[Sframe] Benjamin Kaduk's No Objection on charter-ietf-sframe-00-00: (with COMMENT)
Benjamin Kaduk via Datatracker <noreply@ietf.org> Wed, 09 September 2020 23:31 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: sframe@ietf.org
Delivered-To: sframe@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F1C213A080C; Wed, 9 Sep 2020 16:31:01 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: sframe-chairs@ietf.org, sframe@ietf.org, dispatch@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.16.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <159969426190.10803.15690929161997611598@ietfa.amsl.com>
Date: Wed, 09 Sep 2020 16:31:01 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/PtfIbxUpxi9ecFqPae_C5vHkChQ>
Subject: [Sframe] Benjamin Kaduk's No Objection on charter-ietf-sframe-00-00: (with COMMENT)
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
List-Id: <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Sep 2020 23:31:02 -0000
Benjamin Kaduk has entered the following ballot position for charter-ietf-sframe-00-00: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-sframe/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- I support Magnus's and Érics' Blocks. Some additional comments: Real-time conferencing sessions increasingly require end-to-end protections that prevent intermediary servers from decrypting real-time media. The PERC WG developed a “double encryption” scheme for end-to-end encryption that was deeply tied to SRTP as its underlying transport. This entanglement has prevented widespread deployment. I thought we were going to tweak this text (noting that RFC RFC 8723 is only a handful of months old). It might also be worth a note about the general expected shape of the key hierarchy (e.g., one key per sender vs. full mesh). * Selection among multiple encryption keys in use during a real-time session * Information to form a unique nonce within the scope of the key * Authenticated encryption using the selected key and nonce I assume that this means "assembling preexisting crypto building blocks", not "define new crypto". The transport-independence of this encapsulation means that it can be applied at a higher level than individual RTP payloads. For example, it may be desirable to encrypt whole frames that span multiple packets in order to amortize the overhead from framing and authentication tags. It may also be desirable to encrypt units of intermediate size (e.g., H.264 NALUs or AV1 OBUs) to allow partial frames to be usable. The working group will choose what levels of granularity are available and to what degree this can be configured. (Available as input to the WG of available from its output?) It is anticipated that several use cases of SFrame will involve its use with keys derived from the MLS group key exchange protocol. The working group will define a mechanism for doing SFrame encryption using keys from MLS, including, for example, the derivation of SFrame keys per MLS epoch and per sender. Will other sources of key material be considered?
- [Sframe] Benjamin Kaduk's No Objection on charter… Benjamin Kaduk via Datatracker
- Re: [Sframe] Benjamin Kaduk's No Objection on cha… Richard Barnes