[Sframe] Negotiating SFrame/RTP in SDP
Richard Barnes <rlb@ipv.sx> Thu, 02 September 2021 20:23 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EAF73A0ABB for <sframe@ietfa.amsl.com>; Thu, 2 Sep 2021 13:23:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M-bv73hk82yx for <sframe@ietfa.amsl.com>; Thu, 2 Sep 2021 13:23:26 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2B903A0AB6 for <sframe@ietf.org>; Thu, 2 Sep 2021 13:23:25 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id t35so2729847qtc.6 for <sframe@ietf.org>; Thu, 02 Sep 2021 13:23:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=Ek4T4b/QnoZjaDAURgD2ShrmlH9sofVbKrhvHW/ie0g=; b=RqfTOK7H0KipenSgbFDqeV7nBlSNadnxN50KdRvvJFBVyV9OBoaI36QRL4Dmip5hLd LSlNI0pT7Zj2OWqUo/E8peonZnz35ewjE9JphKOxuCMjmfcxu7E3VbsXc7O7Jk57vRri fipsADJWuNQD4zxSZi5njMp+JySvj0i6jCOGV/h6wsH+QgjvjNOEcXA4yB0U5CODgoQp mBJ0EAPzlRUQsRyjGhkEoWOA248K0qrQkyxgesUkx8dfc6eGw1uDDV/u2hzlhmTMGGzx Lol5hWpdlxxca+TanDynfHs7Yihg3dtD9TvjZ/TI273/Np4F9TxseA8aWH/2udsF0ZR7 Dzlw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Ek4T4b/QnoZjaDAURgD2ShrmlH9sofVbKrhvHW/ie0g=; b=oX7xYPzvO/lSPpck1oShdedC3pjrl3UzRfZEbY01R34CgwMNdWVFGRxfeVULYenvNF mfS1hS2lYHAQ72OkgWR/UtDrNN30wAFPyOdBYSLQ/rlse5l7m4NZ44nW1JDKDcaC5ceS M0BczAZVqQNZ/uq5w1KDIR3JdUpbv+kT8azW/EAyRcNHd3PDNjyqptm5T7+6L8rDpYfv fO4QTYDlqs187//AEBqVQyFbB4fHdKAf79+3xo34wQMEmzdWogFAySWZEfyiyKTL+9cU LD4vZI3UeBCmfi2tQkI3aeEryxQwVkOPke2xUDU+qT04jCAieMtQGZ1+8jjcNgEIH/H5 SNHw==
X-Gm-Message-State: AOAM533gzmTV5rBunC4E62cR44wTuF4JIUhj70TLuAY0HV3kIjS1nGa8 7HAAAPzPvBiOLgAU5AI6vgVlrfCJTFeMyv2MFo4yajI6OoqaVg==
X-Google-Smtp-Source: ABdhPJxtRu4Ma0b++CyTo1zIbzbRd7wb6Uk0l0IdG/jjUkty4fY6JwXLFwtoOtZm0F9cZv76iIMlsOsjDuUg1zALb+0=
X-Received: by 2002:ac8:7a98:: with SMTP id x24mr154182qtr.265.1630614204177; Thu, 02 Sep 2021 13:23:24 -0700 (PDT)
MIME-Version: 1.0
From: Richard Barnes <rlb@ipv.sx>
Date: Thu, 02 Sep 2021 16:23:12 -0400
Message-ID: <CAL02cgRw3OASDfqcywU1b=S+K9QDA=iJ-Pa+4uTUE--Cui5m6g@mail.gmail.com>
To: sframe@ietf.org
Content-Type: multipart/alternative; boundary="00000000000067f4dd05cb08f41e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/ecFnjnNz-WaJV85HiuFl_crKmEI>
Subject: [Sframe] Negotiating SFrame/RTP in SDP
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Sep 2021 20:23:31 -0000
Hi folks, One of the major work items left around SFrame is the work to specify how SFrame-encrypted media are carried in RTP, and how that is signaled in SDP. The finer points might need to be worked out in AVTCORE / MMUSIC, but since this group knows the intricacies better, it seems like having some agreement here on general approach would be good. Sergio put together a first stab at this in draft-murillo-avtcore-multi-codec-payload-format [1]. He presented this at AVTCORE @ IETF 111 [2]. Unfortunately, the discussion there doesn't seem to have provided a clear path forward, thus this thread. Personally, I think the proposal in Sergio's draft is a little wide of the mark. ISTM that specifying a "generic" media format and recovering the specificity in an RTP header is more complex than is needed. Worse, it sets up implementations to send the same media both encrypted and unencrypted -- obviously not great for security. I'd like to propose a simpler approach, drawing inspiration from cryptex [3]: a=sframe:<frame|packet> [<keying>] Basically, just a new SDP attribute per m-line, that specifies that SFrame encryption is being done and how. The desired semantic is clear for SPacket: Just add an SFrame protect/unprotect before you do other processing on the media payload. Then you will have a payload that is as described in the SDP. You can *almost* describe SFrame in this way as well. Assemble all the RTP packets in a frame, then do SFrame across all of their payloads (in particular, adding the header to the first packet and the tag to the last). If you constrained the sender to construct pre-SFrame packets that were properly packetized according to the rest of the SDP, then this would integrate cleanly with the rest of the SDP/RTP model. The problem is that that constraint is incompatible with Insertable Streams. So we need to decide how much we care about compatibility with IS as it is. Personally, it seems like WebRTC stacks and web apps are going to have to upgrade *anyway* if they're going to support SDP-based negotiation of SFrame, so if they have to make this one extra change, it shouldn't be a big deal. How does this approach strike folks? --Richard [1] https://www.ietf.org/archive/id/draft-murillo-avtcore-multi-codec-payload-format-01.html [2] https://youtu.be/S-JR4Fa8VFY?t=3510 [3] https://www.ietf.org/archive/id/draft-ietf-avtcore-cryptex-02.html#name-signaling
- [Sframe] Negotiating SFrame/RTP in SDP Richard Barnes
- Re: [Sframe] Negotiating SFrame/RTP in SDP Bernard Aboba
- Re: [Sframe] Negotiating SFrame/RTP in SDP Sergio Garcia Murillo
- Re: [Sframe] Negotiating SFrame/RTP in SDP Bernard Aboba
- Re: [Sframe] Negotiating SFrame/RTP in SDP Richard Barnes
- Re: [Sframe] Negotiating SFrame/RTP in SDP Bernard Aboba
- Re: [Sframe] Negotiating SFrame/RTP in SDP Suhas Nandakumar