Re: [rtcweb] Require/Suggest AEAD GCM for SRTP

Sean DuBois <sean@pion.ly> Wed, 10 July 2019 22:27 UTC

Return-Path: <sean@pion.ly>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D95112004F for <rtcweb@ietfa.amsl.com>; Wed, 10 Jul 2019 15:27:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.603
X-Spam-Level:
X-Spam-Status: No, score=-0.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pion-ly.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EfnvZFviSBma for <rtcweb@ietfa.amsl.com>; Wed, 10 Jul 2019 15:27:41 -0700 (PDT)
Received: from mail-wr1-x436.google.com (mail-wr1-x436.google.com [IPv6:2a00:1450:4864:20::436]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C4D0120033 for <rtcweb@ietf.org>; Wed, 10 Jul 2019 15:27:41 -0700 (PDT)
Received: by mail-wr1-x436.google.com with SMTP id n9so4095278wrr.4 for <rtcweb@ietf.org>; Wed, 10 Jul 2019 15:27:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pion-ly.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=TS8guhEExd2CCdoY7KoYWF6fzNqS9esRu9UGc5ohgUs=; b=Ep4m3Unbeb5/7hqdGenLeOMJSXuUe3TprD+O1YqKQnAVTo3yqTGamn/b7PZ3pW+PoX 5w5w81TJjv/1QuTQn/OQR20mZLSSSB+y990Io0so2TfLIu8yAXVL/AASYN69l1TTxH2q q6SnTslTzayC05ZO4A613/gCMzRJKZ1GjAPLabEYHl25R++ohYwd3PTSbyTnLz6ewQ+l meaOLyh8JZNz5iqNU1YzyB/g8QOqEl71rMj3LN5o3phqlIfy8hwyE52W8GbRzTgWsAOo cbgIL3xv/187bh727wnsNSebS3TUx+pIjVMCJzyHzVC7OejKQYV7ZtEMSy6aePHn9KNg r6+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=TS8guhEExd2CCdoY7KoYWF6fzNqS9esRu9UGc5ohgUs=; b=kNFjFmDpoQrFqqfOrxfeM8iGUQvjiPwrO83t20hF1K3pr4bXCg+wX1tA7V5lR0pUkF Gy51YZuyfTsr3UXoCk2Gn4ztOclAXYvUVj4co/dZyt8VVpjs/mri6TyBDtMsrH2C8Gra cMGBn1aOWEPOxeUP/4JaS9AyVEGitvNkq44lYKWI4BaJZ1gDBaeHVaqCbM/Qw0hR7Vye tsFgHQjGlhnOeRfADfXz9W7saEsqpu8uoTviwc1EtPQ6aP0ySslNIxEvABjNlWpGNfSk pVTFwCHba3uWCYHDaEZFRHjh+YAYXV6/8ZJxDMztdUe07UiIzcV6psouIXkhECzx8ldQ BeNQ==
X-Gm-Message-State: APjAAAXdJcWIsoXLDy+2NbIpVyEoazF1SiGIILPhtIgz7cEsifL35TOA /0rOFZBzxGFr1PDvXus0TpE=
X-Google-Smtp-Source: APXvYqysJ7iSzOY4L93Wbw24WUNI6Sm3SsaDM4dRIJyFXLrhA/xk/0h2Rrqw8tuVmcYEvx/shxw4QQ==
X-Received: by 2002:adf:f246:: with SMTP id b6mr44803wrp.92.1562797659921; Wed, 10 Jul 2019 15:27:39 -0700 (PDT)
Received: from 38f9d359441f.ant.amazon.com ([217.158.151.117]) by smtp.gmail.com with ESMTPSA id 91sm6116033wrp.3.2019.07.10.15.27.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 10 Jul 2019 15:27:38 -0700 (PDT)
Date: Wed, 10 Jul 2019 23:28:00 +0100
From: Sean DuBois <sean@pion.ly>
To: Philipp Hancke <fippo@goodadvice.pages.de>
Cc: rtcweb@ietf.org
Message-ID: <20190710222800.cyjvtkek7rbhy72k@38f9d359441f.ant.amazon.com>
References: <CA+b7xQtG-PLo8i3ojOs2pmiVbuKU0aFGRMsdQss22rEnqRgybg@mail.gmail.com> <385683CD-3B17-4A11-8B39-F300FB861964@mozilla.com> <dacfb776-b7bf-c262-03a4-662175e35233@goodadvice.pages.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <dacfb776-b7bf-c262-03a4-662175e35233@goodadvice.pages.de>
User-Agent: NeoMutt/20180716
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/pyoMDBECkz0i_fM_uHZ9QJ_pP5o>
Subject: Re: [rtcweb] Require/Suggest AEAD GCM for SRTP
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2019 22:27:43 -0000

On Wed, Jul 10, 2019 at 10:20:24PM +0200, Philipp Hancke wrote:
> Am 10.07.19 um 20:25 schrieb Nils Ohlmeier:
> <snip/>
>
> > As Firefox supports GCM already I’m in favor of adding it to the spec.
> >
> > AFAIK GCM support in Chrome is behind a flag because they ran into some interop issues with early GCM implementations.
> >
> > But it is pretty late in the standardization process to make/request such changes. I’ll leave it to other to judge this.
>
> I don't think we need any mandatory requirement, we have negotiation built
> in. AES-NI does not require GCM though?
Agree! I do get hw-accel right now when encrypting, but it is the HMAC-SHA1
for the authentication tag that takes up most of the time.

Lots of calls to HMAC-SHA1 for both send/recv

I don't know libsrtp well enough, but I assume the situation is the same?

>
> I tested GCM with both Chrome and Firefox, found a small bug in the latter
> (which was quickly fixed by you) but other than that it worked like charm.
>
> How chrome solves their "stuff bitrotting behind flags forever" is not an
> IETF problem thankfully.
I am happy to help with this case! I am just hoping if I go the
IETF route. It will make it easier to get things merged/enabled in projects.