[secdir] [new-work] WG Review: Secure Media Frames (sframe)
The IESG <iesg@ietf.org> Thu, 22 October 2020 16:14 UTC
Return-Path: <new-work-bounces@ietf.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 47C2F3A0A0B; Thu, 22 Oct 2020 09:14:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1603383287; bh=XZlCS0YoijU26cf53E8BouYt2MetMRMQFXBaAjv/lYA=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=NXzAv5yAaAWvLoHIUcez+7EE+67VgDX4KO6m7jRlejpA/seiZwFM9praX+gTKrTzE 9sOxpeSjZxE/s3hXeOrzLDjDwwOlSaTOMjwEjSPLtt6PtUgmBwZoxnkU5IgEF89zjC 8+vSpYnww1l5QFRbzh8qu8JzbbGSMdxtUrcDY0YU=
X-Mailbox-Line: From new-work-bounces@ietf.org Thu Oct 22 09:14:41 2020
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 83CF23A0905; Thu, 22 Oct 2020 09:14:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1603383268; bh=XZlCS0YoijU26cf53E8BouYt2MetMRMQFXBaAjv/lYA=; h=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:Reply-To; b=m3pvzsv+7VubN3CJHwHE5daG98gozrkviBbrtcHB+GBcX1rjzIgaZQfzE9zNSRf9I bJf6t7JFOXX4X1N1xhpHqRjdEFQmSSM/AtJ9STRGH4K3Gt79cjYZaqYPLq0jP0rd5E 15hMK2v2Z5F5fpJGLgPdMdy19ifSxXMhyHieo4Ko=
X-Original-To: new-work@ietf.org
Delivered-To: new-work@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 51D703A07DB for <new-work@ietf.org>; Thu, 22 Oct 2020 09:14:22 -0700 (PDT)
MIME-Version: 1.0
From: The IESG <iesg@ietf.org>
To: new-work@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.20.0
Auto-Submitted: auto-generated
Precedence: bulk
MIME-Version: 1.0
Reply_to: <iesg@ietf.org>
Message-ID: <160338326232.22717.6626095824085592126@ietfa.amsl.com>
Date: Thu, 22 Oct 2020 09:14:22 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/new-work/_Qqiee8dZEI7Oo7PVX0IirlG_7Q>
X-BeenThere: new-work@ietf.org
X-Mailman-Version: 2.1.29
Reply-To: iesg@ietf.org
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: new-work-bounces@ietf.org
Sender: new-work <new-work-bounces@ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/scyj6-giKMPKpJQRGD_O-66126c>
X-Mailman-Approved-At: Thu, 22 Oct 2020 09:30:01 -0700
Subject: [secdir] [new-work] WG Review: Secure Media Frames (sframe)
X-BeenThere: secdir@ietf.org
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2020 16:14:53 -0000
A new IETF WG has been proposed in the Applications and Real-Time Area. The IESG has not made any determination yet. The following draft charter was submitted, and is provided for informational purposes only. Please send your comments to the IESG mailing list (iesg@ietf.org) by 2020-11-01. Secure Media Frames (sframe) ----------------------------------------------------------------------- Current status: Proposed WG Chairs: TBD Assigned Area Director: Murray Kucherawy <superuser@gmail.com> Applications and Real-Time Area Directors: Barry Leiba <barryleiba@computer.org> Murray Kucherawy <superuser@gmail.com> Mailing list: Address: sframe@ietf.org To subscribe: https://www.ietf.org/mailman/listinfo/sframe Archive: https://mailarchive.ietf.org/arch/browse/sframe/ Group page: https://datatracker.ietf.org/group/sframe/ Charter: https://datatracker.ietf.org/doc/charter-ietf-sframe/ Real-time conferencing sessions increasingly require end-to-end protections that prevent intermediary servers from decrypting real-time media. The PERC WG developed a “double encryption” scheme for end-to-end encryption that was deeply tied to SRTP as its underlying transport. This entanglement has prevented widespread deployment. This working group will define the SFrame secure encapsulation to provide authenticated encryption for real-time media content that is independent of the underlying transport. The encapsulation will provide the following information to configure the authenticated encryption for each encryption operation: * Selection among multiple encryption keys in use during a real-time session * An algorithm for forming a unique nonce within the scope of the key based on information in the encapsulation framing The SFrame specification will detail the specific security properties that the encapsulation provides, and discuss their implications under common usage scenarios / threat models. The transport-independence of this encapsulation means that it can be applied at a higher level than individual RTP payloads. For example, it may be desirable to encrypt whole frames that span multiple packets in order to amortize the overhead from framing and authentication tags. It may also be desirable to encrypt units of intermediate size (e.g., H.264 NALUs or AV1 OBUs) to allow partial frames to be usable. The working group will choose what levels of granularity can be configured in the protocol. An application using SFrame will need to configure several aspects of its operation, for example: * Selecting whether SFrame is to be used for a given media flow * Specifying which encryption algorithm should be used * Provisioning keys and key identifiers to endpoints * Selecting the granularity at which SFrame encryption is applied (if this is configurable) This working group, however, will not specify the signaling required to configure SFrame encryption. In particular, considerations related to SIP or SDP are out of scope. This is because SFrame is intended to be applied as an additional layer on top of the base levels of protection that these protocols provide. This working group will, however, define the guidance for how SFrame interacts with RTP (e.g., with regard to packetization, depacketization, and recovery algorithms) to ensure that it can be used in environments such as WebRTC. Other WebRTC changes such as the payload format and metadata format will be addressed by the AVTCORE working group. It is anticipated that several use cases of SFrame will involve its use with keys derived from the MLS group key exchange protocol. The working group will define a mechanism for doing SFrame encryption using keys from MLS, including, for example, the derivation of SFrame keys per MLS epoch and per sender. Input to the WG Proposals already existing relating to this charter proposal: https://datatracker.ietf.org/doc/html/draft-omara-sframe-00 Milestones: Jun 2021 - Submit SFrame specification to IESG (Standards Track) _______________________________________________ new-work mailing list new-work@ietf.org https://www.ietf.org/mailman/listinfo/new-work