IETF Logo Mail Archive

Re: [Sframe] Negotiating SFrame/RTP in SDP

Bernard Aboba <bernard.aboba@gmail.com> Mon, 06 September 2021 23:39 UTC

Return-Path: <bernard.aboba@gmail.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 22FE83A0AE0 for <sframe@ietfa.amsl.com>; Mon, 6 Sep 2021 16:39:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T_w0JlkcB1qS for <sframe@ietfa.amsl.com>; Mon, 6 Sep 2021 16:39:45 -0700 (PDT)
Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C7F543A0ADE for <sframe@ietf.org>; Mon, 6 Sep 2021 16:39:44 -0700 (PDT)
Received: by mail-lf1-x131.google.com with SMTP id x27so15940329lfu.5 for <sframe@ietf.org>; Mon, 06 Sep 2021 16:39:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+py9CRhaIoHr5LKnfueFa5OXoxDAacngrhHuRNTb8Ag=; b=eMleM8Pc/arfNQs5MTcu0H8AMviB2DJN0DfZgmBS5aBPXOoeb5MLU9g7wty4bqNND4 CpW5B3vM0y1u5g8efrT9/J9JTY2F8ZAkJhHTSW6rEiXg6LjOcmgXtf/5Y7MticKRGpuG ZbPSIxYgLJ1OhNLQoMDWH1y/TQBVN1BuCTvEachuY4Bik86DuzPfrKo3XVBFEHPtxzWI fbecY6vI7JfwOx+/rQeIgZn3ui6RahJNPXn/wy9QDTmRCXfkShb4bTCcW3gJ6rl9tBLT 3hGzA8OhtbNjDGm3p7fPN1GXIOPBhDiqbeJhEAk83L564D97niYQebvzaWbgN0gTij6k NkYQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+py9CRhaIoHr5LKnfueFa5OXoxDAacngrhHuRNTb8Ag=; b=BYeUebEPt3WZoJiF8TLGqeTsXj3oKkUA7Otxrfyep4SW/pKsj91uHW88yMk84EcPOy 9S5yRe/gDwTUzf3hO+yc4/9uPMSZnfnAehHTJmrZ82DtOu74Zw9EI0gbeauvLi5/3ap8 T8eOxqSxZgVRI0hG+LplSju/+Oo89x3aOa+q/NtikoOaPk9FO8KYZPkqGw5In14kCaaJ mzoTF1Cxhyrs6iWr8KgFEzraAg+thi3SBSKp6PNyEd/pO6MgnjU8C1jJeRwLmsoU8Ltv 1OMw6VFp/9qat8lTq3yvXJryI/V4d5GOZ4gEaqEYll5yDZTQwgKhPaBET9d+lL0pXyWG L7pg==
X-Gm-Message-State: AOAM533ZOjpsXqKWb90PI3fk8F9QiE66xNh2bdIUL3rbecVXCGPl1gjv Ll6+co/tKmmK+G0c0spWHiCTUoi+K5SJVes2ZRCYEcT2GxM=
X-Google-Smtp-Source: ABdhPJxGBw1vbHK205CHwKzKQWxZ6VFr2Prr/6uy7otbatb8JWcPnZVcVV0tPm+iri+t/5Cb5mhb5HkQ9JckkgFoLBI=
X-Received: by 2002:a05:6512:3a95:: with SMTP id q21mr10718461lfu.198.1630971580883; Mon, 06 Sep 2021 16:39:40 -0700 (PDT)
MIME-Version: 1.0
References: <CAL02cgRw3OASDfqcywU1b=S+K9QDA=iJ-Pa+4uTUE--Cui5m6g@mail.gmail.com> <CANRTqcMFUo7BY_8JA3mBMcYYLHDOgSVsEPA_kmQGw2PxkkTuqQ@mail.gmail.com>
In-Reply-To: <CANRTqcMFUo7BY_8JA3mBMcYYLHDOgSVsEPA_kmQGw2PxkkTuqQ@mail.gmail.com>
From: Bernard Aboba <bernard.aboba@gmail.com>
Date: Mon, 06 Sep 2021 16:39:30 -0700
Message-ID: <CAOW+2dvh8DF7QU8sbPXjc1J_gNJPVdgJbdJeD-JKjP+HGen_tQ@mail.gmail.com>
To: Sergio Garcia Murillo <sergio.garcia.murillo@cosmosoftware.io>
Cc: Richard Barnes <rlb@ipv.sx>, sframe@ietf.org
Content-Type: multipart/alternative; boundary="000000000000b7a79c05cb5c294d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/r4oHWi4g9cdG0cczPaKFZ8fziac>
Subject: Re: [Sframe] Negotiating SFrame/RTP in SDP
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Sep 2021 23:39:50 -0000

Richard said:

"Just add an SFrame protect/unprotect before you do other processing on the
media payload.  Then you will have a payload that is as described in the
SDP."

[BA]  If the SFU is untrusted to have cleartext access to the payload, why
would the endpoint use SDP to negotiate with the SFU whether to use E2E
encryption?  This potentially enables a downgrade attack.

Such a negotiation only makes sense in a use case where there are some
clients that support E2E encryption and others that do not, and the SFU is
looking to gracefully keep the non-E2E endpoints out of the conference
(e.g. by failing the O/A negotiation, instead of succeeding and then having
the non-E2E endpoints being unable to parse the codec payloads).

Sergio said:

"Also, not always the media server and the endpoints are provided by the
same company (i.e. CPaaS) and they will have to support both end to end
encryption and non end to end encryption calls. "

[BA]  SDP negotiation between the endpoint and SFU is useful in negotiating
hop-by-hop parameters, such as the RTP header extensions needed by the SFU
to forward packets without inspecting the RTP payload.

But in a CPaaS scenario, I agree that the application will determine
whether to use E2E encryption or not and the SFU need not know or care,
since it isn't parsing the codec payloads anyway.  In that scenario you
won't have a mixture of E2E capable and non-capable endpoints, so the SDP
negotiation would serve no useful purpose.



On Mon, Sep 6, 2021 at 12:14 PM Sergio Garcia Murillo <
sergio.garcia.murillo@cosmosoftware.io> wrote:

> From my point of view, all the mechanisms described on the multi codec
> payload format are required:
>
> The ability to differentiate a RTP packet encrypted end to end (either by
> SFrame or SPacket) is a must, both from a formal point of view about how
> RTP works, but also to ensure that the media servers does not perform any
> payload inspection that will cause malfunction (metadata gathering, layer
> switching, recording..)
>
> The optionality of the encryption also comes from various factors. First,
> end to end encryption is an "endpoint" decision, the SDP negotiation with
> the media server should not be the place to enforce it or not. Also, not
> always the media server and the endpoints are provided by the same company
> (i.e. CPaaS) and they will have to support both end to end encryption and
> non end to end encryption calls. Note that it is quite a common practice in
> SFUs to send an SDP offer from the media server to the endpoint, in which
> case, the media server will have to offer e2e encryption as optional.
>
> As an example, in Millicast we support both e2ee and non-e2ee streams
> today (with the insertable stream per codec hacks), it is a
> completely optional feature up to each customer to implement and to decide
> when and if it is used. We are just carriers, and we do not want the
> customer to have to configure if the stream is e2ee or not. We are not (and
> must not be) involved in enforcing e2ee in any way.
>
> Best regards
> Sergio
>
> On Thu, Sep 2, 2021 at 10:23 PM Richard Barnes <rlb@ipv.sx> wrote:
>
>> Hi folks,
>>
>> One of the major work items left around SFrame is the work to specify how
>> SFrame-encrypted media are carried in RTP, and how that is signaled in
>> SDP.  The finer points might need to be worked out in AVTCORE / MMUSIC, but
>> since this group knows the intricacies better, it seems like having some
>> agreement here on general approach would be good.
>>
>> Sergio put together a first stab at this in
>> draft-murillo-avtcore-multi-codec-payload-format [1].  He presented this at
>> AVTCORE @ IETF 111 [2].  Unfortunately, the discussion there doesn't seem
>> to have provided a clear path forward, thus this thread.
>>
>> Personally, I think the proposal in Sergio's draft is a little wide of
>> the mark.  ISTM that specifying a "generic" media format and recovering the
>> specificity in an RTP header is more complex than is needed. Worse, it sets
>> up implementations to send the same media both encrypted and unencrypted --
>> obviously not great for security.
>>
>> I'd like to propose a simpler approach, drawing inspiration from cryptex
>> [3]:
>>
>> a=sframe:<frame|packet> [<keying>]
>>
>> Basically, just a new SDP attribute per m-line, that specifies that
>> SFrame encryption is being done and how.  The desired semantic is clear for
>> SPacket: Just add an SFrame protect/unprotect before you do other
>> processing on the media payload.  Then you will have a payload that is as
>> described in the SDP.
>>
>> You can *almost* describe SFrame in this way as well.  Assemble all the
>> RTP packets in a frame, then do SFrame across all of their payloads (in
>> particular, adding the header to the first packet and the tag to the
>> last).  If you constrained the sender to construct pre-SFrame packets  that
>> were properly packetized according to the rest of the SDP, then this would
>> integrate cleanly with the rest of the SDP/RTP model.  The problem is that
>> that constraint is incompatible with Insertable Streams.  So we need to
>> decide how much we care about compatibility with IS as it is.  Personally,
>> it seems like WebRTC stacks and web apps are going to have to upgrade
>> *anyway* if they're going to support SDP-based negotiation of SFrame, so if
>> they have to make this one extra change, it shouldn't be a big deal.
>>
>> How does this approach strike folks?
>>
>> --Richard
>>
>> [1]
>> https://www.ietf.org/archive/id/draft-murillo-avtcore-multi-codec-payload-format-01.html
>> [2] https://youtu.be/S-JR4Fa8VFY?t=3510
>> [3]
>> https://www.ietf.org/archive/id/draft-ietf-avtcore-cryptex-02.html#name-signaling
>> --
>> Sframe mailing list
>> Sframe@ietf.org
>> https://www.ietf.org/mailman/listinfo/sframe
>>
> --
> Sframe mailing list
> Sframe@ietf.org
> https://www.ietf.org/mailman/listinfo/sframe
>

v2.23.0 | Report a Bug | By Email