Re: [Sframe] RFC Feedback
Youenn Fablet <youenn@apple.com> Sat, 04 March 2023 14:34 UTC
Return-Path: <youenn@apple.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72E0FC14EB17 for <sframe@ietfa.amsl.com>; Sat, 4 Mar 2023 06:34:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.086
X-Spam-Level:
X-Spam-Status: No, score=-2.086 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=apple.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eS-2TFx_6XmF for <sframe@ietfa.amsl.com>; Sat, 4 Mar 2023 06:34:08 -0800 (PST)
Received: from vib-mx02.apple.com (vib-mx02.apple.com [17.132.96.1]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 051C7C152574 for <sframe@ietf.org>; Sat, 4 Mar 2023 06:34:07 -0800 (PST)
Received: from am11p01nt-mtap01.apple.com (am11p01nt-mtap01.apple.com [100.85.69.146]) by vb11p01nt-mxp02.apple.com (Oracle Communications Messaging Server 8.1.0.21.20230112 64bit (built Jan 12 2023)) with ESMTPS id <0RR001E2V34TMY00@vb11p01nt-mxp02.apple.com> for sframe@ietf.org; Sat, 04 Mar 2023 14:34:06 +0000 (GMT)
X-Proofpoint-GUID: X0dy8_ehCML43cOrkPRySm7HD7hX3rWM
X-Proofpoint-ORIG-GUID: X0dy8_ehCML43cOrkPRySm7HD7hX3rWM
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.573, 18.0.942 definitions=2023-03-04_07:2023-03-03, 2023-03-04 signatures=0
X-Proofpoint-Spam-Details: rule=interactive_user_notspam policy=interactive_user score=0 phishscore=0 spamscore=0 bulkscore=0 mlxscore=0 adultscore=0 mlxlogscore=999 malwarescore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2303040121
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=apple.com; h=from : message-id : content-type : mime-version : subject : date : in-reply-to : cc : to : references; s=20180706; bh=lXsAGjO8syqEahA2z5eGTk9sUIMB543lzXJJJH+K8pI=; b=LU3J7ujDuPKc18kO33cujgHw1SEe2Nn6WW3GZb2v0VKibOVG70jjQ4BvmwUeB9zmRyTB 8653Erl13irpmn1pQRNcVlwqjzJ5UITkcdEw2Gu6PFnxf9BamUjet2KAnw6Lu+/Bg7iL UiVlJ5wN7ET7o1a77zfYQWgYmMOiaa5omLdENn3oLTf1MlzTlgOAhpV+uotMB4FAQ5dy 9OHXmmG07ViAUy+G3qeKzfjljZqLqQAmb37szxvDm7we1jGfpfc8Me5iI2Hfa1FtaWDD JUWKvDn5ICBtajr2ILdcIEiRsFKKdQ0pR48sAkOlupsrWNwq6zyTKSETh3nDWEh0PJcl XQ==
Received: from am11p01nt-mmpp01.apple.com (am11p01nt-mmpp01.apple.com [100.85.69.136]) by am11p01nt-mtap01.apple.com (Oracle Communications Messaging Server 8.1.0.21.20230112 64bit (built Jan 12 2023)) with ESMTPS id <0RR001YUL34TO700@am11p01nt-mtap01.apple.com>; Sat, 04 Mar 2023 14:34:05 +0000 (GMT)
Received: from process_milters-daemon.am11p01nt-mmpp01.apple.com by am11p01nt-mmpp01.apple.com (Oracle Communications Messaging Server 8.1.0.20.20220923 64bit (built Sep 23 2022)) id <0RR002L002KI2100@am11p01nt-mmpp01.apple.com>; Sat, 04 Mar 2023 14:34:05 +0000 (GMT)
X-Va-A:
X-Va-T-CD: 9b8941aee373fa48ec5d668fc9dacada
X-Va-E-CD: 4688c998a0efe328c9631d68e72bd7ed
X-Va-R-CD: d41fd07026742c0e65d5a83de6cfcee7
X-Va-ID: 3a49be20-47aa-448a-829b-dc673f503a8e
X-Va-CD: 0
X-V-A:
X-V-T-CD: 9b8941aee373fa48ec5d668fc9dacada
X-V-E-CD: 4688c998a0efe328c9631d68e72bd7ed
X-V-R-CD: d41fd07026742c0e65d5a83de6cfcee7
X-V-ID: 74f355ac-b727-4a91-b905-e744defe6948
X-V-CD: 0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.573, 18.0.942 definitions=2023-03-04_07:2023-03-03, 2023-03-04 signatures=0
Received: from smtpclient.apple ([17.235.209.188]) by am11p01nt-mmpp01.apple.com (Oracle Communications Messaging Server 8.1.0.20.20220923 64bit (built Sep 23 2022)) with ESMTPSA id <0RR002O0Q34Q7L00@am11p01nt-mmpp01.apple.com>; Sat, 04 Mar 2023 14:34:03 +0000 (GMT)
From: Youenn Fablet <youenn@apple.com>
Message-id: <C764EE80-6B4E-4A34-A0AC-526B771E648E@apple.com>
Content-type: multipart/alternative; boundary="Apple-Mail=_FF8692C2-C450-47C8-9AC8-E8685991EFEC"
MIME-version: 1.0 (Mac OS X Mail 16.0 \(3734.100.4\))
Date: Sat, 04 Mar 2023 15:33:59 +0100
In-reply-to: <CACy95dyUCUc41xycxTbCKWJQTqSKqdmDEP-n_Na4KqC=Hcax-Q@mail.gmail.com>
Cc: sframe@ietf.org
To: Bret Lorimore <bretlorimore@gmail.com>
References: <CACy95dyUCUc41xycxTbCKWJQTqSKqdmDEP-n_Na4KqC=Hcax-Q@mail.gmail.com>
X-Mailer: Apple Mail (2.3734.100.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/K8EMNgeksughlRu6krx6eghxoso>
Subject: Re: [Sframe] RFC Feedback
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Mar 2023 14:34:12 -0000
Thanks Bret, I filed GitHub issues on your behalf for each of your point, see below for the links. Let’s continue the discussion there. Y > On 2 Mar 2023, at 16:58, Bret Lorimore <bretlorimore@gmail.com> wrote: > > Hey all, > > I know a couple folks here, but not many. My name is Bret. I am a SWE at Meta and have been working on calling E2EE for some time. Per Bobo’s request, I wanted to share my thoughts on the latest RFC draft (https://sframe-wg.github.io/sframe/draft-ietf-sframe-enc.html). I think the doc makes sense generally, but have several thoughts, of both a technical and editorial nature: > > Technical: > > The notion and semantics of SFrame “streams” are alluded to throughout the document without being well defined. Does the RFC need to define the notion of an SFrame “stream”, consisting of media encrypted all with the same key and cipher suite? It seems like managing such streams is a requirement of the application, but the exact requirements are not spelled out. Here are examples where the notion of a stream comes up: > > In section 4.3 it describes a scenario where KIDs are unique to each sender, sort of implying that given an SFrame payload (including the SFrame header) a receiver should be able to decrypt it. > > Then in section 4.5 it describes how “In a session that uses multiple media streams, different ciphersuites might be configured for different media streams”, of course implying that if KIDs are per sender, there would need to be some other mechanism to demux from KID → stream, as there could be multiple cipher suites per stream. > > This is mentioned head on in section 5.1, where the draft states “In this scheme, it is assumed that receivers have a signal outside of SFrame for which client has sent a given frame, for example the RTP SSRC” > https://github.com/sframe-wg/sframe/issues/100 The notion and semantics of SFrame “streams” are not well defined · Issue #100 · sframe-wg/sframe github.com > It might be worth adding more details to section 5.1 to more clearly spell out how sender keys should (or could) work. For example, it states that “A receiver who receives from a sender with a new KID computes the new key as above [using an HKDF ratchet]”, yet later on says that “Evicting a participant requires each sender to send a fresh sender key to all receivers.”. Given both of these, it is not clear how a sender would signal a receiver that a frame is using a “fresh sender key” as opposed to a ratchet (or multiple) of a previously received key. > https://github.com/sframe-wg/sframe/issues/99 Retrieving a key from its ID is ambiguous as it can be a new key or a ratchet of a new received key · Issue #99 · sframe-wg/sframe github.com > Question: In section 4.3, is KLEN the actual key id length, or key id length minus one, as LEN is > https://github.com/sframe-wg/sframe/issues/98 In section 4.3, is KLEN the actual key id length, or key id length minus one, as LEN is? · Issue #98 · sframe-wg/sframe github.com > > Editorial: > > Throughout the doc there are numerous sections (e.g. 4.4.3, 6) which are very RTP specific, despite a stated goal of the RFC being that SFrame is transport agnostic. > https://github.com/sframe-wg/sframe/issues/96 Is the document talking too much about RTP? · Issue #96 · sframe-wg/sframe github.com > Section 7.2 states that key exchange is out of scope for this doc, yet it states that clients “MUST change their keys when new clients joins or leaves the call”. IMO if this is an absolute requirement of the RFC, as per the definition of an all caps MUST, then the exact requirements of this should be spelled out more, and possibly a reference protocol given. > https://github.com/sframe-wg/sframe/issues/97 MUST statement for out-of-scope key management · Issue #97 · sframe-wg/sframe github.com > > Thanks, all. I am really excited for this RFC to land. I hope these notes are somewhat helpful. > > > > Best, > > > Bret > > > -- > Sframe mailing list > Sframe@ietf.org > https://www.ietf.org/mailman/listinfo/sframe
- [Sframe] RFC Feedback Bret Lorimore
- Re: [Sframe] RFC Feedback Youenn Fablet
- Re: [Sframe] RFC Feedback Bret Lorimore