IETF Logo Mail Archive

Re: [Sframe] [dispatch] SFRame Next Steps (was SFrame proposed WG charter)

Richard Barnes <rlb@ipv.sx> Wed, 12 August 2020 15:11 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A14A53A13D2 for <sframe@ietfa.amsl.com>; Wed, 12 Aug 2020 08:11:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W5ib1PqQ7Tha for <sframe@ietfa.amsl.com>; Wed, 12 Aug 2020 08:11:49 -0700 (PDT)
Received: from mail-qv1-xf30.google.com (mail-qv1-xf30.google.com [IPv6:2607:f8b0:4864:20::f30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FE2E3A13D0 for <sframe@ietf.org>; Wed, 12 Aug 2020 08:11:49 -0700 (PDT)
Received: by mail-qv1-xf30.google.com with SMTP id cs12so1175724qvb.2 for <sframe@ietf.org>; Wed, 12 Aug 2020 08:11:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HB6JIsnOjLHWtBADwjN3QcY1OaXtIYAdm8jtbNL5TBM=; b=e3tBpUbnB0nHO42z0K3TXlOm2UU0fTFVYlyfuVGzpQd81ENhOtoFdw5WxphVgN/e9n cy1GgnulCtbNV68RvQSpuhiWdByFMLw2K8hBp7vVJJMb+F0T58DTqatWVQWOn8+omo4s YlP/KlZT2O7EoCo1rYMPrzRLvUdVeIjcJevM3VAy2QlCZtvrySdtZfuO1LaxAB7RKiHq 5AmfTWrqjz1i8iYxsJK9/gdLsMW7PqoeNNNZUXHEeTvL62yCL9axYB+cUyUYmmbw/i7K 6RrJnaEMIR6k02j6ByvRPuPowBhBo7/UIPz2iNskvHZLnDE7NqmXT486gTqDGytl4md4 rz0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HB6JIsnOjLHWtBADwjN3QcY1OaXtIYAdm8jtbNL5TBM=; b=LXzF06hpkamTMrWYIaLqeFN5Hn4C8rVm4yd0cnurTXHFalJ0Cf+Uoy9wqSPbCPBeYm C26ONI4gd4nxykpPBp94ynrsvSW1X/8ewDeWvT3KdqGogq5nUV6AmsVrH6k9Iz+FLQ7K 46+aXe+L8SawarbigTaGY4sHDokeC3QlKQGc3Dlbdqi8GYoeQwnvKMfx5ZLIpgz7nXWo wJrG7aiQxT5HCMfidPGtMT/l5F7v+dys8R5dzQwNkIFXrE2vZNbuvMPvSm8/ENe87Dp1 BcxQ8zpDXwi+sbj7fSIzd3yXIMxDilm5NcmX8aGIisVAkVNhwdTOPuxdrNK4GAS6yB6j 1xaA==
X-Gm-Message-State: AOAM5329zECBbfrIkAzs5NPNB10hF7J4tF2liWfPUbxzCGB6N+JNYqXZ deM4Ub2Mzugs1LW6sYbppAx0PD3F5lu0cNLbFgo6/Q==
X-Google-Smtp-Source: ABdhPJxfff1rdUVBskUGn92bY190knYNWAoaeMM4PIiR585WjcZnCYp3lecBMuHu3tGRnKnMl7WzaYoMyscmRivzlW0=
X-Received: by 2002:a0c:fc07:: with SMTP id z7mr4805qvo.65.1597245108190; Wed, 12 Aug 2020 08:11:48 -0700 (PDT)
MIME-Version: 1.0
References: <CAHo7dC91bvRHiYuRT63uJ=HeuFU9L7XXqTcG+za5xi_BbQ0G2w@mail.gmail.com> <E2072219-1B6E-4444-A39C-287842783DBF@nostrum.com> <CAL02cgT13rEnvaB9TFMci=N8OqO35qKHthPHhMCvAccZWhCu-Q@mail.gmail.com> <ca0a7472a86cf53c78779f6153a80dc096acc4e8.camel@ericsson.com> <69181ed1-d72a-99de-8b4d-9e10276ced91@gmail.com> <771e108a9f25c1bec04d5fcdad58eb55bbb1533d.camel@ericsson.com> <CAHo7dC_b_fvmq=FRK-DMFtOji_tCV3hAnEHr+P-CY7BHtPP+MA@mail.gmail.com> <CACtMSQWR0xxV_2Worc197Ftf7yTFhwrses+732vWN+fHjN4pkQ@mail.gmail.com>
In-Reply-To: <CACtMSQWR0xxV_2Worc197Ftf7yTFhwrses+732vWN+fHjN4pkQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 12 Aug 2020 11:11:33 -0400
Message-ID: <CAL02cgRnfRoYfUu78hV7X2LV_GuhaHbZvC9vpgcnyzy4D2HPVw@mail.gmail.com>
To: Alexandre GOUAILLARD <Alex.GOUAILLARD@cosmosoftware.io>
Cc: Emad Omara <emadomara=40google.com@dmarc.ietf.org>, Magnus Westerlund <magnus.westerlund@ericsson.com>, "ben@nostrum.com" <ben@nostrum.com>, "dispatch@ietf.org" <dispatch@ietf.org>, "sergio.garcia.murillo@gmail.com" <sergio.garcia.murillo@gmail.com>, "sframe@ietf.org" <sframe@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004b16af05acaf9b2d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/LLgCVRQqN2CZHKG-1j6ROFqFl1U>
Subject: Re: [Sframe] [dispatch] SFRame Next Steps (was SFrame proposed WG charter)
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2020 15:11:53 -0000

Hey all,

I agree that all of this stuff is valuable to capture somewhere.  In the
interest of keeping the charter fairly succinct, I've added the following:

"""
The SFrame specification will detail the specific security properties that
the encapsulation provides, and discuss their implications under common
usage scenarios / threat models.
"""

With that, I think that all the comments we've gotten so far have been
addressed.

--Richard


On Fri, Aug 7, 2020 at 11:51 PM Alexandre GOUAILLARD <
Alex.GOUAILLARD@cosmosoftware.io> wrote:

> guys,
>
> sorry for jumping in so late, quarantine here is very strict.
>
> We had long discussions about this specific point ahead of the draft
> submission.
> We had reached the following consensus:
> - there are multiple usage of media over the internet, e.g. conferencing
> and streaming/broadcast
> - they have very different threat/trust models, with different solutions
> implemented today (transport layer E / E2EE / DRM / Encrypted Media
> Extentions / ...)
> - they all can benefit from SFrame
>
> PERC was, by design, limited to RTP and to Conferencing. Many other use
> case coul benefit from Enhanced Privacy.
>
> We concluded that it would be better to keep SFrame (the media encryption
> part, equivalent to PERC double conceptually), and to have separated
> documents that describe the threat models and the corresponding key
> exchange, signaling and system level decision for each use case. Emad had
> taken an action item for example to make two additional documents to
> describe the Video Conferencing use case, and how SFrame could be used in
> conjunction with MLS to address that specific use case. Someone else could
> take the different use case of the Browsers (which have a specific trust
> model) and make a document showing how SFrame con work with Insertable
> Frame API (and likely some more) to address that use case. CoSMo is
> interested in doing the same thing for Real-Time streaming/Broadcasting.
>
> I think it is a more reasonable approach as, even spending a lot of time
> brainstorming with everyone around the tabel including bernard, we couldn't
> think about one solution to fit all the different "media over internet"'s
> threat model. In my mind, each case should first have an informal document
> to define scope and threat model, and subsequent document to define the
> corresponding specifications.
> - Secure Conferencing Threat model (emad and co.)
> - Secure Conferencing Signalling using MLS (emad and co.)
> - Secure Conferencing using MLS In the browser (contributed by w3c people)
>
> Magnus, what do you think?
>
> Regards,
>
> Dr. ALex.
>
>
>
> On Fri, Aug 7, 2020 at 2:02 AM Emad Omara <emadomara=
> 40google.com@dmarc.ietf.org> wrote:
>
>> Thanks Magnus. I like the idea to explicitly call out the threat model, I
>> think it will be good foundations that control all future design decisions,
>> however I'm not sure if the charter is the right place to call this out.
>> I'd recommend having a separate document that describes the system
>> architecture, goals and threat model. What do you think?
>>
>> Emad
>>
>> On Thu, Aug 6, 2020 at 1:56 AM Magnus Westerlund <
>> magnus.westerlund@ericsson.com> wrote:
>>
>>> Hi,
>>>
>>> On Wed, 2020-08-05 at 22:15 +0200, Sergio Garcia Murillo wrote:
>>> > But shouldn't the "delayed media" attack still be transport agnostic?
>>> I
>>> > mean, this can happen on QUIC and WebRTC SFUs.
>>>
>>> Sorry if I gave the impression that it is not transport agnostic. It is
>>> use case
>>> dependent, any use case that isn't point to point, where there is more
>>> than one
>>> entity that can intentionally remove SFRAME creating gaps in the SFRAME
>>> sequence. In a point to point scenario one can correlate transport
>>> losses with
>>> SFRAME gaps to know give a reasonably strong mitigation against any
>>> third party
>>> removing SFRAMEs or delaying them. That is much harder in a centralized
>>> conference with one or more SFU.
>>>
>>> >
>>> > Anyway, I agree that while SFrame is transport agnostic, the chapter
>>> > should not ignore the interactions with webrtc/quic and we must ensure
>>> > that we provide a complete working solution regardless of the
>>> transport.
>>> > If we identify that any further working items are required for a
>>> > particular transport, we should at liaise with the appropriate working
>>> > group for providing a solution.
>>>
>>> My main point is that SFRAME actually needs to discuss the threat model
>>> for the
>>> use cases it intendes to solve. And the mitigation can potentially
>>> include
>>> functionality on the transport level. But the risks to media security in
>>> centralized conferencing needs to be discussed. And centralized
>>> conferencing
>>> will still have the semi-trusted SFUs and all the rest of the third
>>> parties in
>>> addition to the end-points.
>>>
>>> Also what properties one have around end-points invited into the
>>> conference has
>>> a number of question around security properties that needs to be
>>> discussed and
>>> documented. Some examples that I know are relevant:
>>>
>>> - Source authentication: SRTP unless one use TESLA (which isn't really
>>> used)
>>> does only provided the property: Someone that has the key sent this. One
>>> don't
>>> know that it comes from a particular endpoint.
>>>
>>> - Confidentiality when group membership changes: So will SFRAME keying
>>> support a
>>> use case where only the current set of members in a conference can
>>> decrypt the
>>> media and one rekey the media session key for each time the membership
>>> changes?
>>> PERC do support this, will SFRAME?
>>>
>>> There are likely more questions that needs discussion. The PERC
>>> discussion is a
>>> good starting point, but I think when going transport agnostic some of
>>> the
>>> issues needs to be more clearly discussed as the RTP transport can have
>>> affected
>>> how it was discussed, and what reliance on existing mechanism. Which for
>>> SFRAME
>>> likely require a general discussion and then requirements on the
>>> transport and
>>> invovled endpoints and SFU to accomplish mitigations. And thus also what
>>> the
>>> risks are of having no mitigation in place.
>>>
>>> I would really propose that SFRAME is chartered with publishing a
>>> security
>>> consideration and threat model document that is seperate from the
>>> solution to
>>> give this topic full focus. The solution will of necessity need to
>>> reference
>>> that and document what migitagtions that exists in the SFRAME layer and
>>> what
>>> becomes requirements on the transport.
>>>
>>> Cheers
>>>
>>> Magnus Westerlund
>>>
>>>
>>> ----------------------------------------------------------------------
>>> Networks, Ericsson Research
>>> ----------------------------------------------------------------------
>>> Ericsson AB                 | Phone  +46 10 7148287
>>> <+46%2010%20714%2082%2087>
>>> Torshamnsgatan 23           | Mobile +46 73 0949079
>>> <+46%2073%20094%2090%2079>
>>> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
>>> ----------------------------------------------------------------------
>>>
>>>
>>> --
>> Sframe mailing list
>> Sframe@ietf.org
>> https://www.ietf.org/mailman/listinfo/sframe
>>
>

v2.23.0 | Report a Bug | By Email