IETF Logo Mail Archive

[Sframe] RFC Feedback

Bret Lorimore <bretlorimore@gmail.com> Thu, 02 March 2023 15:58 UTC

Return-Path: <bretlorimore@gmail.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55C74C15DF54 for <sframe@ietfa.amsl.com>; Thu, 2 Mar 2023 07:58:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.083
X-Spam-Level:
X-Spam-Status: No, score=-2.083 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vz9QTyVsL0tU for <sframe@ietfa.amsl.com>; Thu, 2 Mar 2023 07:58:20 -0800 (PST)
Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 908AEC159A24 for <sframe@ietf.org>; Thu, 2 Mar 2023 07:58:20 -0800 (PST)
Received: by mail-ed1-x536.google.com with SMTP id da10so69551648edb.3 for <sframe@ietf.org>; Thu, 02 Mar 2023 07:58:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=ORCcduwJ+uMteOqUt4XV+wnmWaKgXmVGmkY64uWiD6s=; b=bei99o/dKIPQkluMyG56B+FFSQDC58DpRlKuslAkb8y7KYlU/+MgBQKRIaj44/fmzC dZsFlfYT5fKyJciaUr7+oaEmmHL6R7YQ80H13S/gK2rO5taHkK1rjhk6P7asNN1C4itU 8lWyvAy5JCO7wVwxsGajY94uGlN55L/n8x4g+vJBksvoJ5CndrSG7Lw9DwnbrpqeX6Md G9XDKFDfB9ia/kfcVKJGyA7UrWkGoIxSiZ/LbciXsahdbcl9xMe6+HF/4L+b1EUAqccJ jRgZNmMcndEB1OpkPM1kLwtK555o/PlglU+CqshbNzSti6CXA0kcw2Qo3Sn8vUSPaaxi Ph7w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=ORCcduwJ+uMteOqUt4XV+wnmWaKgXmVGmkY64uWiD6s=; b=tlvqVgVWTqeSjm1edCGrJUfSRnJmXgaD6BdB68IMbrC7/sOb423T8hXWmyJMOLYKww gFOrugzOH6ypiLATnwFZXMo/+p1eVxWM8h8qSuvTh2iFCDpyxE0XlnW7f64H5FChTrUO neYhTBl5AC6pcLKocHYueAsqccC03A2Lq57Quky08m+5cBO7FUdL6sKPkanoY2iI6vjO c5GdXlUgonWqPGUOEHIkia1V+f5WuzfJVjM3peUixpZWx2T6Icdun7/Qxs+rjzvdGoh7 XUxYiatDP0F27gZCv5BocxBZfdS9k1AhnvfmYejH6Znmw5bnfyi7ozdla2FpUtFxi4KO 5sFw==
X-Gm-Message-State: AO0yUKWomEIkhlA2TeXkYgeo10IqRy6N+B3vDfQ221zZuNHyS4ImH2Cg mCEmNCHPqn609ygPCjZKorM68iHRbG3Hg5Jrdhitsu59TEM=
X-Google-Smtp-Source: AK7set+fXfNUv5+bYMah7X6EXWjeagrJcXdy0jGdog2y6ToStzRaD15xtdkCZCb8rPmbRilzv/ovVr/aXglfXwqC4PM=
X-Received: by 2002:a17:906:1751:b0:8e3:da0f:f9b7 with SMTP id d17-20020a170906175100b008e3da0ff9b7mr5621816eje.4.1677772697970; Thu, 02 Mar 2023 07:58:17 -0800 (PST)
MIME-Version: 1.0
From: Bret Lorimore <bretlorimore@gmail.com>
Date: Thu, 02 Mar 2023 07:58:06 -0800
Message-ID: <CACy95dyUCUc41xycxTbCKWJQTqSKqdmDEP-n_Na4KqC=Hcax-Q@mail.gmail.com>
To: sframe@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ad2dcd05f5ece50a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/e9-ZqTTrh_eL6vK2y7OovHt0740>
Subject: [Sframe] RFC Feedback
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Mar 2023 15:58:24 -0000

Hey all,

I know a couple folks here, but not many. My name is Bret. I am a SWE at
Meta and have been working on calling E2EE for some time. Per Bobo’s
request, I wanted to share my thoughts on the latest RFC draft (
https://sframe-wg.github.io/sframe/draft-ietf-sframe-enc.html). I think the
doc makes sense generally, but have several thoughts, of both a technical
and editorial nature:

Technical:


   1.

   The notion and semantics of SFrame “streams” are alluded to throughout
   the document without being well defined. Does the RFC need to define the
   notion of an SFrame “stream”, consisting of media encrypted all with the
   same key and cipher suite? It seems like managing such streams is a
   requirement of the application, but the exact requirements are not spelled
   out. Here are examples where the notion of a stream comes up:
   1.

      In section 4.3 it describes a scenario where KIDs are unique to each
      sender, sort of implying that given an SFrame payload (including
the SFrame
      header) a receiver should be able to decrypt it.
      2.

      Then in section 4.5 it describes how “In a session that uses multiple
      media streams, different ciphersuites might be configured for different
      media streams”, of course implying that if KIDs are per sender, there
      would need to be some other mechanism to demux from KID →
stream, as there
      could be multiple cipher suites per stream.
      3.

      This is mentioned head on in section 5.1, where the draft states “In
      this scheme, it is assumed that receivers have a signal outside of SFrame
      for which client has sent a given frame, for example the RTP SSRC”
      2.

   It might be worth adding more details to section 5.1 to more clearly
   spell out how sender keys should (or could) work. For example, it states
   that “A receiver who receives from a sender with a new KID computes the
   new key as above [using an HKDF ratchet]”, yet later on says that “Evicting
   a participant requires each sender to send a fresh sender key to all
   receivers.”. Given both of these, it is not clear how a sender would
   signal a receiver that a frame is using a “fresh sender key” as opposed to
   a ratchet (or multiple) of a previously received key.
   3.

   Question: In section 4.3, is KLEN the actual key id length, or key id
   length minus one, as LEN is


Editorial:


   1.

   Throughout the doc there are numerous sections (e.g. 4.4.3, 6) which are
   very RTP specific, despite a stated goal of the RFC being that SFrame is
   transport agnostic.
   2.

   Section 7.2 states that key exchange is out of scope for this doc, yet
   it states that clients “MUST change their keys when new clients joins or
   leaves the call”. IMO if this is an absolute requirement of the RFC, as
   per the definition of an all caps MUST, then the exact requirements of this
   should be spelled out more, and possibly a reference protocol given.


Thanks, all. I am really excited for this RFC to land. I hope these notes
are somewhat helpful.


Best,

Bret

v2.23.0 | Report a Bug | By Email