Re: [Sframe] Adoption call for draft-omara-sframe-01
Bernard Aboba <bernard.aboba@gmail.com> Thu, 14 October 2021 23:30 UTC
Return-Path: <bernard.aboba@gmail.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A7D83A1803 for <sframe@ietfa.amsl.com>; Thu, 14 Oct 2021 16:30:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id upiucyIzMWaM for <sframe@ietfa.amsl.com>; Thu, 14 Oct 2021 16:30:10 -0700 (PDT)
Received: from mail-ua1-x934.google.com (mail-ua1-x934.google.com [IPv6:2607:f8b0:4864:20::934]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 940AE3A1805 for <sframe@ietf.org>; Thu, 14 Oct 2021 16:30:10 -0700 (PDT)
Received: by mail-ua1-x934.google.com with SMTP id f3so14595875uap.6 for <sframe@ietf.org>; Thu, 14 Oct 2021 16:30:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=A9J5p/pUP8xnsQCzZCCprGgGT+MSL3f1HtI/1yGeqj8=; b=fE63rklJOVHxE2I3jIWnhn7eqUAWgOa9BPSgQVPSzLvGk7xBTtZEs6BpIlg+8okm+r c2s+04xPVTzGqjI5Tc4MTpgHcJWvflgPRV7DNI36I6csJ1GVXTuRqRifJVb+aWnVrSCc igkVRT8R2kl2smBPuoi/gzaWJtY1NMWd6EDe4nHkpbD25CRTs6K8rI99lgobcfPwfcvu 9JmY4U4Brz2cjS1UFcpxJ94mUzUvDYLzyZ8ZZLId+JHDcmUDPnfgsKOb2jm9KB8T9pjJ av9BxjEvlvGYkAYDz8VZUeisT5rv6wuhpr4b9Keu65d6g3CYmNDNRWSy/y/0oB61psBW fg6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=A9J5p/pUP8xnsQCzZCCprGgGT+MSL3f1HtI/1yGeqj8=; b=KP9450T/oiKTikCIPwjjaTEs//Jvk9yIpZtggY31SZK8akZxbwuSHhUuj4G4sykABI Ekz9BTtuKk5yiUP72n72EkjT9+nt412ao507j4Jgx+OQduM6VOrOu7pgOR7VdR4fzbJ5 q044hf5mr0DwmDTZnRTvOnLGUsnO0q6h3g9adDi3TlT7+Z7iojLRORL/Le5EBpSeI0j5 rA2mz4nvubfmcaizK0i460eoXJUbJ6rbtiO8vNqnLEL4gEBnreTZg/YhXpp8laP26u9J kO0+pUqP0wN/PfJfTB+xCz+cG1R9GQrxN1EygW0ZIchoHYXDAipNiSoWiOvIwfD/hOpk 5ZnA==
X-Gm-Message-State: AOAM532j2OTzWGV04ACH9Kqo1MoQcWAirwQRgoKw+kfQXpWRu+/XfxBm z+hYyWTx9VPdRCq4EtTJEqghWgL7Szeo+dbX1bdKspB5chs=
X-Google-Smtp-Source: ABdhPJzBa51q0SSizVd614zzRt9/hXIIaMD5vcVVPVp7BIz3ovp1DOdDz7ZGsuyqdV2fMJl/3oyhwK3bE5ALhLrphCk=
X-Received: by 2002:ab0:540e:: with SMTP id n14mr10231833uaa.73.1634254208558; Thu, 14 Oct 2021 16:30:08 -0700 (PDT)
MIME-Version: 1.0
References: <7e721f57-e7ee-4f47-8663-2b485aeabd1a@www.fastmail.com>
In-Reply-To: <7e721f57-e7ee-4f47-8663-2b485aeabd1a@www.fastmail.com>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Thu, 14 Oct 2021 16:29:57 -0700
Message-ID: <CAOW+2dsZcx_nbz4QuqcohmRvd-6BX7Z-zfhBLwMZRn9rX1zf9g@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: sframe@ietf.org
Content-Type: multipart/alternative; boundary="00000000000092e80a05ce5875bf"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/G3jC1bqZNqYz0dFr9JBOqni1lB0>
Subject: Re: [Sframe] Adoption call for draft-omara-sframe-01
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Oct 2021 23:30:16 -0000
Here is my review.
Overall, I do not feel that this document is ready for adoption. Viewed
purely as a document focusing on defining the SFrame format, it is
adequate. Currently, the document mixes format considerations with key
management concerns while not adequately covering the full range of non-RTP
use cases. By trying to do too much, the document falls short enough to be
potentially detrimental to long term success.
In particular, the goals of the effort, the threat model and the use cases
are not articulated well enough. My advice would be to pare the draft down
to its bare essentials, spinning off material not directly relevant to the
SFrame format into a separate document.
The non-RTP use cases (and potential integration with the Web media model)
in particular seem like they deserve more attention.
Section 1 states:
In order for the SFU to work
properly though, it needs to be able to access RTP metadata and RTCP
feedback messages, which is not possible if all RTP/RTCP traffic is
end-to-end encrypted....
This document proposes a new end-to-end encryption mechanism known as
SFrame, specifically designed to work in group conference calls with
SFUs.
Later in Section 1, Figure 1 is included, showing the SRTP packet
format. So Section 1 is very RTP (and conferencing) centric. Yet at
the same time, Section 3 includes the following goals:
2. Decouple media encryption from key management to allow SFrame to
be used with an arbitrary KMS.
4. Independence from the underlying transport, including use in non-
RTP transports, e.g., WebTransport.
Is SFrame serious about these goals? Personally, I hope so - but if
so, integration with the existing Web media framework as well as new
APIs (such as WebCodecs) needs to be considered. In doing so, use
cases will likely expand beyond conferencing, to things like
low-latency streaming (for things like events, webinars, game
watching, etc.)
The existing Web media framework (as embodied by APIs such as MSE and
EME) supports both transport and key management independence, so
seeking these same goals for SFRAME seems quite natural. For example,
today it is possible to transport containerized media for a wide range
of codecs using any transport, including WebTransport and RTCData
channel. Once transported, the media is decoded and rendered using
MSE. And of course, the containerized media can also be protected.
Note that the protection model addresses additional classes of attack
beyond those that might be executed by an SFU. For example, cleartext
media is not accessible to Javascript, mitigating against attacks such
as "deep fakes".
Why bother to consider these use cases for SFrame? APIs such as
WebCodecs do not operate on containerized media, so there is a need to
define a format allowing encrypted but non-containerized media to be
carried over the wire. If that format is not SFrame, then an
equivalent will need to be invented, covering the same codecs that
SFrame seeks to support (e.g. Opus, H.264, VP8, VP9, AV1) plus maybe a
few others (e.g. AAC).
The benefit of working towards integration with the existing Web media
framework is that this will be more likely to lead to implementation
and deployment. This shouldn't be hard to accommodate within a
document that focuses purely on the format, allowing the use cases and
threat models to be articulated elsewhere.
On Sun, Oct 10, 2021 at 4:36 PM Martin Thomson <mt@lowentropy.net> wrote:
> https://datatracker.ietf.org/doc/html/draft-omara-sframe-01
>
> Please respond to this email before AOE 31 October 2021 if you support
> adopting draft-omara-sframe (currently -01) as a working group item. If
> you would prefer we not adopt this work, please respond with an explanation
> of why and ideally what you would like to see addressed before we do that.
>
> We're running this a tiny bit longer than a typical adoption call. Last
> time we talked about adoption there were a few concerns raised about the
> draft. We want to make sure those concerns are addressed, or at least
> those with concerns are satisfied that their concerns could be addressed.
>
> Martin, for the chairs
>
> --
> Sframe mailing list
> Sframe@ietf.org
> https://www.ietf.org/mailman/listinfo/sframe
>
- [Sframe] Adoption call for draft-omara-sframe-01 Martin Thomson
- Re: [Sframe] Adoption call for draft-omara-sframe… Saúl Ibarra Corretgé
- Re: [Sframe] Adoption call for draft-omara-sframe… Martin Thomson
- Re: [Sframe] Adoption call for draft-omara-sframe… Bernard Aboba
- Re: [Sframe] Adoption call for draft-omara-sframe… Sergio Garcia Murillo
- Re: [Sframe] Adoption call for draft-omara-sframe… Bernard Aboba
- Re: [Sframe] Adoption call for draft-omara-sframe… Sergio Garcia Murillo
- Re: [Sframe] Adoption call for draft-omara-sframe… Bernard Aboba
- Re: [Sframe] Adoption call for draft-omara-sframe… Sergio Garcia Murillo
- Re: [Sframe] Adoption call for draft-omara-sframe… Richard Barnes
- Re: [Sframe] Adoption call for draft-omara-sframe… Youenn Fablet
- Re: [Sframe] Adoption call for draft-omara-sframe… Emad Omara
- Re: [Sframe] Adoption call for draft-omara-sframe… Benjamin Beurdouche
- Re: [Sframe] Adoption call for draft-omara-sframe… Eric Rescorla
- Re: [Sframe] Adoption call for draft-omara-sframe… Raphael Robert
- Re: [Sframe] Adoption call for draft-omara-sframe… Justin Uberti