IETF Logo Mail Archive

Re: [rtcweb] Mandating encryption of RTP header extensions for MID and RID SDES items

"Cullen Jennings (fluffy)" <fluffy@cisco.com> Fri, 14 October 2016 13:08 UTC

Return-Path: <fluffy@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3DF912948B for <rtcweb@ietfa.amsl.com>; Fri, 14 Oct 2016 06:08:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -117.517
X-Spam-Level:
X-Spam-Status: No, score=-117.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2aG3rsuaOqm9 for <rtcweb@ietfa.amsl.com>; Fri, 14 Oct 2016 06:08:07 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36BE81295E8 for <rtcweb@ietf.org>; Fri, 14 Oct 2016 06:08:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3196; q=dns/txt; s=iport; t=1476450487; x=1477660087; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=negfruZCNDm6eiMEI32vVF4w+UBauj0NyWqbhWkGlB4=; b=axQubKDnveXEUCKuim0byQ7hUzzmfxgdGk/S9Gm72+oJSDYnztzGrIQz SUMxUHqXxCOPXLsbLQ9OPDWrB3IJFZimjiKL9Q+JpXOHkC+sUw1TOhgdE WvLJR5+6zStFSa111EPMAjI1VsKwIJvojJ1mKISmftjBPJPicOA+2jc7u s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ATAQAL2ABY/4YNJK1cGQEBAQEBAQEBAQEBBwEBAQEBgzwBAQEBAR2BUweNLZcFkimCD4IIhiICgg44FAECAQEBAQEBAV4nhGEBAQEDAXkFCwIBCBguMiUCBA4FiEoIwwoBAQEBAQEBAQEBAQEBAQEBAQEBAQEdiDoIglCER4Mwgi8FmgYBj3+BboRniSCMeYN+AR42UoJ6HBmBOnKHNYEAAQEB
X-IronPort-AV: E=Sophos;i="5.31,493,1473120000"; d="scan'208";a="159918211"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by rcdn-iport-5.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 14 Oct 2016 13:08:06 +0000
Received: from XCH-RTP-005.cisco.com (xch-rtp-005.cisco.com [64.101.220.145]) by alln-core-12.cisco.com (8.14.5/8.14.5) with ESMTP id u9ED86Eq029555 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 14 Oct 2016 13:08:06 GMT
Received: from xch-rtp-004.cisco.com (64.101.220.144) by XCH-RTP-005.cisco.com (64.101.220.145) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Fri, 14 Oct 2016 09:08:05 -0400
Received: from xch-rtp-004.cisco.com ([64.101.220.144]) by XCH-RTP-004.cisco.com ([64.101.220.144]) with mapi id 15.00.1210.000; Fri, 14 Oct 2016 09:08:05 -0400
From: "Cullen Jennings (fluffy)" <fluffy@cisco.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Thread-Topic: [rtcweb] Mandating encryption of RTP header extensions for MID and RID SDES items
Thread-Index: AQHSJX1b6MtzUuyRZUS84VuzdzWIraCn4VEAgABOwoA=
Date: Fri, 14 Oct 2016 13:08:05 +0000
Message-ID: <3C0E8E83-3623-4D5C-A093-B26981F13477@cisco.com>
References: <e536bad2-08b1-4f77-8c75-6bc3b639c398@ericsson.com> <998B7677-E967-45B0-8FE5-FD71930C380F@cisco.com> <dca597f3-e23a-3dc6-f0e0-5c588729d7e1@ericsson.com>
In-Reply-To: <dca597f3-e23a-3dc6-f0e0-5c588729d7e1@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.44.242]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <FAF6FA0D4F0E5047A3999D3CE2552FAA@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/rtjUucAczJzojlomuE9UtVLI-qc>
Cc: RTCWeb IETF <rtcweb@ietf.org>
Subject: Re: [rtcweb] Mandating encryption of RTP header extensions for MID and RID SDES items
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2016 13:08:09 -0000

> On Oct 14, 2016, at 2:26 AM, Magnus Westerlund <magnus.westerlund@ericsson.com> wrote:
> 
> Den 2016-10-13 kl. 20:12, skrev Cullen Jennings (fluffy):
>> 
>> I think this is huge complexity that is not currently supported and
>> not needed. How about we generate the RID such that the RID for the
>> n'th m line is n. Or generate it as a random number. Do you see any
>> problem with this?
>> 
>> I think this removes all the fingerprinting issues. I'm fine with
>> advice that say how to generate the RID in a way that is privacy
>> sensitive but I'm not a fan of making RID require support for RTP
>> header encryption.
>> 
> 
> So, let disregard the fingerprinting issue for now. It is clear that I am in the rough and that this whole issue would benefit from a broad review on what we leak when using ICE and RTP/RTCP.

That broad review was largely done as part of PERC. 

> 
> What I don't understand here is that people have argued and agreed that we should encrypt the RTP and RTCP packets per default. Then when we comes to RTP header extensions we are no longer ready to provide that protection per default by ensuring RFC6904 implementation support. So RID and MID may not be the most sensitive fields if it has well constructed values. Then we have the audio level extensions where Client to mixer is RECOMMENDED to be implemented and REQUIRES RFC6904.

So the audio levels are recommended in WebRTC but this MID stuff is a very generic mechanism that will like be broadly used to deal with RTP lack of extensibility of size PT space. Lot of stuff does not implement audio levels and some stuff that implements it does not encrypt it. The 6904 mechanism is not exactly elegant, not easy to implement, and doubles the size the headers which is not great for audio. I think it is fair to say we might do it differently if doing it over again. 

> 
> So what is the issue, is it that you currently lack RFC6904 implementations, and thus this require more implementation work, or are there additional reasons for wanting to expose this information?

Yes this adds needless security complexity that people don't see the value in thus it becomes difficult to convince implementors to do it.

> 
> To conclude, I personally think default usage of RFC6904 on header extensions would be a good thing. I currently see no reasons for changing the requirements that RFC 7941 puts on WebRTC, forcing the usage of RFC6904 encryption. If you want to something else, please provide a proposal for what that alternative would be.

Originally MID was not a SDES items, I'd propose just moving it back to a normal RTP Header. In looking at trying to use this in deployments, it's hard to see what value transporting it in RTCP as well as RTP provided.  When that was originally proposed, I don't think anyone realized that mean encrypting it and did not really care if it was normal or SDES as it was about the same work. But if SDES means it needs to be encrypted, then I think we need to reconsider that. 


> 
> Cheers
> 
> Magnus Westerlund
>

v2.23.0 | Report a Bug | By Email