Re: [Sframe] SFrame signatures

Raphael Robert <raphael@wire.com> Fri, 19 March 2021 13:41 UTC

Return-Path: <raphael@wire.com>
X-Original-To: sframe@ietfa.amsl.com
Delivered-To: sframe@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA0CD3A13FD for <sframe@ietfa.amsl.com>; Fri, 19 Mar 2021 06:41:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wire-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MesdKJDcjuWM for <sframe@ietfa.amsl.com>; Fri, 19 Mar 2021 06:41:32 -0700 (PDT)
Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CAEE3A1400 for <Sframe@ietf.org>; Fri, 19 Mar 2021 06:41:32 -0700 (PDT)
Received: by mail-ej1-x634.google.com with SMTP id kt15so314419ejb.12 for <Sframe@ietf.org>; Fri, 19 Mar 2021 06:41:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wire-com.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+epKqCC8fykqtdr6siU7TJC5reCCwJ50LYm2uVwGOWE=; b=aLcEslE6DNdCUt38wfckRqv5F9gIWblQ7Dx9FwvG2me986X8+xIZ/bQ4PrkiBiPaI3 cULI64DZKLVhGD96wR/KJYDnIQBSlX4IhMAt4UifJvAa8jWAeGsnWsIGrnUOKDfVJyCZ Pgn23Cx2yNRX8mCGm6t2SN6gdeuvmuBIXghlctzXlkUTMPNLXiq59xJ7Gi1PNBZhjZp7 o/46p0YNHU/cuwN7SxD5X+0i9HHnyCkZDXCiukygKHLyY5rV9mOuehYv63s3iInfCpgr xIVPmQ2bj2xRvnH/BuTA1F1DieEZ3Oyg0ZhBqp1SJh0w2FK04VtINPk1fXBJ5Kh5ycOh zPbQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=+epKqCC8fykqtdr6siU7TJC5reCCwJ50LYm2uVwGOWE=; b=i5WDBY5/fiJwEJvadD79OMYIRdRh+rjWlHN5M722/ZQo76ZnFMZh3Ied4DF0mc3G6J oApdWqF85JrZlVMpy7Om/VljQzsFQmDNnXSVe63Yaf6FSv6mkt0RnIgKz2jZjjT1iZJL utPNOZ64zjAqQwSFwkTdTrMk4bTK/mjdB9KS5vrG9TPNdtqM8UDbfjjIxs/tLgQFjybZ e6u53MtZK+yPkGpdj5yayW0MVo7REwLi0WSds9VoNLjrd0ziplgMAFQoPDCGGpdbGbJz p76qctfTd8d56SwcMdhJ4IT4h6xxBXOpWs3bG4Dq4DH1scgu+KV8eWj13s5+0bH134Vm RLlQ==
X-Gm-Message-State: AOAM531fvPAzDrDA8s7blpryExNgdOXNMcdjl7fooWAvCfQxAXOOsEGG DchSFZSWjpqWU5ZXryC/Bnp/g1yl4g3vDQ==
X-Google-Smtp-Source: ABdhPJxqUnARp3FSHxxHqP7IIu/hSJqtzGhSCI0V63i3a2JIZTaON3zBJevKxqMpwcRMvha1+vT9Xg==
X-Received: by 2002:a17:906:4d96:: with SMTP id s22mr4396003eju.189.1616161290035; Fri, 19 Mar 2021 06:41:30 -0700 (PDT)
Received: from rmbp.fritz.box ([37.49.18.137]) by smtp.gmail.com with ESMTPSA id k12sm4150737edr.60.2021.03.19.06.41.28 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Mar 2021 06:41:29 -0700 (PDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: Raphael Robert <raphael@wire.com>
In-Reply-To: <CFA69D2C-7FBB-485E-8F3E-C021CB1F971D@iii.ca>
Date: Fri, 19 Mar 2021 14:41:27 +0100
Cc: Justin Uberti <juberti=40google.com@dmarc.ietf.org>, Sframe@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <46D405D0-F143-4C2F-A629-F87DFB6D33D6@wire.com>
References: <CAOJ7v-03Jt4w1PuSA-cTyM_GpD6rDFkz4US_Yw35YRHbikr3iA@mail.gmail.com> <CFA69D2C-7FBB-485E-8F3E-C021CB1F971D@iii.ca>
To: Cullen Jennings <fluffy@iii.ca>
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/sframe/yiTUBDP6mujoo7Cp72J9b8a89JI>
Subject: Re: [Sframe] SFrame signatures
X-BeenThere: sframe@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <sframe.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sframe>, <mailto:sframe-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sframe/>
List-Post: <mailto:sframe@ietf.org>
List-Help: <mailto:sframe-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sframe>, <mailto:sframe-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Mar 2021 13:41:34 -0000

I for one disagree with just dropping the only mechanism that can provide sender authentication without further discussion or an adequate substitute. I’d also be interested to learn more about the specifics here.

I am well aware of the complexity of the topic, given that a) signatures and verifications are somewhat expensive and b) packets might get dropped. Nevertheless — like Cullen said — there are scenarios where signatures are important.

Raphael


> On 19. Mar 2021, at 04:28, Cullen Jennings <fluffy@iii.ca> wrote:
> 
> 
> Could you say a bit more about the issue is with signing?  I wonder how much the issue is the complexity of trying to get teh bandwidth savings of signing across multiple frames vs just doing a single frame. 
> 
> There are a few uses  that is think is fairly common which drive the need for something like signing. Imagine you have a bot listening to the call to do real time transcription and translation of the call. It would be nice to give that bot read access to the media but not write access to contribute media. If the media is signed, this is fairly easy to do by blocking the bots ability to contribute to the mix but it is not clear how to do this without something like signing. 
> 
> 
>> On Mar 18, 2021, at 4:15 PM, Justin Uberti <juberti=40google.com@dmarc.ietf.org> wrote:
>> 
>> In recent discussions regarding signatures for SFrame we have questioned the usefulness of this feature and considered removing it. Upon looking closer into the details here, we have also determined more work would be required to properly specify it.
>> 
>> Given this, the authoring team would like to officially propose removing the signature feature from the specification. If you are using SFrame signatures in your application and disagree with this direction, please let us know by the end of next week (Friday, March 26).
>> 
>> Justin
>> -- 
>> Sframe mailing list
>> Sframe@ietf.org
>> https://www.ietf.org/mailman/listinfo/sframe
> 
> -- 
> Sframe mailing list
> Sframe@ietf.org
> https://www.ietf.org/mailman/listinfo/sframe