Re: [Sframe] RFC Feedback
Bret Lorimore <bretlorimore@gmail.com> Sun, 05 March 2023 00:55 UTC
Return-Path: <bretlorimore@gmail.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E46EC15155F for <sframe@ietfa.amsl.com>; Sat, 4 Mar 2023 16:55:11 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.084
X-Spam-Level:
X-Spam-Status: No, score=-7.084 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99u44Vkh1geZ for <sframe@ietfa.amsl.com>; Sat, 4 Mar 2023 16:55:07 -0800 (PST)
Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com [IPv6:2a00:1450:4864:20::533]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F167C14CEE3 for <sframe@ietf.org>; Sat, 4 Mar 2023 16:55:06 -0800 (PST)
Received: by mail-ed1-x533.google.com with SMTP id o12so24687566edb.9 for <sframe@ietf.org>; Sat, 04 Mar 2023 16:55:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=aG60ZoGDHitksHNrvi4cLez3dFyvbgl6e7L1WebjeNc=; b=Me45qZ18UXeHqniB0aZiEIJaYQ4GYbppaeSUipV7vsfQBL92aVaK0Gh6s52/DkK0po nEvMDgUwm92yImk74yDmwRk4kL1pZBMfuLJy++FVCZNYeE1nYj7TSrZst2TAujCTb58W sDtDVwxaJCTXgc/+wYtFvKRHAK3QB6D4T5/1Nu7CjKtr1JeTMkX2h72ayhqlsNpE2fsZ fUti0bKwE8jA6siSfvTttTtEYK9PPFx/GRI+9ohg9tVb55CkjY2sIkdHp5sZ6Tc/Gc6I 4fNeB1qKbpqegUmixVRgq6JYFn03AYH22wdENN3d/u7+Ang5juQsh7LbpmAV69hISsTd gBBw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=aG60ZoGDHitksHNrvi4cLez3dFyvbgl6e7L1WebjeNc=; b=2s6ZapmdAQJ8gUkLq3NzuxXjzk2kyGLBLX1p9vb6/F2cFNDt2c2cdXa87lLw6JAWtR p30aucFn+GaZyNrr5EFfSmwkKaelS9Hcv2tN5tprU0xvYe05GdipNnfIpmer+I0IZirP waryMjO78FpsAnlzfTuF/7RcaAphgpE4SpxQf0wWVt5A03i/GyDMl+REaLzs5+ugs5cl yZqjoQQ2gcyJ1zBz6j1eNAolUFfsoki03iVKIM0juc8D2sREiS+ECSet+UfDmTtdGVYz qW0fpZFHsNiDC15eDsCmN/i+M13NG04H9hep4sp1cpTHy70ERCHuQCfCSd9kJzmyUwR3 TwBQ==
X-Gm-Message-State: AO0yUKUtiYLlUIBUEL8Qr0Fv2G9TA2iAsEJYUhbEd2x45tNGVQAau2c1 vExX7CRQU+6qdOc12uDR/G/xRc/qwANJCgw6bV+dCqX47bY=
X-Google-Smtp-Source: AK7set8f0SmWuUP35EeoZkqrYAQ9AgyxU9+mCVhx4riajBJ9UhNI6px7ATXH4sBaeL6kPxA0q8U5EgrztrmM1ncCuMY=
X-Received: by 2002:a17:906:3002:b0:8e3:da0f:f9b7 with SMTP id 2-20020a170906300200b008e3da0ff9b7mr3091773ejz.4.1677977703823; Sat, 04 Mar 2023 16:55:03 -0800 (PST)
MIME-Version: 1.0
References: <CACy95dyUCUc41xycxTbCKWJQTqSKqdmDEP-n_Na4KqC=Hcax-Q@mail.gmail.com> <C764EE80-6B4E-4A34-A0AC-526B771E648E@apple.com>
In-Reply-To: <C764EE80-6B4E-4A34-A0AC-526B771E648E@apple.com>
From: Bret Lorimore <bretlorimore@gmail.com>
Date: Sat, 04 Mar 2023 16:54:52 -0800
Message-ID: <CACy95dxDP0FwRJBxzw5nfSLdKds5491qJN7T+exuwnnH1Rc3og@mail.gmail.com>
To: Youenn Fablet <youenn@apple.com>
Cc: sframe@ietf.org
Content-Type: multipart/related; boundary="000000000000fad40805f61ca0ca"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/BA8t2SvYC8furk166o6ZeJ5hIwg>
Subject: Re: [Sframe] RFC Feedback
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 05 Mar 2023 00:55:11 -0000
Thanks Youenn! On Sat, Mar 4, 2023 at 06:34 Youenn Fablet <youenn@apple.com> wrote: > Thanks Bret, > > I filed GitHub issues on your behalf for each of your point, see below for > the links. > Let’s continue the discussion there. > Y > > On 2 Mar 2023, at 16:58, Bret Lorimore <bretlorimore@gmail.com> wrote: > > Hey all, > > I know a couple folks here, but not many. My name is Bret. I am a SWE at > Meta and have been working on calling E2EE for some time. Per Bobo’s > request, I wanted to share my thoughts on the latest RFC draft ( > https://sframe-wg.github.io/sframe/draft-ietf-sframe-enc.html). I think > the doc makes sense generally, but have several thoughts, of both a > technical and editorial nature: > > Technical: > > > 1. > > The notion and semantics of SFrame “streams” are alluded to throughout > the document without being well defined. Does the RFC need to define the > notion of an SFrame “stream”, consisting of media encrypted all with the > same key and cipher suite? It seems like managing such streams is a > requirement of the application, but the exact requirements are not spelled > out. Here are examples where the notion of a stream comes up: > 1. > > In section 4.3 it describes a scenario where KIDs are unique to > each sender, sort of implying that given an SFrame payload (including the > SFrame header) a receiver should be able to decrypt it. > 2. > > Then in section 4.5 it describes how “In a session that uses > multiple media streams, different ciphersuites might be configured for > different media streams”, of course implying that if KIDs are per > sender, there would need to be some other mechanism to demux from KID → > stream, as there could be multiple cipher suites per stream. > 3. > > This is mentioned head on in section 5.1, where the draft states “In > this scheme, it is assumed that receivers have a signal outside of SFrame > for which client has sent a given frame, for example the RTP SSRC” > > > [image: 100.png] > > The notion and semantics of SFrame “streams” are not well defined · Issue > #100 · sframe-wg/sframe <https://github.com/sframe-wg/sframe/issues/100> > github.com <https://github.com/sframe-wg/sframe/issues/100> > <https://github.com/sframe-wg/sframe/issues/100> > > > > 1. > > It might be worth adding more details to section 5.1 to more clearly > spell out how sender keys should (or could) work. For example, it states > that “A receiver who receives from a sender with a new KID computes > the new key as above [using an HKDF ratchet]”, yet later on says that “Evicting > a participant requires each sender to send a fresh sender key to all > receivers.”. Given both of these, it is not clear how a sender would > signal a receiver that a frame is using a “fresh sender key” as opposed to > a ratchet (or multiple) of a previously received key. > > [image: 99.png] > > Retrieving a key from its ID is ambiguous as it can be a new key or a > ratchet of a new received key · Issue #99 · sframe-wg/sframe > <https://github.com/sframe-wg/sframe/issues/99> > github.com <https://github.com/sframe-wg/sframe/issues/99> > <https://github.com/sframe-wg/sframe/issues/99> > > > 1. > > Question: In section 4.3, is KLEN the actual key id length, or key id > length minus one, as LEN is > > > [image: 98.png] > > In section 4.3, is KLEN the actual key id length, or key id length minus > one, as LEN is? · Issue #98 · sframe-wg/sframe > <https://github.com/sframe-wg/sframe/issues/98> > github.com <https://github.com/sframe-wg/sframe/issues/98> > <https://github.com/sframe-wg/sframe/issues/98> > > > > Editorial: > > > 1. > > Throughout the doc there are numerous sections (e.g. 4.4.3, 6) which > are very RTP specific, despite a stated goal of the RFC being that SFrame > is transport agnostic. > > > [image: 96.png] > > Is the document talking too much about RTP? · Issue #96 · sframe-wg/sframe > <https://github.com/sframe-wg/sframe/issues/96> > github.com <https://github.com/sframe-wg/sframe/issues/96> > <https://github.com/sframe-wg/sframe/issues/96> > > > > 1. > > Section 7.2 states that key exchange is out of scope for this doc, yet > it states that clients “MUST change their keys when new clients joins > or leaves the call”. IMO if this is an absolute requirement of the > RFC, as per the definition of an all caps MUST, then the exact requirements > of this should be spelled out more, and possibly a reference protocol given. > > [image: 97.png] > > MUST statement for out-of-scope key management · Issue #97 · > sframe-wg/sframe <https://github.com/sframe-wg/sframe/issues/97> > github.com <https://github.com/sframe-wg/sframe/issues/97> > <https://github.com/sframe-wg/sframe/issues/97> > > > Thanks, all. I am really excited for this RFC to land. I hope these notes > are somewhat helpful. > > > Best, > > Bret > > -- > Sframe mailing list > Sframe@ietf.org > https://www.ietf.org/mailman/listinfo/sframe > > >
- [Sframe] RFC Feedback Bret Lorimore
- Re: [Sframe] RFC Feedback Youenn Fablet
- Re: [Sframe] RFC Feedback Bret Lorimore