtSUamjpY JzAKzELSPQuhYxaSjgWMzKsYRYtTi5Ny042M9VKLMpOLi/Pz9PJSSzYxAkP14JbfqjsYL79x PMQowMGoxMO7oPVXuBBrYllxZe4hRgkOZiUR3j0hv8OFeFMSK6tSi/Lji0pzUosPMUpzsCiJ 85qtvB8uJJCeWJKanZpakFoEk2Xi4JRqYIzsaum5VPp1yprkMqPK3aKVN+4Hy52azsAlKJfx Z+ks/fUxq8Wa772reC8mMcVuTehKi8srO/LSzK8vVGSuvDOl0vLur1iHKqVUxfvCC27fnOy8 8XZlzQGHT6dmG5tPPpD23if2XfRcI47Ldp48T7N8mybn7ZT2bkloLg3rvNtd8PxUypM7vkos xRmJhlrMRcWJAF6e1f5RAgAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/dg9xCetx6DGV_wRzK4BLkpBe6HE>
Cc: RTCWeb IETF <rtcweb@ietf.org>
Subject: Re: [rtcweb] Mandating encryption of RTP header extensions for MID and RID SDES items
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Oct 2016 09:05:29 -0000
Den 2016-10-09 kl. 12:24, skrev Christer Holmberg: > Hi, > > On the MMUSIC list Jonathan L informed the community about the following text in RFC 7904 (SDES header extensions): > > "In RTP sessions where any type of confidentiality protection is > enabled for RTCP, the SDES item header extensions MUST also be > protected." > > So, *IF* we assume that "any type of confidentiality protection" is enabled for RTCP, I guess the answer is pretty clear, or? > Yes, from my perspective this is settled. RFC 7904 forces encryption of the MID value in an WebRTC context. If the RTCWeb WG do not agree with this, then it needs to work on changing RFC 7904. I do not support chaning that RFC's conclusion that information that is protected in RTCP needs to be protected also in RTP headers. When it comes to the information leakage and the fingerprinting possibilities of SSRCs, PTs etc, it is present and getting worse in multi-stream systems. So when you had a single media stream per endpoint and that used a random SSRC and one PT value during the life-time of the RTP session, there is very little information leakage here. The codec possibly leaks through PT, but the packet length, at least for audio leaks that information anyway. However, when one starts to have a endpoint that uses multiple media streams, and certain configurations of RTX and FEC, then the publicly visable fingerprinting surface from RTP streams goes up. Now both implementation choices as well as device hardware configurations starts to show in the unencrypted RTP headers. So MID and RID is one additional parameter that increases the potential for fingerprinting here. So what is the reason given that we protect the RTP payload and the RTCP packets with encryption, to not also protected the RTP header extensions? Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [rtcweb] Mandating encryption of RTP header exten… Magnus Westerlund
- Re: [rtcweb] Mandating encryption of RTP header e… Cullen Jennings
- Re: [rtcweb] Mandating encryption of RTP header e… Bernard Aboba
- Re: [rtcweb] Mandating encryption of RTP header e… Mo Zanaty (mzanaty)
- Re: [rtcweb] Mandating encryption of RTP header e… Christer Holmberg
- Re: [rtcweb] Mandating encryption of RTP header e… Magnus Westerlund
- Re: [rtcweb] Mandating encryption of RTP header e… Cullen Jennings (fluffy)
- Re: [rtcweb] Mandating encryption of RTP header e… Cullen Jennings
- Re: [rtcweb] Mandating encryption of RTP header e… Christer Holmberg
- Re: [rtcweb] Mandating encryption of RTP header e… Magnus Westerlund
- Re: [rtcweb] Mandating encryption of RTP header e… Cullen Jennings (fluffy)
- Re: [rtcweb] Mandating encryption of RTP header e… Jonathan Lennox
- Re: [rtcweb] Mandating encryption of RTP header e… Magnus Westerlund
- Re: [rtcweb] Mandating encryption of RTP header e… Christer Holmberg
- Re: [rtcweb] Mandating encryption of RTP header e… Christer Holmberg