Re: [rtcweb] SRTP requirement - wiretapping (Re: Let's define the purpose of WebRTC)

Randell Jesup <> Thu, 10 November 2011 08:02 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 9B1DE1F0C48 for <>; Thu, 10 Nov 2011 00:02:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.561
X-Spam-Status: No, score=-2.561 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3SKAppRxXcEg for <>; Thu, 10 Nov 2011 00:02:52 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 09EF91F0C44 for <>; Thu, 10 Nov 2011 00:02:51 -0800 (PST)
Received: from ([] helo=[]) by with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from <>) id 1ROPb1-00013H-6M for; Thu, 10 Nov 2011 02:02:51 -0600
Message-ID: <>
Date: Thu, 10 Nov 2011 03:02:12 -0500
From: Randell Jesup <>
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
References: <> <> <> <> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname -
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain -
Subject: Re: [rtcweb] SRTP requirement - wiretapping (Re: Let's define the purpose of WebRTC)
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 10 Nov 2011 08:02:52 -0000

On 11/10/2011 12:24 AM, Eric Rescorla wrote:
> On Wed, Nov 9, 2011 at 9:19 PM, Ravindran, Parthasarathi
> <>  wrote:
>> Eric,
>> I agree with you about performance in case of desktop as I'm able to execute Skype video call and other application simultaneously without any performance impact. AFAIK in case of telepresence or equivalent endpoint, it requires the special hardware to encrypt/decrypt the whole bunch of media from it. WebRTC browser could be executed on any of these kind of endpoint as well.
> I'd be interested in any measurements you have to offer here.
> My Macbook Air does on the order of 100 MB/s of AES-128
> on a single core. What's the bandwidth of a telepresence
> system?

I don't have a good benchmark source, but stuff I'm seeing rooting 
around implies that tablet/phone cores like Tegras with AES accelerators 
can run AES-128 at somewhere in the <16MB/s rate, rather lower (1/2?  
1/4? 1/10?) on the CPU (which is likely what we'd be using).    These 
are horribly rough numbers, and might even be optimistic.

If we're down in low single-digit MB/s AES in SW, we might be using a 
noticeable amount of CPU (5, 10%, more) on a tablet or phone in some use 
cases (where we might be pushing around a few 1Mbps streams).

I should note that I don't feel that's likely to influence my opinion; I 
don't think performance on the browser/phone is a significant reason to 
make it optional.  Performance on a low-end webrtc "PBX" box or media 
gateway or mixing server handling a lot of these streams - maybe.  I'm 
not including dedicated custom SBC-like solutions; I'm assuming generic 
HW or cloud services used by a website/service.  But making SRTP 
optional-to-use is fraught with dangers of bid-down attacks; we would 
need to be sure that reducing costs for some services (and thus users) 
doesn't endanger other users.

Randell Jesup