Re: [Sframe] [dispatch] SFRame Next Steps (was SFrame proposed WG charter)

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 06 August 2020 08:56 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A4B83A1023; Thu, 6 Aug 2020 01:56:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.102
X-Spam-Level:
X-Spam-Status: No, score=-2.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yWXSfCgTIRjy; Thu, 6 Aug 2020 01:56:21 -0700 (PDT)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50081.outbound.protection.outlook.com [40.107.5.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6593A3A100E; Thu, 6 Aug 2020 01:56:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FqPjg/0qOOqMFXn9vN4FWvn+4z5BbQvzJZZIE0iMOImyOxuumFfEvWXt4MPcDiB3Go9sYwfBRWcxVSrggt1luITBN68YjfDwe8C/Rgxm8h8CePCNLB1daYCAVG7sWddB03BC84b3BJW/4vvOFYjqQ2DHRxlUgpbCIRmx4xzjrBSFrS6KtbmecC3pBe2Jvzl0arpeMb4kxRlxvfkwVGaiH8HMiZ62lWMHjHmPVE9qSobbvr3qhY/Cee/XN31x4cruFqABk7v1uCOkSNrarJPJ8PHrL0mTodHeJ8kxi64S3kSOFao8f/1cmY7e1Mq8MaqQI86sRcvXw+ZsIIvmUnr0DQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GDtl7CvHPnlatE0xz7l+7Sa2+7uglgohhOPkiz/GJfI=; b=hTh1LtUF0sr1uLozdeFCIe3LFPOYond4SaX76yD1GsB1u9Mj4MuPWMrt+MtvFLqV/6EHUIdBsJ2KqY0WSX7bdtcgByCiE3ErDdD/80J3AVQLPUOA2MKjE7LNn0USS3yuYjREZNDtp5kk1bw+EaUf+LEZa0j7VYgp1rL0wlRx9Q6zdAupaJGHowcpKTWc4ZvB/+fYUVx4lAVuvB9j0FjJQ8QfFI7UYSFBtyxmadc6vMKGskz0auAusFpeWpTe549uc8Xvim+yjPSv8LRRWqPxWG+YG3ykV1G+5lkNtZ7EpQUr1dgSthbh02C5DtrzQjseUxnz4xXVYHOH4WWygnU6Yw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GDtl7CvHPnlatE0xz7l+7Sa2+7uglgohhOPkiz/GJfI=; b=MHps0eehZEPk4VeErNZjEao063LsmWgrp8JF8g9jcT/PCr4MbQyGBKli9mtFglp8pjhmgNg3GHt9DmqPnVB4xJU4bXIBlW7ANrt12dtutxgkBwSL0F7tHcNwQ+jWIXfofWiEY7SM8XLwB2qfb1S12CmlzELLOYZG4kqPlqmyY0Y=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR07MB3098.eurprd07.prod.outlook.com (2603:10a6:7:38::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.14; Thu, 6 Aug 2020 08:56:17 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::d95a:be8:b97b:582d]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::d95a:be8:b97b:582d%5]) with mapi id 15.20.3261.016; Thu, 6 Aug 2020 08:56:17 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "ben@nostrum.com" <ben@nostrum.com>, "rlb@ipv.sx" <rlb@ipv.sx>, "sergio.garcia.murillo@gmail.com" <sergio.garcia.murillo@gmail.com>
CC: "dispatch@ietf.org" <dispatch@ietf.org>, "sframe@ietf.org" <sframe@ietf.org>, "emadomara@google.com" <emadomara@google.com>
Thread-Topic: [dispatch] SFRame Next Steps (was SFrame proposed WG charter)
Thread-Index: AQHWa2UvSRWiVT7MukOqMgZDT9IOv6kqyBeA
Date: Thu, 6 Aug 2020 08:56:16 +0000
Message-ID: <771e108a9f25c1bec04d5fcdad58eb55bbb1533d.camel@ericsson.com>
References: <CAHo7dC91bvRHiYuRT63uJ=HeuFU9L7XXqTcG+za5xi_BbQ0G2w@mail.gmail.com> <E2072219-1B6E-4444-A39C-287842783DBF@nostrum.com> <CAL02cgT13rEnvaB9TFMci=N8OqO35qKHthPHhMCvAccZWhCu-Q@mail.gmail.com> <ca0a7472a86cf53c78779f6153a80dc096acc4e8.camel@ericsson.com> <69181ed1-d72a-99de-8b4d-9e10276ced91@gmail.com>
In-Reply-To: <69181ed1-d72a-99de-8b4d-9e10276ced91@gmail.com>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: nostrum.com; dkim=none (message not signed) header.d=none;nostrum.com; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [98.128.243.14]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 66917b51-16bc-4812-d73b-08d839e69495
x-ms-traffictypediagnostic: HE1PR07MB3098:
x-microsoft-antispam-prvs: <HE1PR07MB3098EA79E358FE0B7BF16B8395480@HE1PR07MB3098.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tYJ12woz666PCayrUtgEvmMEzfBbhX5ZkqXZKGeLiW8SX2q4IFpiZl+S2CGjW47uACIVqCMRZKAA22JXTon3WEBmqRQXAk3V7QoEconHrC+ucrh3cr4mpKoSDwuv3gdOlTM6DR1TeGxPjAljbvP3+0OkY2AH3sxZQacLivsDahqMxdIFHK35JloxLV7q2+zOefFMtWML/atID/bOPW8faRBRZcm3eU50O8KoR3lpRYrPX/1JGI1Gi1G+W6pk/mxlaKaMRafZNy7lbUuHaKvbCI35Mu7wVT1KhY/ZQvEV8a0YwF3zMLh93T79AWMyzzpkhsA/vt/zL8/2TqdfgJvFBpXbShhxnaZWw61taA32wG24JoS9MwM9J41hXk9biSxY
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(346002)(396003)(136003)(376002)(39860400002)(366004)(2906002)(71200400001)(8676002)(6512007)(5660300002)(36756003)(26005)(66446008)(8936002)(66476007)(66556008)(64756008)(186003)(76116006)(66946007)(2616005)(54906003)(6506007)(478600001)(83380400001)(6486002)(44832011)(86362001)(110136005)(316002)(4326008)(99106002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: NDeoNyXkAvYIAWVhVrmjmAZEluGUZ3vm3J/IxCtdPyKkxKnl8BBNY1QokHTwLef5rpKUy+9BC14JQPqWnh5KTur7xNTNAEGbOL8qyGcUfcBrFCcTa978tuitc/lhFvGAoGTaSGGfQpJXVzm9VCXoCMk4DnaPCOciEIz7mSxvjZ6F3uBI+aoF57W0z+7rwHT/f17c1AmUl4PvxUCUEQ46YZaqTPJKQY7S9+uDGMWTMz5ACOxzjkLYdMc+b2xsLsA70JEvXQ1d7xrAlLd8kyuERWof75ysY/yBOvks7RnisKNIoBTUlxb8lG0GyPxD8QfiYfUp20Xyoaph4YEhFVLVsxgUuRup/Dm5XsuTWHr0/iaExasU9z3kGI0rfgRBOyBarAHMCjwr81Y1+9aB5A592lNRv869cwmoissWJpRPwHoT4u3f+BJdxI5P9cp8oqVNCm66Cyj4cdltIq2VCHzUoSnuo+4Z6r7gaCTjEdPmBJHPqByd01uiDjRWWrj/QzQRjx6iSpt23NmLu6ujuJQeQNQKyIfrJzEy10p5bKoqcPS1d89C7CXLONhLV33NO8pNTScvvdzv0mo5cA1nSfHKy6BP8bX5JXSGdujtGGez5XEizlDcLzyQmnxFTsEFSjy6ffYH9en9Ts6LBdWqP+98jw==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <DF50F6C6F0C9124BB9E03337C59C2C5B@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 66917b51-16bc-4812-d73b-08d839e69495
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2020 08:56:16.9645 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: R2CrkpUDhINf+RtFCLXoPNDuzvUihloAe/wLtg4AU+r+g5P6BKtiDA+tq2Xb2T3J6EOItwaRZxgpXEUWWCSmtQtMiZgOsYlDkeFIWsM4Am8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3098
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/1e68pirXTQePsvZ5ebMCivOn1iQ>
Subject: Re: [Sframe] [dispatch] SFRame Next Steps (was SFrame proposed WG charter)
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2020 08:56:22 -0000

Hi,

On Wed, 2020-08-05 at 22:15 +0200, Sergio Garcia Murillo wrote:
> But shouldn't the "delayed media" attack still be transport agnostic? I 
> mean, this can happen on QUIC and WebRTC SFUs.

Sorry if I gave the impression that it is not transport agnostic. It is use case
dependent, any use case that isn't point to point, where there is more than one
entity that can intentionally remove SFRAME creating gaps in the SFRAME
sequence. In a point to point scenario one can correlate transport losses with
SFRAME gaps to know give a reasonably strong mitigation against any third party
removing SFRAMEs or delaying them. That is much harder in a centralized
conference with one or more SFU.

> 
> Anyway, I agree that while SFrame is transport agnostic, the chapter 
> should not ignore the interactions with webrtc/quic and we must ensure 
> that we provide a complete working solution regardless of the transport. 
> If we identify that any further working items are required for a 
> particular transport, we should at liaise with the appropriate working 
> group for providing a solution.

My main point is that SFRAME actually needs to discuss the threat model for the
use cases it intendes to solve. And the mitigation can potentially include
functionality on the transport level. But the risks to media security in
centralized conferencing needs to be discussed. And centralized conferencing
will still have the semi-trusted SFUs and all the rest of the third parties in
addition to the end-points. 

Also what properties one have around end-points invited into the conference has
a number of question around security properties that needs to be discussed and
documented. Some examples that I know are relevant:

- Source authentication: SRTP unless one use TESLA (which isn't really used)
does only provided the property: Someone that has the key sent this. One don't
know that it comes from a particular endpoint. 

- Confidentiality when group membership changes: So will SFRAME keying support a
use case where only the current set of members in a conference can decrypt the
media and one rekey the media session key for each time the membership changes?
PERC do support this, will SFRAME? 

There are likely more questions that needs discussion. The PERC discussion is a
good starting point, but I think when going transport agnostic some of the
issues needs to be more clearly discussed as the RTP transport can have affected
how it was discussed, and what reliance on existing mechanism. Which for SFRAME
likely require a general discussion and then requirements on the transport and
invovled endpoints and SFU to accomplish mitigations. And thus also what the
risks are of having no mitigation in place. 

I would really propose that SFRAME is chartered with publishing a security
consideration and threat model document that is seperate from the solution to
give this topic full focus. The solution will of necessity need to reference
that and document what migitagtions that exists in the SFRAME layer and what
becomes requirements on the transport. 

Cheers

Magnus Westerlund 


----------------------------------------------------------------------
Networks, Ericsson Research
----------------------------------------------------------------------
Ericsson AB                 | Phone  +46 10 7148287
Torshamnsgatan 23           | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------