Re: [Sframe] Proposal: SFrame && SPacket && !SIDU
Richard Barnes <rlb@ipv.sx> Tue, 16 November 2021 21:33 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 503B03A096F for <sframe@ietfa.amsl.com>; Tue, 16 Nov 2021 13:33:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lI8ShhjnJjjD for <sframe@ietfa.amsl.com>; Tue, 16 Nov 2021 13:33:20 -0800 (PST)
Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D00C3A096A for <sframe@ietf.org>; Tue, 16 Nov 2021 13:33:20 -0800 (PST)
Received: by mail-qt1-x82f.google.com with SMTP id n15so674274qta.0 for <sframe@ietf.org>; Tue, 16 Nov 2021 13:33:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eYBjIBBW7tBBDWTVVEKpLzFchWNlrPtQKImEDcZM0qI=; b=HOKS9WRvTnMRoy/w4hPhHmrMhLBmDHiempeEE4YDZA21xiDKiY/ScoPH9idiSL7Eiz /4qO/Vd+pe5HeE02VoL44i4kx42hf+ORcJ4J3FWN2pl8hv1CUu2F/sEcHyEQYTBxOpZo jwbR5W1oew8YudfQe3PqdOpQ9KvV2Z2OqyLHuTpa5vHZ+LkCuypXxoM/BuEln3vFe3iA lOQ8YgtaxxvOf4p9utAqrpQF1l8wMnWz4qcnjmb0hxcAKtwWvbfVKTPzg873f/SKlYjc djOn6MUFwR3zgzNv97SqDS3P/y5wvDm9xahEt8A8WqSOSz1WbRJ94vZQ51PSrrR/MpHz xerw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eYBjIBBW7tBBDWTVVEKpLzFchWNlrPtQKImEDcZM0qI=; b=Z5XerypuFsbZ/Dtm3PqMYuPKTJXmHbDYKgc2QCyvYgj9HuMZCfYS0sBFQQVBakuyr7 Db2B2V/MIUXimHPwmkvVW+1IVnE37se5VUSTLbZXy4uxdJvdK/giXZfbxML677IULZF3 by4vcW91zrz+SayC2sKaaIMZgu4AIRy5HpzvxtOfe+Lr5KIG0u4dmEpwIn7RWztdjDCx BV32axcta9PE+ONN5ufg2YyD5/o26XuyZtZGoNwi9p4dfpbCc34glf9yWiEs+/fOn/eK +W1e2nRjE7BMOqW/6M9GV+HrSmKMKc4Gya8DWBpR83exkFcQ7O9CZiTxR1FQf7yWyTRp 7+WQ==
X-Gm-Message-State: AOAM533ngZcdZn8UjY7bAL+kpQa02KCaIh0zA+xFnk/S0I2sH3xpHrdL RiOHeMIpA5rQ4TxpdET2GekDf73sG/XD5LOHz3Y/OM4GYdw0jw==
X-Google-Smtp-Source: ABdhPJxpBJ1cMh97ft5xGkY5BGBjkPVNpWogvnEqw6Ws6aoImbolnYcwm0ieMH20ogqTfucFZQ/8plibCRMfdJcLc/g=
X-Received: by 2002:ac8:7f06:: with SMTP id f6mr11283273qtk.258.1637098398703; Tue, 16 Nov 2021 13:33:18 -0800 (PST)
MIME-Version: 1.0
References: <CAL02cgSytJSLPziTzTOAQZFke47YrhdS381b4OmqcMPM1=Nzbw@mail.gmail.com> <CANRTqcNATCQcSyTr9Vcs3Y9uMJ1f_4FDKGo6idF9D+9ae+SX9g@mail.gmail.com> <CAL02cgRmgOn1bvzLY4aFojYh306O6-BxJ3B_5Agq5KVEypACSg@mail.gmail.com> <CAOLzse1pkHGK0Nfyy9iT7yPHGdShwPYjL-CUPqMputC=Z_QYiQ@mail.gmail.com>
In-Reply-To: <CAOLzse1pkHGK0Nfyy9iT7yPHGdShwPYjL-CUPqMputC=Z_QYiQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Tue, 16 Nov 2021 16:33:07 -0500
Message-ID: <CAL02cgQJF8xz3eXK9ytoujuH2kB8z0yUb8T4wmz7tnu57eNdCQ@mail.gmail.com>
To: Justin Uberti <juberti@alphaexplorationco.com>
Cc: Sergio Garcia Murillo <sergio.garcia.murillo@cosmosoftware.io>, sframe@ietf.org
Content-Type: multipart/alternative; boundary="00000000000084733005d0eeac53"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/NneD85cG8D2WbQ5RKJDYEFoST3o>
Subject: Re: [Sframe] Proposal: SFrame && SPacket && !SIDU
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Nov 2021 21:33:25 -0000
Specifically, I mean the things that are AEAD-encrypted. My mental model is that there are two moving parts here: 1. A general SFrame encapsulation, defined in this group, that takes a "unit" of media data and encrypts it with an AEAD cipher 2. One or more ways to apply that encapsulation to a real-time media stream. Since AEADs deal with discrete quantities of data and not streams, one of the things (2) has to define is how to divide a media stream up into units that are fed into the SFrame encap/decap algorithms. (In other words, between which layers in the media stack you put in the SFrame layer.) And on decode, you need a way for the receiver to recognize when SFrame ciphertexts begin and end. For SFrame and SPacket, those answers are pretty clear: * For SPacket: SFrame goes between packetization and SRTP; ciphertext begin/end = packet begin/end * For SFrame: SFrame goes between encoding and packetization; ciphertext begin/end = packet begin/end (with generic depacketizer) Those answers would be appreciably more complicated and codec-dependent if we try to develop an SIDU approach as well as SFrame/SPacket. Thus my hope of ruling it out of scope. --RLB On Tue, Nov 16, 2021 at 1:51 PM Justin Uberti < juberti@alphaexplorationco.com> wrote: > Richard, when you talk about "units" here, are you referring to things > coming out of the codec? or the RTP packetizer for said codec? > > The recent IETF meeting ended with some confusion as to this specific > question and it would be good for us on this list to make sure we're all in > alignment. > > On Tue, Sep 7, 2021 at 12:46 PM Richard Barnes <rlb@ipv.sx> wrote: > >> I'm not totally sure what you mean by "spatial frames" here; looks like >> the notion varies some by codec. Assuming "spatial frames" are frames in >> the sense of "something that comes out of depacketizater", I think we're >> probably on the same page. >> >> Maybe it would be clearer to state the proposal as: Encryption is done in >> units of whole RTP payloads. One payload for SPacket; all payloads in the >> frame for SFrame. We would not support cases where an encrypted unit would >> span a partial RTP payload. For example: >> >> NOT OK >> Payload 1: First part of SFrame unit A >> Payload 2: Second part of A, first part of B >> Payload 3: Second part of B >> >> OK >> Payload 1: SFrame unit A >> Payload 2: First part of Sframe unit B >> Payload 3: Second part of B >> >> Does that line up with what you have in mind? >> >> --Richard >> >> On Mon, Sep 6, 2021 at 2:53 PM Sergio Garcia Murillo < >> sergio.garcia.murillo@cosmosoftware.io> wrote: >> >>> Hi Richard, >>> >>> Just one minor comment, the "media frames", should be spatial frames if >>> SVC is used so an SFU is able to not forward all spatial layers to the >>> receiver. Apart from that, I am ok with removing "SIDUs" from the scope. >>> >>> Best regards >>> Sergio >>> >>> On Thu, Sep 2, 2021 at 10:20 PM Richard Barnes <rlb@ipv.sx> wrote: >>> >>>> Hi folks, >>>> >>>> I'd like to see if we can agree to limit our scope a bit. There has >>>> been discussion of multiple levels at which SFrame could be applied: >>>> >>>> * "SFrame" - Whole media frames >>>> * "SPacket" - Individual RTP media payloads >>>> * "SIDU" - Some codec-specific "independently decodeable units" >>>> >>>> I'd like to propose that we take "SIDU" off of the table, but keep the >>>> other two. >>>> >>>> It seems like SFrame and SPacket both have strengths in certain >>>> scenarios (depending on how you want to trade off bandwidth vs. >>>> complexity), but they're both pretty straightforward in terms of how they >>>> integrate with the media processing pipeline. In particular, they don't >>>> have any codec-dependence. SIDU, by contrast, seems like a world of pain. >>>> It requires that the encryption scheme be entangled with the codec, which >>>> requires special per-codec integration logic in the specifications. And >>>> the bandwidth gains for all that complexity are not that large. >>>> >>>> Is there anyone here who feels that SIDU is something this group needs >>>> to spend time specifying? >>>> >>>> --Richard >>>> -- >>>> Sframe mailing list >>>> Sframe@ietf.org >>>> https://www.ietf.org/mailman/listinfo/sframe >>>> >>> -- >> Sframe mailing list >> Sframe@ietf.org >> https://www.ietf.org/mailman/listinfo/sframe >> >
- [Sframe] Proposal: SFrame && SPacket && !SIDU Richard Barnes
- Re: [Sframe] Proposal: SFrame && SPacket && !SIDU Sergio Garcia Murillo
- Re: [Sframe] Proposal: SFrame && SPacket && !SIDU Richard Barnes
- Re: [Sframe] Proposal: SFrame && SPacket && !SIDU Justin Uberti
- Re: [Sframe] Proposal: SFrame && SPacket && !SIDU Richard Barnes
- Re: [Sframe] Proposal: SFrame && SPacket && !SIDU Richard Barnes
- Re: [Sframe] Proposal: SFrame && SPacket && !SIDU Justin Uberti
- Re: [Sframe] Proposal: SFrame && SPacket && !SIDU Justin Uberti