Re: [Sframe] [dispatch] SFRame Next Steps (was SFrame proposed WG charter)

Alexandre GOUAILLARD <Alex.GOUAILLARD@cosmosoftware.io> Sat, 08 August 2020 03:51 UTC

Return-Path: <alex.gouaillard@cosmosoftware.io>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1C0913A0C2F for <sframe@ietfa.amsl.com>; Fri, 7 Aug 2020 20:51:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cosmosoftware-io.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p_9wFCoaOjE6 for <sframe@ietfa.amsl.com>; Fri, 7 Aug 2020 20:51:16 -0700 (PDT)
Received: from mail-ot1-x32b.google.com (mail-ot1-x32b.google.com [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D28473A0C32 for <sframe@ietf.org>; Fri, 7 Aug 2020 20:51:16 -0700 (PDT)
Received: by mail-ot1-x32b.google.com with SMTP id a65so3165050otc.8 for <sframe@ietf.org>; Fri, 07 Aug 2020 20:51:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cosmosoftware-io.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=imSr3jez8a6v0Nn3rBShIoMEgthfm8/4ZGv9IAvcv1g=; b=Jwnl7fmEJGrW/o8WBsKXr++b2O3TLfcSjhXVyJKWlMDebADHRRuGNrQFhiyXGvz8qB x5EftS06YHy0A2Lx81A5PQfdI/zTc8UcS/u3pA8y96tAqDB86HS6VyzbpGis0tWhg4aP vGSrDn4/zmxd4cjYrMOz6DCmGnYjR1ncHOIyhDhdM4zcgNd3pSSfuWmWz+oI48cv/A9F G2T/UBcvtOFHhKpLD/ONvdqf5Idi2efMDkd6rLgn8HnAZQg8MsCOVTBz1nrHSMiFasGV cE4JNX3uESMU/fBXOuIz8gtwSrwgWMqWGx3dflzEUXV/5TUfESZ/nVr2USJaAbAO4GRO fcDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=imSr3jez8a6v0Nn3rBShIoMEgthfm8/4ZGv9IAvcv1g=; b=oWRC81rMDo4bgqNPGucOK85r6jvVxndMhEquaw+aI7PeveTh2sMDVVLC52sCm6Dl3o xqUyJZdBtATXbvSq/MXOO+isXGkWOb6G28jFbOXoX9TZlwcwh2ynJaCIt4k4/r2x/qPS ZO0LmOzaELwZ5dXsd9nl7Rt62EzVKle1+iUlYYfnZ7tFr9rknuYby3rER8T5t8oHQxXS eXAdP2ow8Sz4XBNUxDjcgaYrO2oTaAfcRupi8d3f9G+L83avWaSe64igxWz4YAe6rBun WOrCHT5vyHsPVHSJvgsxOvrgh1xditK1yD5aey6/m6smqTbXCELFYHRJL9ZiZHiPDUpT 2rlQ==
X-Gm-Message-State: AOAM533daWO41slnEDLCMkxWRnvqlQYTyBmUdt5qmwLiKBpTWTCf8nHu d/XMVIlObjLK+GMAPxipdqQ1oyD43KfnKIs+a8MdIg==
X-Google-Smtp-Source: ABdhPJwuhUadYuOal9JFmTPyTMZ+lCXl0yWGONerFVzCqHt1kixUz+Tv/0rNDZdQbqiRU6b5+XgyZ7Xz1goe/UF1PhE=
X-Received: by 2002:a9d:5616:: with SMTP id e22mr15491969oti.255.1596858676027; Fri, 07 Aug 2020 20:51:16 -0700 (PDT)
MIME-Version: 1.0
References: <CAHo7dC91bvRHiYuRT63uJ=HeuFU9L7XXqTcG+za5xi_BbQ0G2w@mail.gmail.com> <E2072219-1B6E-4444-A39C-287842783DBF@nostrum.com> <CAL02cgT13rEnvaB9TFMci=N8OqO35qKHthPHhMCvAccZWhCu-Q@mail.gmail.com> <ca0a7472a86cf53c78779f6153a80dc096acc4e8.camel@ericsson.com> <69181ed1-d72a-99de-8b4d-9e10276ced91@gmail.com> <771e108a9f25c1bec04d5fcdad58eb55bbb1533d.camel@ericsson.com> <CAHo7dC_b_fvmq=FRK-DMFtOji_tCV3hAnEHr+P-CY7BHtPP+MA@mail.gmail.com>
In-Reply-To: <CAHo7dC_b_fvmq=FRK-DMFtOji_tCV3hAnEHr+P-CY7BHtPP+MA@mail.gmail.com>
From: Alexandre GOUAILLARD <Alex.GOUAILLARD@cosmosoftware.io>
Date: Sat, 8 Aug 2020 11:51:05 +0800
Message-ID: <CACtMSQWR0xxV_2Worc197Ftf7yTFhwrses+732vWN+fHjN4pkQ@mail.gmail.com>
To: Emad Omara <emadomara=40google.com@dmarc.ietf.org>
Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>, "rlb@ipv.sx" <rlb@ipv.sx>, "ben@nostrum.com" <ben@nostrum.com>, "dispatch@ietf.org" <dispatch@ietf.org>, "sergio.garcia.murillo@gmail.com" <sergio.garcia.murillo@gmail.com>, "sframe@ietf.org" <sframe@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000243a0005ac55a264"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/lWijXgXvPqipO9BuVNiRq2EuGHc>
Subject: Re: [Sframe] [dispatch] SFRame Next Steps (was SFrame proposed WG charter)
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 08 Aug 2020 03:51:19 -0000

guys,

sorry for jumping in so late, quarantine here is very strict.

We had long discussions about this specific point ahead of the draft
submission.
We had reached the following consensus:
- there are multiple usage of media over the internet, e.g. conferencing
and streaming/broadcast
- they have very different threat/trust models, with different solutions
implemented today (transport layer E / E2EE / DRM / Encrypted Media
Extentions / ...)
- they all can benefit from SFrame

PERC was, by design, limited to RTP and to Conferencing. Many other use
case coul benefit from Enhanced Privacy.

We concluded that it would be better to keep SFrame (the media encryption
part, equivalent to PERC double conceptually), and to have separated
documents that describe the threat models and the corresponding key
exchange, signaling and system level decision for each use case. Emad had
taken an action item for example to make two additional documents to
describe the Video Conferencing use case, and how SFrame could be used in
conjunction with MLS to address that specific use case. Someone else could
take the different use case of the Browsers (which have a specific trust
model) and make a document showing how SFrame con work with Insertable
Frame API (and likely some more) to address that use case. CoSMo is
interested in doing the same thing for Real-Time streaming/Broadcasting.

I think it is a more reasonable approach as, even spending a lot of time
brainstorming with everyone around the tabel including bernard, we couldn't
think about one solution to fit all the different "media over internet"'s
threat model. In my mind, each case should first have an informal document
to define scope and threat model, and subsequent document to define the
corresponding specifications.
- Secure Conferencing Threat model (emad and co.)
- Secure Conferencing Signalling using MLS (emad and co.)
- Secure Conferencing using MLS In the browser (contributed by w3c people)

Magnus, what do you think?

Regards,

Dr. ALex.



On Fri, Aug 7, 2020 at 2:02 AM Emad Omara <emadomara=
40google.com@dmarc.ietf.org> wrote:

> Thanks Magnus. I like the idea to explicitly call out the threat model, I
> think it will be good foundations that control all future design decisions,
> however I'm not sure if the charter is the right place to call this out.
> I'd recommend having a separate document that describes the system
> architecture, goals and threat model. What do you think?
>
> Emad
>
> On Thu, Aug 6, 2020 at 1:56 AM Magnus Westerlund <
> magnus.westerlund@ericsson.com> wrote:
>
>> Hi,
>>
>> On Wed, 2020-08-05 at 22:15 +0200, Sergio Garcia Murillo wrote:
>> > But shouldn't the "delayed media" attack still be transport agnostic? I
>> > mean, this can happen on QUIC and WebRTC SFUs.
>>
>> Sorry if I gave the impression that it is not transport agnostic. It is
>> use case
>> dependent, any use case that isn't point to point, where there is more
>> than one
>> entity that can intentionally remove SFRAME creating gaps in the SFRAME
>> sequence. In a point to point scenario one can correlate transport losses
>> with
>> SFRAME gaps to know give a reasonably strong mitigation against any third
>> party
>> removing SFRAMEs or delaying them. That is much harder in a centralized
>> conference with one or more SFU.
>>
>> >
>> > Anyway, I agree that while SFrame is transport agnostic, the chapter
>> > should not ignore the interactions with webrtc/quic and we must ensure
>> > that we provide a complete working solution regardless of the
>> transport.
>> > If we identify that any further working items are required for a
>> > particular transport, we should at liaise with the appropriate working
>> > group for providing a solution.
>>
>> My main point is that SFRAME actually needs to discuss the threat model
>> for the
>> use cases it intendes to solve. And the mitigation can potentially include
>> functionality on the transport level. But the risks to media security in
>> centralized conferencing needs to be discussed. And centralized
>> conferencing
>> will still have the semi-trusted SFUs and all the rest of the third
>> parties in
>> addition to the end-points.
>>
>> Also what properties one have around end-points invited into the
>> conference has
>> a number of question around security properties that needs to be
>> discussed and
>> documented. Some examples that I know are relevant:
>>
>> - Source authentication: SRTP unless one use TESLA (which isn't really
>> used)
>> does only provided the property: Someone that has the key sent this. One
>> don't
>> know that it comes from a particular endpoint.
>>
>> - Confidentiality when group membership changes: So will SFRAME keying
>> support a
>> use case where only the current set of members in a conference can
>> decrypt the
>> media and one rekey the media session key for each time the membership
>> changes?
>> PERC do support this, will SFRAME?
>>
>> There are likely more questions that needs discussion. The PERC
>> discussion is a
>> good starting point, but I think when going transport agnostic some of the
>> issues needs to be more clearly discussed as the RTP transport can have
>> affected
>> how it was discussed, and what reliance on existing mechanism. Which for
>> SFRAME
>> likely require a general discussion and then requirements on the
>> transport and
>> invovled endpoints and SFU to accomplish mitigations. And thus also what
>> the
>> risks are of having no mitigation in place.
>>
>> I would really propose that SFRAME is chartered with publishing a security
>> consideration and threat model document that is seperate from the
>> solution to
>> give this topic full focus. The solution will of necessity need to
>> reference
>> that and document what migitagtions that exists in the SFRAME layer and
>> what
>> becomes requirements on the transport.
>>
>> Cheers
>>
>> Magnus Westerlund
>>
>>
>> ----------------------------------------------------------------------
>> Networks, Ericsson Research
>> ----------------------------------------------------------------------
>> Ericsson AB                 | Phone  +46 10 7148287
>> <+46%2010%20714%2082%2087>
>> Torshamnsgatan 23           | Mobile +46 73 0949079
>> <+46%2073%20094%2090%2079>
>> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
>> ----------------------------------------------------------------------
>>
>>
>> --
> Sframe mailing list
> Sframe@ietf.org
> https://www.ietf.org/mailman/listinfo/sframe
>