Re: [Last-Call] Genart last call review of draft-ietf-sframe-enc-07

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Richards,

 

Thanks for the explanation.

 

The third paragraph of the Intro section says:

 

The Secure Real-Time Protocol (SRTP) is already widely used for HBH

encryption [RFC3711]. The SRTP "double encryption" scheme defines a

way to do E2E encryption in SRTP [RFC8723]. Unfortunately, this

scheme has poor efficiency and high complexity, and its entanglement

with RTP makes it unworkable in several realistic SFU scenarios.

 

Is Secure Frame intended for fixing the poor efficiency and high complexity of SRTP?  The SRTP used for HBH requires the SFU to perform the decryption, correct? 

Can  Secure Frame  use the SRTP?

 

Thank you,

 

Linda

 

 

From: Richard Barnes <rlb@xxxxxx>
Sent: Wednesday, April 3, 2024 7:44 AM
To: Linda Dunbar <linda.dunbar@xxxxxxxxxxxxx>
Cc: gen-art@xxxxxxxx; draft-ietf-sframe-enc.all@xxxxxxxx; last-call@xxxxxxxx; sframe@xxxxxxxx
Subject: Re: Genart last call review of draft-ietf-sframe-enc-07

 

Hi Linda,

 

Secure Frames are *not* decrypted by the SFU.  The outer HBH encryption is decrypted by the SFU, but the point of the E2E encryption is that the SFU does not have the keys.

 

The document does not claim to save on SFU processing.  For a switching SFU, the processing should be roughly the same with or without SFrame.

 

--Richard

 

 

 

On Sat, Mar 30, 2024 at 9:23 AM Linda Dunbar via Datatracker <noreply@xxxxxxxx> wrote:

Reviewer: Linda Dunbar
Review result: Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://wiki.ietf.org/en/group/gen/GenArtFAQ>.

Document: draft-ietf-sframe-enc-??
Reviewer: Linda Dunbar
Review Date: 2024-03-30
IETF LC End Date: 2024-02-15
IESG Telechat date: 2024-04-04

Summary: This document describes the Secure Frame (SFrame) end-to-end
encryption and authentication mechanism for media frames.

Question: As the Secure Frames are decrypted by the SFU, why it is less
processing than the Hop-by-hop encryption between endpoint and SFU?

Thank you,
Linda

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux