Re: [Gen-art] Genart last call review of draft-ietf-sframe-enc-07

Wed, 03 Apr 2024 09:14:52 -0700 

Richards,

Thanks for the explanation.

The third paragraph of the Intro section says:

The Secure Real-Time Protocol (SRTP) is already widely used for HBH
encryption [RFC3711]. The SRTP "double encryption" scheme defines a
way to do E2E encryption in SRTP [RFC8723]. Unfortunately, this
scheme has poor efficiency and high complexity, and its entanglement
with RTP makes it unworkable in several realistic SFU scenarios.

Is Secure Frame intended for fixing the poor efficiency and high complexity of 
SRTP?  The SRTP used for HBH requires the SFU to perform the decryption, 
correct?
Can  Secure Frame  use the SRTP?

Thank you,

Linda


From: Richard Barnes <r...@ipv.sx>
Sent: Wednesday, April 3, 2024 7:44 AM
To: Linda Dunbar <linda.dun...@futurewei.com>
Cc: gen-art@ietf.org; draft-ietf-sframe-enc....@ietf.org; last-c...@ietf.org; 
sfr...@ietf.org
Subject: Re: Genart last call review of draft-ietf-sframe-enc-07

Hi Linda,

Secure Frames are *not* decrypted by the SFU.  The outer HBH encryption is 
decrypted by the SFU, but the point of the E2E encryption is that the SFU does 
not have the keys.

The document does not claim to save on SFU processing.  For a switching SFU, 
the processing should be roughly the same with or without SFrame.

--Richard



On Sat, Mar 30, 2024 at 9:23 AM Linda Dunbar via Datatracker 
<nore...@ietf.org<mailto:nore...@ietf.org>> wrote:
Reviewer: Linda Dunbar
Review result: Ready

I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://wiki.ietf.org/en/group/gen/GenArtFAQ>.

Document: draft-ietf-sframe-enc-??
Reviewer: Linda Dunbar
Review Date: 2024-03-30
IETF LC End Date: 2024-02-15
IESG Telechat date: 2024-04-04

Summary: This document describes the Secure Frame (SFrame) end-to-end
encryption and authentication mechanism for media frames.

Question: As the Secure Frames are decrypted by the SFU, why it is less
processing than the Hop-by-hop encryption between endpoint and SFU?

Thank you,
Linda


_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art

Reply via email to