IETF Logo Mail Archive

Re: [Sframe] Negotiating SFrame/RTP in SDP

Richard Barnes <rlb@ipv.sx> Thu, 09 September 2021 18:49 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 769743A0CBE for <sframe@ietfa.amsl.com>; Thu, 9 Sep 2021 11:49:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id raao7YWaVPDD for <sframe@ietfa.amsl.com>; Thu, 9 Sep 2021 11:49:44 -0700 (PDT)
Received: from mail-qk1-x736.google.com (mail-qk1-x736.google.com [IPv6:2607:f8b0:4864:20::736]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F30E3A0CB9 for <sframe@ietf.org>; Thu, 9 Sep 2021 11:49:44 -0700 (PDT)
Received: by mail-qk1-x736.google.com with SMTP id 22so2942854qkg.2 for <sframe@ietf.org>; Thu, 09 Sep 2021 11:49:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qJbdoAr3rwPB4bhtTvFglrsbI+V1kk1Y13yVG2ZWm80=; b=lrdEzdqsyLSCuFtGcGCXJ432/ZwtOBfWqzphY5svitkHhBAkb66pf3C28LZ7a5cO5E Uh36bAed6t+0ne6YM6bUMEhibB/34WQ7AaMaDtwMFX9wYXW/lDr49Qedgnad6p9z2uQf MJqEAsekpLyylsCfrcbUsiE+K7lJdeUOOJtOjmYic8c0hXyj5aix5iVB1cccuJntzI83 1ageMDZvWjj+cS4rTGuUfZnX5KmWBwraVuB4FZYLbBtb7RLC5FCJBYBabsgKk+jL7/zI fnJA8eWCTyWYzx6M9wW3OJ5lZef0d9TkKEQ4qxriRzWqi4Yk8a5CQRgbNfpVnxfUpZ7E f5kA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qJbdoAr3rwPB4bhtTvFglrsbI+V1kk1Y13yVG2ZWm80=; b=X7GS5YG32ciky8sdsnnCsejLxN18T1/k1sq03Vnd52HFWcBjOb1i0hgAUZtF5HU+px zzb6/A+xynQblwdkMyrtVWRV6LqGJFH5+vqGc/6W9M/jK04O4igElFeNWfu4TBblkVsZ WyzQ4R0HloewB/S7S4rG0N3Aa7+xW/f9lnRvz+nFx3+OPuIjPMIRZk5zk0wW7BtiUmsv eZ4sNSvs+fC3IKPNvpyx1w4wy/6+6OSviTrMhmfb2JJmVjwB9g8u95LAk1IACmBU4FVq /u24A3HhY8Nx7ACqWIxmiJ8PX4USwpLgJ8w75YARy5ZbiEQw/HFokPPTJ1tve6U/Y0Qo hjcA==
X-Gm-Message-State: AOAM531KyRK2m8ncIzqRoIrMRZiP/SQLoVu6LJSuzvChPsdaK5GAFOBj 8rHggqQznBriH65sqKkUkq1VJspEFXr07EQuc9XbiDrxVKQ=
X-Google-Smtp-Source: ABdhPJwSg0ka3F/wvDPdkWcK5S7SVgWqQy5sc0os1C9imf2QfJakDo/hP9kRyM9CLjR5suvCt8ylbBTTyZvZKmu2GGk=
X-Received: by 2002:ae9:e204:: with SMTP id c4mr4122961qkc.125.1631213382365; Thu, 09 Sep 2021 11:49:42 -0700 (PDT)
MIME-Version: 1.0
References: <CAL02cgRw3OASDfqcywU1b=S+K9QDA=iJ-Pa+4uTUE--Cui5m6g@mail.gmail.com> <CANRTqcMFUo7BY_8JA3mBMcYYLHDOgSVsEPA_kmQGw2PxkkTuqQ@mail.gmail.com> <CAOW+2dvh8DF7QU8sbPXjc1J_gNJPVdgJbdJeD-JKjP+HGen_tQ@mail.gmail.com>
In-Reply-To: <CAOW+2dvh8DF7QU8sbPXjc1J_gNJPVdgJbdJeD-JKjP+HGen_tQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 09 Sep 2021 14:49:31 -0400
Message-ID: <CAL02cgSYd2=mLs7yoV52srwN37sZu88bD1DanmhgMkf5v8erWA@mail.gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
Cc: Sergio Garcia Murillo <sergio.garcia.murillo@cosmosoftware.io>, sframe@ietf.org
Content-Type: multipart/alternative; boundary="00000000000035890605cb9476df"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/8naYIhJjaqRe7JCafAGA7lc72Vk>
Subject: Re: [Sframe] Negotiating SFrame/RTP in SDP
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Sep 2021 18:49:50 -0000

Hi Bernard,

On the question of why we're doing SDP here at all, the main reason that
comes to my mind is: Giving SFUs fair notice of what's going on so that
they can act intelligently on E2E-encrypted streams.  There might be some
secondary benefits to setting up endpoints.

It is worth noting that the current round of implementations (both IS-based
ones and Webex) demonstrate that E2EE calls can be done without any changes
to SDP, as long as SFUs don't get upset when they can't interpret the
media.  The potential benefits of having some standardization of signaling
would be (1) to let SFUs react more intelligently in these situations, say
by requesting different RTP extensions, and (2) simplifying some of the
endpoint configuration that is needed to make SFrame work (or at least
letting an endpoint fail faster, say if it doesn't have any keys for
SFrame).

With regard to downgrade: First, in some applications, there is a signaling
level above SDP (like SIP, or some HTTP thing for WebRTC), that is
independent of the SFU and could thus distribute an E2EE signal to allow
detection of downgrade.  Second, if all the infrastructure is adversarial,
then it's up to the clients to signal somehow whether a given call is E2EE.

--RLB




On Mon, Sep 6, 2021 at 7:39 PM Bernard Aboba <bernard.aboba@gmail.com>
wrote:

> Richard said:
>
> "Just add an SFrame protect/unprotect before you do other processing on
> the media payload.  Then you will have a payload that is as described in
> the SDP."
>
> [BA]  If the SFU is untrusted to have cleartext access to the payload, why
> would the endpoint use SDP to negotiate with the SFU whether to use E2E
> encryption?  This potentially enables a downgrade attack.
>
> Such a negotiation only makes sense in a use case where there are some
> clients that support E2E encryption and others that do not, and the SFU is
> looking to gracefully keep the non-E2E endpoints out of the conference
> (e.g. by failing the O/A negotiation, instead of succeeding and then having
> the non-E2E endpoints being unable to parse the codec payloads).
>
> Sergio said:
>
> "Also, not always the media server and the endpoints are provided by the
> same company (i.e. CPaaS) and they will have to support both end to end
> encryption and non end to end encryption calls. "
>
> [BA]  SDP negotiation between the endpoint and SFU is useful in
> negotiating hop-by-hop parameters, such as the RTP header extensions needed
> by the SFU to forward packets without inspecting the RTP payload.
>
> But in a CPaaS scenario, I agree that the application will determine
> whether to use E2E encryption or not and the SFU need not know or care,
> since it isn't parsing the codec payloads anyway.  In that scenario you
> won't have a mixture of E2E capable and non-capable endpoints, so the SDP
> negotiation would serve no useful purpose.
>
>
>
> On Mon, Sep 6, 2021 at 12:14 PM Sergio Garcia Murillo <
> sergio.garcia.murillo@cosmosoftware.io> wrote:
>
>> From my point of view, all the mechanisms described on the multi codec
>> payload format are required:
>>
>> The ability to differentiate a RTP packet encrypted end to end (either by
>> SFrame or SPacket) is a must, both from a formal point of view about how
>> RTP works, but also to ensure that the media servers does not perform any
>> payload inspection that will cause malfunction (metadata gathering, layer
>> switching, recording..)
>>
>> The optionality of the encryption also comes from various factors. First,
>> end to end encryption is an "endpoint" decision, the SDP negotiation with
>> the media server should not be the place to enforce it or not. Also, not
>> always the media server and the endpoints are provided by the same company
>> (i.e. CPaaS) and they will have to support both end to end encryption and
>> non end to end encryption calls. Note that it is quite a common practice in
>> SFUs to send an SDP offer from the media server to the endpoint, in which
>> case, the media server will have to offer e2e encryption as optional.
>>
>> As an example, in Millicast we support both e2ee and non-e2ee streams
>> today (with the insertable stream per codec hacks), it is a
>> completely optional feature up to each customer to implement and to decide
>> when and if it is used. We are just carriers, and we do not want the
>> customer to have to configure if the stream is e2ee or not. We are not (and
>> must not be) involved in enforcing e2ee in any way.
>>
>> Best regards
>> Sergio
>>
>> On Thu, Sep 2, 2021 at 10:23 PM Richard Barnes <rlb@ipv.sx> wrote:
>>
>>> Hi folks,
>>>
>>> One of the major work items left around SFrame is the work to specify
>>> how SFrame-encrypted media are carried in RTP, and how that is signaled in
>>> SDP.  The finer points might need to be worked out in AVTCORE / MMUSIC, but
>>> since this group knows the intricacies better, it seems like having some
>>> agreement here on general approach would be good.
>>>
>>> Sergio put together a first stab at this in
>>> draft-murillo-avtcore-multi-codec-payload-format [1].  He presented this at
>>> AVTCORE @ IETF 111 [2].  Unfortunately, the discussion there doesn't seem
>>> to have provided a clear path forward, thus this thread.
>>>
>>> Personally, I think the proposal in Sergio's draft is a little wide of
>>> the mark.  ISTM that specifying a "generic" media format and recovering the
>>> specificity in an RTP header is more complex than is needed. Worse, it sets
>>> up implementations to send the same media both encrypted and unencrypted --
>>> obviously not great for security.
>>>
>>> I'd like to propose a simpler approach, drawing inspiration from cryptex
>>> [3]:
>>>
>>> a=sframe:<frame|packet> [<keying>]
>>>
>>> Basically, just a new SDP attribute per m-line, that specifies that
>>> SFrame encryption is being done and how.  The desired semantic is clear for
>>> SPacket: Just add an SFrame protect/unprotect before you do other
>>> processing on the media payload.  Then you will have a payload that is as
>>> described in the SDP.
>>>
>>> You can *almost* describe SFrame in this way as well.  Assemble all the
>>> RTP packets in a frame, then do SFrame across all of their payloads (in
>>> particular, adding the header to the first packet and the tag to the
>>> last).  If you constrained the sender to construct pre-SFrame packets  that
>>> were properly packetized according to the rest of the SDP, then this would
>>> integrate cleanly with the rest of the SDP/RTP model.  The problem is that
>>> that constraint is incompatible with Insertable Streams.  So we need to
>>> decide how much we care about compatibility with IS as it is.  Personally,
>>> it seems like WebRTC stacks and web apps are going to have to upgrade
>>> *anyway* if they're going to support SDP-based negotiation of SFrame, so if
>>> they have to make this one extra change, it shouldn't be a big deal.
>>>
>>> How does this approach strike folks?
>>>
>>> --Richard
>>>
>>> [1]
>>> https://www.ietf.org/archive/id/draft-murillo-avtcore-multi-codec-payload-format-01.html
>>> [2] https://youtu.be/S-JR4Fa8VFY?t=3510
>>> [3]
>>> https://www.ietf.org/archive/id/draft-ietf-avtcore-cryptex-02.html#name-signaling
>>> --
>>> Sframe mailing list
>>> Sframe@ietf.org
>>> https://www.ietf.org/mailman/listinfo/sframe
>>>
>> --
>> Sframe mailing list
>> Sframe@ietf.org
>> https://www.ietf.org/mailman/listinfo/sframe
>>
>

v2.23.0 | Report a Bug | By Email