Re: [Sframe] Adoption call for draft-omara-sframe-01
Eric Rescorla <ekr@rtfm.com> Fri, 15 October 2021 21:16 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9DA93A0B6C for <sframe@ietfa.amsl.com>; Fri, 15 Oct 2021 14:16:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CSPbeLOnlluS for <sframe@ietfa.amsl.com>; Fri, 15 Oct 2021 14:16:44 -0700 (PDT)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B03783A0B6B for <sframe@ietf.org>; Fri, 15 Oct 2021 14:16:44 -0700 (PDT)
Received: by mail-io1-xd29.google.com with SMTP id 188so9179340iou.12 for <sframe@ietf.org>; Fri, 15 Oct 2021 14:16:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HC42Qb9mcLDS63kcMX27rfynYz0X0yU3Y1k36v+0HPE=; b=21Ydgv2pIr7e+cazTlOCUcUSUpIDhSWDit1eZcHd3JvoSxyzkLif3lpKJX0OHDaq1k 2xNwYL+f+DzhOQD/YmMQxTCLaNVmhqXdNmAiAhw7uEZ8yiVL8fjlPdTkXhmGPZt6NChJ IauihlCAEIOTDQqBA8W3G5jr6rbr0yVdRf0o9KlgXCxMlzb2/cKdk5oyhOFzRNAipRfh xN+X7e6DGUBTxDLzOPWbX+vkCnCiqzcvmKx5q2fuNzkq5YUCq2l2uYtR1vodtbK/VHAk zdw73D+zKhjhIVhBntnGimQt+4NCviW6SiFtW+loJZkXHWcw7fHSK/zdjAHciOWpy3lm PFIw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HC42Qb9mcLDS63kcMX27rfynYz0X0yU3Y1k36v+0HPE=; b=uiCCQqvoW9bxUDPVyHVrEUuKipAat3V4EUO1DO5PoTImzXoPHoCHwoWBu0HAbRideS aSNKdqLNmJNhratnb2bRyTWDnCe0VhP7EG5mi59VKY5kNn3VjDNYxd2lhinOPlAucDwu 24QnRWIo9AYYEjyFqPjukNICPyH2DYLNX+r3Tnfx1NByUQQfTXy/7mJ0V5hiqLeZ59fy k/6HyIZIFrollbBNCZw8vR0Sdyo+WyJsOw1EW5nhgkVW/JoAGC8WASlLFN9joflVaIP3 6mrKzgsgfoj/ByFBYS3yFf05BqPN5OxCQjwYm914iPlvwPHRx18/aqWIwZZ7Z7/DzIKj oZyA==
X-Gm-Message-State: AOAM532PmpSJsf6RjEyRjS2B7p757uLiCj894JeOv7eJ+gHankbm3WUO OFDsHpS8KZ/LNy3vEwb1wIMbw/zNiuXWvsDDY0/82Et9lt34DA==
X-Google-Smtp-Source: ABdhPJyiIpU0xVfbtLRPkpuTzqhXZghR3jmB9QOiyv5erVyVPmd4SY3Ou7VhVO8PlDneNtSJD9lYcEm1GYSAfcjI1tU=
X-Received: by 2002:a6b:db0d:: with SMTP id t13mr5369795ioc.149.1634332603790; Fri, 15 Oct 2021 14:16:43 -0700 (PDT)
MIME-Version: 1.0
References: <7e721f57-e7ee-4f47-8663-2b485aeabd1a@www.fastmail.com>
In-Reply-To: <7e721f57-e7ee-4f47-8663-2b485aeabd1a@www.fastmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 15 Oct 2021 14:16:07 -0700
Message-ID: <CABcZeBP2RpUKTa22Am4gXdm7h1t+ij0F3cNYtGhnsWTJtrysiw@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: sframe@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004b4eb705ce6ab61d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/yWMP6BRT_SGlhjTiaOmgfBVTVmw>
Subject: Re: [Sframe] Adoption call for draft-omara-sframe-01
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Secure Media Frames <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Oct 2021 21:16:50 -0000
TL;DR. This document needs a fair bit of work but I think
we should adopt it and work on it in the WG rather than
making the authors do a pile of work beforehand.
At the high level, I tend to agree with Bernard that this is
doing a bit too much. Specifically, while SFrame is designed
to be embedded in an E2E keying system, there's not much
about it that requires E2E. I would consider breaking that
material out into a different document or perhaps moving
it into an appendix as stage setting.
I also think it would be good if the document were somewhat
more agnostic about SPacket and SFrame; it seems like each
version has advantages in some cases.
DETAILED COMMENTS
S 4.
The stuff here 4. seems informational.
We propose a frame level encryption mechanism that provides effective
end-to-end encryption, is simple to implement, has no dependencies on
RTP, and minimizes encryption bandwidth overhead. Because SFrame
encrypts the full frame, rather than individual packets, bandwidth
overhead is reduced by having a single IV and authentication tag for
each media frame.
As noted above, there's nothing E2E about this. It's just designed to
it into a certain setting. I *do* think it would be useful to explain
the extent to which this depends on SRTP for security, if at all.
S 4.2.
Since each endpoint can send multiple media layers, each frame will
have a unique frame counter that will be used to derive the
encryption IV. The frame counter must be unique and monotonically
increasing to avoid IV reuse.
Reserved (R): 1 bit This field MUST be set to zero on sending, and
MUST be ignored by receivers. Counter Length (LEN): 3 bits This
field indicates the length of the CTR fields in bytes (1-8).
I am having trouble reading this text. Is it saying that the CTR field
can be 1-8 bytes long? But of course, 3 bits can only encode 0-7, so
you need to explain it's +1, I guess?
S 4.3.5.
Unlike messaging application, in video calls, receiving a duplicate
frame doesn't necessary mean the client is under a replay attack,
there are other reasons that might cause this, for example the sender
might just be sending them in case of packet loss.
This is true for messaging as well.
SFrame decryptors
use the highest received frame counter to protect against this. It
allows only older frame pithing a short interval to support out of
order delivery.
Should this say "within". You will eventually need more detail here
about how this works. In particular, you shouldn't update until you
have decrypted.
S 4.4.
+========+==========================+====+====+====+===========+
| Value | Name | Nh | Nk | Nn | Reference |
+========+==========================+====+====+====+===========+
| 0x0001 | AES_CM_128_HMAC_SHA256_8 | 32 | 16 | 12 | RFC XXXX |
+--------+--------------------------+----+----+----+-----------+
| 0x0002 | AES_CM_128_HMAC_SHA256_4 | 32 | 16 | 12 | RFC XXXX |
+--------+--------------------------+----+----+----+-----------+
| 0x0003 | AES_GCM_128_SHA256 | 32 | 16 | 12 | RFC XXXX |
+--------+--------------------------+----+----+----+-----------+
| 0x0004 | AES_GCM_256_SHA512 | 64 | 32 | 12 | RFC XXXX |
+--------+--------------------------+----+----+----+-----------+
A 4 byte tag is pretty short.
What's the reason for specifyin anything with SHA-512 as the
KDF?
In a session that uses multiple media streams, different ciphersuites
might be configured for different media streams. For example, in
order to conserve bandwidth, a session might use a ciphersuite with
80-bit tags for video frames and another ciphersuite with 32-bit tags
for audio frames.
A little weird to say this when you don't specify anything with 80 bit
tags.
On Sun, Oct 10, 2021 at 4:36 PM Martin Thomson <mt@lowentropy.net> wrote:
> https://datatracker.ietf.org/doc/html/draft-omara-sframe-01
>
> Please respond to this email before AOE 31 October 2021 if you support
> adopting draft-omara-sframe (currently -01) as a working group item. If
> you would prefer we not adopt this work, please respond with an explanation
> of why and ideally what you would like to see addressed before we do that.
>
> We're running this a tiny bit longer than a typical adoption call. Last
> time we talked about adoption there were a few concerns raised about the
> draft. We want to make sure those concerns are addressed, or at least
> those with concerns are satisfied that their concerns could be addressed.
>
> Martin, for the chairs
>
> --
> Sframe mailing list
> Sframe@ietf.org
> https://www.ietf.org/mailman/listinfo/sframe
>
- [Sframe] Adoption call for draft-omara-sframe-01 Martin Thomson
- Re: [Sframe] Adoption call for draft-omara-sframe… Saúl Ibarra Corretgé
- Re: [Sframe] Adoption call for draft-omara-sframe… Martin Thomson
- Re: [Sframe] Adoption call for draft-omara-sframe… Bernard Aboba
- Re: [Sframe] Adoption call for draft-omara-sframe… Sergio Garcia Murillo
- Re: [Sframe] Adoption call for draft-omara-sframe… Bernard Aboba
- Re: [Sframe] Adoption call for draft-omara-sframe… Sergio Garcia Murillo
- Re: [Sframe] Adoption call for draft-omara-sframe… Bernard Aboba
- Re: [Sframe] Adoption call for draft-omara-sframe… Sergio Garcia Murillo
- Re: [Sframe] Adoption call for draft-omara-sframe… Richard Barnes
- Re: [Sframe] Adoption call for draft-omara-sframe… Youenn Fablet
- Re: [Sframe] Adoption call for draft-omara-sframe… Emad Omara
- Re: [Sframe] Adoption call for draft-omara-sframe… Benjamin Beurdouche
- Re: [Sframe] Adoption call for draft-omara-sframe… Eric Rescorla
- Re: [Sframe] Adoption call for draft-omara-sframe… Raphael Robert
- Re: [Sframe] Adoption call for draft-omara-sframe… Justin Uberti