Thank you.

And please, as per my final = emails with Mr. Frederick, please do also see if there is a way to indicate= somehow that progressive images would need to utilize a dynamic profile, t= he same for images which use components which are non incremental or do not= start at 0.

In short, the standard doesn'= ;t explicitly tell people that if you want to do things like that you must = use a dynamic profile.

Part of these desires I hav= e came from the upset that the standard didn't specify a standard way t= o use dynamic profiles, therefore even if I did utilize a dynamic one the r= eceiver would need to know how to handle the format and kind of defeats the= purpose of having a standard in the first place.

= If RFC2435 had been implemented as a dynamic profile of RFC2035 then it pos= sibly would have been easier to work around.

RFC24= 35 also specifically states progressive DCT would be supported in the profi= le but unfortunately it cannot be supported unless a dynamic profile is use= d or the DCT used is compatible with the interlaced DCT (coefficient wise) = making it a interlaced image anyway.

I suppose eve= n though the Quantization tables are not in the correct order that is becau= se the RFC was only showing the tables, it would be up to someone to put th= em into the ZigZag order as per the JPEG spec.

Non= e the less, sorry for any confusion and I do appreciate your time.

Thanks!

On Mon, Feb 16,= 2015 at 3:13 AM, Magnus Westerlund <magnus.westerlund@ericss= on.com> wrote:

On= 2015-01-30 03:34, Dale R. Worley wrote:
> Magnus Westerlund <magnus.westerlund@ericsson.com> writes:
>> I need your input on this Errata. Should it be held for document u= pdate
>> or Rejected?
>
> It's difficult to say because it's not clear (at least to me) = what the
> erratum is intended to do.=C2=A0 I would need to see a more detailed > explanation of the error the erratum is intended to correct.
>

Hi,

There has been some off-line discussion with Julius around RFC2435 where it becomes clear that he really like to have capabilities in the payload format that the current specification does not support.

Therefore the decision is to reject this Errata.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Services, Media and Network features, Ericsson Research EAB/TXM
----------------------------------------------------------------------
Ericsson AB=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| = Phone=C2=A0 +46 10 7148287
F=C3=A4r=C3=B6gatan 6=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0| Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------

--001a11c3d33c7cc9eb050f30b28a-- From nobody Tue Feb 17 03:04:49 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DE0A1A879B; Tue, 17 Feb 2015 03:04:47 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.801 X-Spam-Level: X-Spam-Status: No, score=-1.801 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_111=0.6, J_CHICKENPOX_12=0.6, J_CHICKENPOX_15=0.6, J_CHICKENPOX_16=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1oUjuUEKMV3t; Tue, 17 Feb 2015 03:04:41 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A02E81A874E; Tue, 17 Feb 2015 03:04:40 -0800 (PST) X-AuditID: c1b4fb25-f791c6d00000617b-80-54e320469f74 Received: from ESESSHC012.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id F8.25.24955.64023E45; Tue, 17 Feb 2015 12:04:38 +0100 (CET) Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.56) with Microsoft SMTP Server id 14.3.210.2; Tue, 17 Feb 2015 12:04:38 +0100 Message-ID: <54E3202F.4050802@ericsson.com> Date: Tue, 17 Feb 2015 12:04:15 +0100 From: Magnus Westerlund User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: "mmusic (E-mail)" Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprELMWRmVeSWpSXmKPExsUyM+Jvja6bwuMQg1kv9Sxe9qxkt5i6/DGL A5PHkiU/mQIYo7hsUlJzMstSi/TtErgytp5bxFpwR6Ti78tG5gbGV/xdjJwcEgImEs2vb7FD 2GISF+6tZ+ti5OIQEjjCKPF203YmCGc5o8SXv1cYQap4BbQlJr1ZyQRiswioSnxr3QZmswlY SNz80cgGYgsJ6Ep09t8Hi4sKBEssfv6UFaJXUOLkzCcsILaIgLpE6+Y+sDizgJLE3KWvmbsY OTiEgeb3XHUHMZkFNCXW79KHqJCXaN46mxliurZEQ1MH6wRGgVlIhs5C6JiFpGMBI/MqRtHi 1OKk3HQjY73Uoszk4uL8PL281JJNjMBAPLjlt+oOxstvHA8xCnAwKvHwblj3KESINbGsuDL3 EKM0B4uSOK+d8aEQIYH0xJLU7NTUgtSi+KLSnNTiQ4xMHJxSDYw6FRK1BsufH3B2tLB90VjZ LzWhw/jGW1OL3PjjcvcZ3l6PNPh1f83GVQHnrz6uzFVUeiI6X5Dl+ot9Uz/UT2LMMKzLdw/I vFr4anatZn3ngZm19R9ehHc7nFG+uXylJkuf9MIJAnsemGRKXl6rmp+ueVp2ceis7Kpw22tv jDlM5pt8mnQz6pESS3FGoqEWc1FxIgB9p7IUJQIAAA== Archived-At: Cc: IETF AVTCore WG Subject: [AVTCORE] RTP Retransmission, FID and BUNDLE X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: "mmusic $E-mail$" List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2015 11:04:47 -0000 MMUSIC, (CC AVTCORE but please reply to MMUSIC only) In draft-ietf-avtcore-multi-media-rtp-session-06 we have the following open issue in Section 7.1: Open Issue: When using SDP to signal retransmission for one RTP session with multiple media types and one RTP session for the retransmission data will cause a situation where one will have multiple m= lines grouped using FID and the ones belonging to respective RTP session being grouped using BUNDLE. This usage might contradict both the FID semantics [RFC5888] and an assumption in the RTP retransmission specification [RFC4588]. What I understand the concern relates to the correct usage of FID to avoid breaking the semantics of FID when declaring an RTP session that would contain one audio, one video source bundled but a separate RTP session for the retransmission of both these media sources. Lets exemplify with what I believe is the only possible offer for this in regards to FID usage. SDP Offer (3) v=0 o=alice 2890844526 2890844526 IN IP4 atlanta.example.com s= c=IN IP4 atlanta.example.com t=0 0 a=group:BUNDLE foo bar a=group:FID foo zoo a=group:FID bar zoo m=audio 10000 RTP/AVP 0 b=AS:200 a=mid:foo a=rtpmap:0 PCMU/8000 a=extmap 1 urn:ietf:params:rtp-hdrext:sdes:mid m=video 10000 RTP/AVP 31 b=AS:1000 a=mid:bar a=rtpmap:31 H261/90000 a=extmap 1 urn:ietf:params:rtp-hdrext:sdes:mid m=application 40000 RTP/AVPF 99 100 a=rtpmap:99 rtx/90000 a=fmtp:99 apt=0;rtx-time=3000 a=rtpmap:100 rtx/90000 a=fmtp:199 apt=31;rtx-time=3000 a=mid:zoo I think the important aspect here is that one MUST use one FID line per m= line one groups with the retransmission session to avoid the FID MUST NOT have the same address that Roni brought up back in December. Have I missed any limitation or does the above example appear reasonable. If it does then we can write a small informational description about this into the multiple media types document. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- From nobody Tue Feb 17 07:45:51 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 182FE1A8A51; Tue, 17 Feb 2015 07:45:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yUpPFjZOVE-n; Tue, 17 Feb 2015 07:45:48 -0800 (PST) Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E8261A1EE9; Tue, 17 Feb 2015 07:45:48 -0800 (PST) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: X-Test-IDTracker: no X-IETF-IDTracker: 5.11.0.p1 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <20150217154548.10340.47552.idtracker@ietfa.amsl.com> Date: Tue, 17 Feb 2015 07:45:48 -0800 Archived-At: Cc: avt@ietf.org Subject: [AVTCORE] I-D Action: draft-ietf-avtcore-rtp-multi-stream-optimisation-05.txt X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2015 15:45:50 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Audio/Video Transport Core Maintenance Working Group of the IETF. Title : Sending Multiple Media Streams in a Single RTP Session: Grouping RTCP Reception Statistics and Other Feedback Authors : Jonathan Lennox Magnus Westerlund Qin Wu Colin Perkins Filename : draft-ietf-avtcore-rtp-multi-stream-optimisation-05.txt Pages : 17 Date : 2015-02-17 Abstract: RTP allows multiple media streams to be sent in a single session, but requires each Synchronisation Source (SSRC) to send RTCP reception quality reports for every other SSRC visible in the session. This causes the number of RTCP reception reports to grow with the number of SSRCs, rather than the number of endpoints. In many cases most of these RTCP reception reports are unnecessary, since all SSRCs of an endpoint are co-located and see the same reception quality. This memo defines a Reporting Group extension to RTCP to reduce the reporting overhead in such scenarios. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-multi-stream-optimisation/ There's also a htmlized version available at: http://tools.ietf.org/html/draft-ietf-avtcore-rtp-multi-stream-optimisation-05 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-ietf-avtcore-rtp-multi-stream-optimisation-05 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Tue Feb 17 07:52:48 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B2691A8A58 for ; Tue, 17 Feb 2015 07:52:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SB8AtiSnxtjg for ; Tue, 17 Feb 2015 07:52:42 -0800 (PST) Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76C0B1A8A98 for ; Tue, 17 Feb 2015 07:52:41 -0800 (PST) X-AuditID: c1b4fb3a-f79116d000000fec-76-54e363c7b62c Received: from ESESSHC010.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 27.19.04076.7C363E45; Tue, 17 Feb 2015 16:52:39 +0100 (CET) Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.50) with Microsoft SMTP Server id 14.3.210.2; Tue, 17 Feb 2015 16:52:38 +0100 Message-ID: <54E363C6.8060108@ericsson.com> Date: Tue, 17 Feb 2015 16:52:38 +0100 From: Magnus Westerlund User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: References: <20150217154548.10340.47552.idtracker@ietfa.amsl.com> In-Reply-To: <20150217154548.10340.47552.idtracker@ietfa.amsl.com> Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 8bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFuplluLIzCtJLcpLzFFi42KZGfG3Rvd48uMQg7W7RCxe9qxkd2D0WLLk J1MAYxSXTUpqTmZZapG+XQJXRtd1w4LD4hXNzzIaGOcJdTFyckgImEhcXXSWGcIWk7hwbz0b iC0kcIRRovF5RhcjF5C9nFHi1tP3TCAJXgFtiUMnJoIVsQioSpzsWsoKYrMJWEjc/NEIFhcV CJZY/PwpK0S9oMTJmU9YQGwRASGJ6f0TwOYIC0RJfDvxkAlimaPEvZYnYL2cAk4Sqxa/AjuI WcBA4siiOawQtrxE89bZzBD12hINTR2sExgFZiFZMQtJyywkLQsYmVcxihanFhfnphsZ6aUW ZSYXF+fn6eWllmxiBIbfwS2/rXYwHnzueIhRgINRiYd3w7pHIUKsiWXFlbmHGKU5WJTEee2M D4UICaQnlqRmp6YWpBbFF5XmpBYfYmTi4JRqYEyrdWt4+ELqp+P7Ky+/KAVZGxh4zf2poKB1 6vrS1ZMFNzCInCw8p3aQf7lYMWfSFddDDPP5hKz7NFmKsq+9kD+q9TZkAnPdw1CdJ7ddmDze 6pzoUV8kYi/dmTb92qW6mTdvHd08S3va3Giudc80gld3vM94KHSo7mDndJWi33c+G8RzfOFb ZK/EUpyRaKjFXFScCAC1gMOgIAIAAA== Archived-At: Subject: Re: [AVTCORE] I-D Action: draft-ietf-avtcore-rtp-multi-stream-optimisation-05.txt X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2015 15:52:48 -0000 WG, This is a minor update of the draft. The changes can easily be seen in the diff. The major change is around the SDP signalling text in Section 3.6. Please review the draft. We authors think this is now very stable and needs author external eyes to determine if we have missed anything. Cheers Magnus On 2015-02-17 16:45, internet-drafts@ietf.org wrote: > > A New Internet-Draft is available from the on-line Internet-Drafts directories. > This draft is a work item of the Audio/Video Transport Core Maintenance Working Group of the IETF. > > Title : Sending Multiple Media Streams in a Single RTP Session: Grouping RTCP Reception Statistics and Other Feedback > Authors : Jonathan Lennox > Magnus Westerlund > Qin Wu > Colin Perkins > Filename : draft-ietf-avtcore-rtp-multi-stream-optimisation-05.txt > Pages : 17 > Date : 2015-02-17 > > Abstract: > RTP allows multiple media streams to be sent in a single session, but > requires each Synchronisation Source (SSRC) to send RTCP reception > quality reports for every other SSRC visible in the session. This > causes the number of RTCP reception reports to grow with the number > of SSRCs, rather than the number of endpoints. In many cases most of > these RTCP reception reports are unnecessary, since all SSRCs of an > endpoint are co-located and see the same reception quality. This > memo defines a Reporting Group extension to RTCP to reduce the > reporting overhead in such scenarios. > > > The IETF datatracker status page for this draft is: > https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-multi-stream-optimisation/ > > There's also a htmlized version available at: > http://tools.ietf.org/html/draft-ietf-avtcore-rtp-multi-stream-optimisation-05 > > A diff from the previous version is available at: > http://www.ietf.org/rfcdiff?url2=draft-ietf-avtcore-rtp-multi-stream-optimisation-05 > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > Internet-Drafts are also available by anonymous FTP at: > ftp://ftp.ietf.org/internet-drafts/ > > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt > > -- Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 F�r�gatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- From nobody Tue Feb 17 12:43:22 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B94A91A0097 for ; Tue, 17 Feb 2015 12:43:20 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.911 X-Spam-Level: X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y2BrlRm08ywG for ; Tue, 17 Feb 2015 12:43:18 -0800 (PST) Received: from plsvl-mailgw-01.bluecoat.com (spf.bluecoat.com [199.91.133.11]) by ietfa.amsl.com (Postfix) with ESMTP id E98801A87C5 for ; Tue, 17 Feb 2015 12:42:14 -0800 (PST) Received: from pwsvl-exchts-06.internal.cacheflow.com (esxdev03.bluecoat.com [10.2.2.166]) by plsvl-mailgw-01.bluecoat.com (Postfix) with ESMTP id 749BE81A6D1; Tue, 17 Feb 2015 12:42:14 -0800 (PST) Received: from pwsvl-excmbx-05.internal.cacheflow.com ([fe80::f848:d461:9aa9:59a8]) by pwsvl-exchts-06.internal.cacheflow.com ([fe80::8554:761:8def:a2e1%12]) with mapi id 14.03.0123.003; Tue, 17 Feb 2015 12:42:14 -0800 From: "Frederick, Ron" To: Julius Friedman Thread-Topic: [AVTCORE] [Technical Errata Reported] RFC2435 (4094) Thread-Index: AQHQPDU53kDg45vfj0Gx4JNI3XxmLZzzjn8AgAAKzQCAAljPAA== Date: Tue, 17 Feb 2015 20:42:12 +0000 Message-ID: <893707E3-6213-405F-A245-604603FBA0F5@bluecoat.com> References: <87sietgfoe.fsf@hobgoblin.ariadne.com> <54E1A696.8020500@ericsson.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.2.2.106] Content-Type: text/plain; charset="utf-8" Content-ID: <07D0404E13285D41A61F1AA5D6AC6A29@bluecoat.com> Content-Transfer-Encoding: base64 MIME-Version: 1.0 Archived-At: Cc: "avt@ietf.org" Subject: Re: [AVTCORE] [Technical Errata Reported] RFC2435 (4094) X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2015 20:43:20 -0000 SGkgSnVsaXVzLA0KDQpPbiBGZWIgMTYsIDIwMTUsIGF0IDEyOjUxIEFNLCBKdWxpdXMgRnJpZWRt YW4gPGp1bGl1c2ZyaWVkbWFuQGdtYWlsLmNvbT4gd3JvdGU6DQo+IEFuZCBwbGVhc2UsIGFzIHBl ciBteSBmaW5hbCBlbWFpbHMgd2l0aCBNci4gRnJlZGVyaWNrLCBwbGVhc2UgZG8gYWxzbyBzZWUg aWYgdGhlcmUgaXMgYSB3YXkgdG8gaW5kaWNhdGUgc29tZWhvdyB0aGF0IHByb2dyZXNzaXZlIGlt YWdlcyB3b3VsZCBuZWVkIHRvIHV0aWxpemUgYSBkeW5hbWljIHByb2ZpbGUsIHRoZSBzYW1lIGZv ciBpbWFnZXMgd2hpY2ggdXNlIGNvbXBvbmVudHMgd2hpY2ggYXJlIG5vbiBpbmNyZW1lbnRhbCBv ciBkbyBub3Qgc3RhcnQgYXQgMC4NCj4gDQo+IEluIHNob3J0LCB0aGUgc3RhbmRhcmQgZG9lc24n dCBleHBsaWNpdGx5IHRlbGwgcGVvcGxlIHRoYXQgaWYgeW91IHdhbnQgdG8gZG8gdGhpbmdzIGxp a2UgdGhhdCB5b3UgbXVzdCB1c2UgYSBkeW5hbWljIHByb2ZpbGUuDQoNCkRvIHlvdSBoYXZlIGEg c3VnZ2VzdGlvbiBmb3IgaG93IHRoZSB3b3JkaW5nIGNhbiBiZSBpbXByb3ZlZCBvbiB0aGlzIHBv aW50PyBUaGlzIGlzIGFjdHVhbGx5IHNwZWxsZWQgb3V0IGluIHRoZSBjdXJyZW50IFJGQ3MuIEZv ciBpbnN0YW5jZSwgaW4gUkZDIDI0MzUgc2VjdGlvbiAyLCB0aGVyZSBpcyB0aGUgZm9sbG93aW5n IHRleHQ6DQoNCiAgIFRvIG1heGltaXplIGludGVyb3BlcmFiaWxpdHkgYW1vbmcgaGFyZHdhcmUt YmFzZWQgY29kZWNzLCB3ZSBhc3N1bWUNCiAgIHRoZSBzZXF1ZW50aWFsIERDVCBvcGVyYXRpbmcg bW9kZSBbMSxBbm5leCBGXSBhbmQgcmVzdHJpY3QgdGhlIHNldCBvZg0KICAgcHJlZGVmaW5lZCBS VFAvSlBFRyAidHlwZSBjb2RlcyIgKGRlZmluZWQgYmVsb3cpIHRvIHNpbmdsZS1zY2FuLA0KICAg aW50ZXJsZWF2ZWQgaW1hZ2VzLiAgV2hpbGUgdGhpcyBpcyBtb3JlIHJlc3RyaWN0aXZlIHRoYW4g ZXZlbg0KICAgYmFzZWxpbmUgSlBFRywgbWFueSBoYXJkd2FyZSBpbXBsZW1lbnRhdGlvbiBmYWxs IHNob3J0IG9mIHRoZQ0KICAgYmFzZWxpbmUgc3BlY2lmaWNhdGlvbiAoZS5nLiwgbW9zdCBoYXJk d2FyZSBjYW5ub3QgZGVjb2RlIG5vbi0NCiAgIGludGVybGVhdmVkIHNjYW5zKS4NCg0KSW4gc2Vj dGlvbiA0LjEgaXQgdGhlbiBnb2VzIG9uIHRvIHNheToNCg0KICAgT2YgdGhlIGZpcnN0IGdyb3Vw IG9mIGZpeGVkIG1hcHBpbmdzLCB0eXBlcyAwIGFuZCAxIGFyZSBjdXJyZW50bHkNCiAgIGRlZmlu ZWQsIGFsb25nIHdpdGggdGhlIGNvcnJlc3BvbmRpbmcgdHlwZXMgNjQgYW5kIDY1IHRoYXQgaW5k aWNhdGUNCiAgIHRoZSBwcmVzZW5jZSBvZiByZXN0YXJ0IG1hcmtlcnMuICBUaGV5IGNvcnJlc3Bv bmQgdG8gYW4gYWJicmV2aWF0ZWQNCiAgIHRhYmxlLXNwZWNpZmljYXRpb24gaW5kaWNhdGluZyB0 aGUgIkJhc2VsaW5lIERDVCBzZXF1ZW50aWFsIiBtb2RlLA0KICAgOC1iaXQgc2FtcGxlcywgc3F1 YXJlIHBpeGVscywgdGhyZWUgY29tcG9uZW50cyBpbiB0aGUgWVVWIGNvbG9yDQogICBzcGFjZSwg c3RhbmRhcmQgSHVmZm1hbiB0YWJsZXMgYXMgZGVmaW5lZCBpbiBbMSwgQW5uZXggSy4zXSwgYW5k IGENCiAgIHNpbmdsZSBpbnRlcmxlYXZlZCBzY2FuIHdpdGggYSBzY2FuIGNvbXBvbmVudCBzZWxl Y3RvciBpbmRpY2F0aW5nDQogICBjb21wb25lbnRzIDEsIDIsIGFuZCAzIGluIHRoYXQgb3JkZXIu ICBUaGUgWSwgVSwgYW5kIFYgY29sb3IgcGxhbmVzDQogICBjb3JyZXNwb25kIHRvIGNvbXBvbmVu dCBudW1iZXJzIDEsIDIsIGFuZCAzLCByZXNwZWN0aXZlbHkuICBDb21wb25lbnQNCiAgIDEgKGku ZS4sIHRoZSBsdW1pbmFuY2UgcGxhbmUpIHVzZXMgSHVmZm1hbiB0YWJsZSBudW1iZXIgMCBhbmQN CiAgIHF1YW50aXphdGlvbiB0YWJsZSBudW1iZXIgMCAoZGVmaW5lZCBiZWxvdykgYW5kIGNvbXBv bmVudHMgMiBhbmQgMw0KICAgKGkuZS4sIHRoZSBjaHJvbWluYW5jZSBwbGFuZXMpIHVzZSBIdWZm bWFuIHRhYmxlIG51bWJlciAxIGFuZA0KICAgcXVhbnRpemF0aW9uIHRhYmxlIG51bWJlciAxIChk ZWZpbmVkIGJlbG93KS4NCg0KVGhpcyBzcGVjaWZpY2FsbHkgc3RhdGVzIHRoYXQgb25seSB0aGUg YmFzZWxpbmUgRENUIHNlcXVlbnRpYWwgbW9kZSBpcyBzdXBwb3J0ZWQgKHJ1bGluZyBvdXQgcHJv Z3Jlc3NpdmUgRENUIG1vZGUgd2hlbiB1c2luZyB0aGVzZSBwcmVkZWZpbmVkIHR5cGVzKSBhbmQg YWxzbyBzcGVjaWZpZXMgdGhlIGV4YWN0IHNldCBvZiBjb21wb25lbnRzLCB0aGVpciBudW1iZXJp bmcsIGFuZCB0aGUgbWFwcGluZyBmcm9tIHRoZW0gdG8gdGhlIGNvcnJlc3BvbmRpbmcgcXVhbnRp emF0aW9uIGFuZCBIdWZmbWFuIHRhYmxlcy4NCg0KPiBQYXJ0IG9mIHRoZXNlIGRlc2lyZXMgSSBo YXZlIGNhbWUgZnJvbSB0aGUgdXBzZXQgdGhhdCB0aGUgc3RhbmRhcmQgZGlkbid0IHNwZWNpZnkg YSBzdGFuZGFyZCB3YXkgdG8gdXNlIGR5bmFtaWMgcHJvZmlsZXMsIHRoZXJlZm9yZSBldmVuIGlm IEkgZGlkIHV0aWxpemUgYSBkeW5hbWljIG9uZSB0aGUgcmVjZWl2ZXIgd291bGQgbmVlZCB0byBr bm93IGhvdyB0byBoYW5kbGUgdGhlIGZvcm1hdCBhbmQga2luZCBvZiBkZWZlYXRzIHRoZSBwdXJw b3NlIG9mIGhhdmluZyBhIHN0YW5kYXJkIGluIHRoZSBmaXJzdCBwbGFjZS4NCg0KVGhpcyBpcyB0 aGUgcmVzcG9uc2liaWxpdHkgb2YgYSBzZXNzaW9uIHNldHVwIHByb3RvY29sLCBhcyBjb3ZlcmVk IGluIHRoZSBsYXN0IHNlbnRlbmNlIG9mIHNlY3Rpb24gMy4xLjM6DQoNCiAgIFRoZSB0eXBlIGZp ZWxkIHNwZWNpZmllcyB0aGUgaW5mb3JtYXRpb24gdGhhdCB3b3VsZCBvdGhlcndpc2UgYmUNCiAg IHByZXNlbnQgaW4gYSBKUEVHIGFiYnJldmlhdGVkIHRhYmxlLXNwZWNpZmljYXRpb24gYXMgd2Vs bCBhcyB0aGUNCiAgIGFkZGl0aW9uYWwgSkZJRi1zdHlsZSBwYXJhbWV0ZXJzIG5vdCBkZWZpbmVk IGJ5IEpQRUcuICBUeXBlcyAwLTYzIGFyZQ0KICAgcmVzZXJ2ZWQgYXMgZml4ZWQsIHdlbGwta25v d24gbWFwcGluZ3MgdG8gYmUgZGVmaW5lZCBieSB0aGlzIGRvY3VtZW50DQogICBhbmQgZnV0dXJl IHJldmlzaW9ucyBvZiB0aGlzIGRvY3VtZW50LiAgVHlwZXMgNjQtMTI3IGFyZSB0aGUgc2FtZSBh cw0KICAgdHlwZXMgMC02MywgZXhjZXB0IHRoYXQgcmVzdGFydCBtYXJrZXJzIGFyZSBwcmVzZW50 IGluIHRoZSBKUEVHIGRhdGENCiAgIGFuZCBhIFJlc3RhcnQgTWFya2VyIGhlYWRlciBhcHBlYXJz IGltbWVkaWF0ZWx5IGZvbGxvd2luZyB0aGUgbWFpbg0KICAgSlBFRyBoZWFkZXIuICBUeXBlcyAx MjgtMjU1IGFyZSBmcmVlIHRvIGJlIGR5bmFtaWNhbGx5IGRlZmluZWQgYnkgYQ0KICAgc2Vzc2lv biBzZXR1cCBwcm90b2NvbCAod2hpY2ggaXMgYmV5b25kIHRoZSBzY29wZSBvZiB0aGlzIGRvY3Vt ZW50KS4NCg0KPiBSRkMyNDM1IGFsc28gc3BlY2lmaWNhbGx5IHN0YXRlcyBwcm9ncmVzc2l2ZSBE Q1Qgd291bGQgYmUgc3VwcG9ydGVkIGluIHRoZSBwcm9maWxlIGJ1dCB1bmZvcnR1bmF0ZWx5IGl0 IGNhbm5vdCBiZSBzdXBwb3J0ZWQgdW5sZXNzIGEgZHluYW1pYyBwcm9maWxlIGlzIHVzZWQgb3Ig dGhlIERDVCB1c2VkIGlzIGNvbXBhdGlibGUgd2l0aCB0aGUgaW50ZXJsYWNlZCBEQ1QgKGNvZWZm aWNpZW50IHdpc2UpIG1ha2luZyBpdCBhIGludGVybGFjZWQgaW1hZ2UgYW55d2F5Lg0KDQpXZSBk aXNjdXNzZWQgdGhpcyBpbiBvdXIgZWFybGllciBlLW1haWwgZXhjaGFuZ2UuIFRoZSByZWZlcmVu Y2VzIGluIFJGQyAyNDM1IGFyZSB0byB0aGUgcHJlLWRlZmluZWQgdHlwZXMgc3VwcG9ydCDigJxw cm9ncmVzc2l2ZWx5IHNjYW5uZWTigJ0gaW1hZ2UgZGF0YSwgd2hpY2ggaXMgZGlmZmVyZW50IGZy b20gc3VwcG9ydCBmb3IgcHJvZ3Jlc3NpdmUgRENUIG1vZGUuIEJvdGggcHJvZ3Jlc3NpdmUgYW5k IGludGVybGFjZWQgaW1hZ2VzIGFyZSBzdXBwb3J0ZWQsIGJ1dCB0aGUgY29ycmVzcG9uZGluZyBm cmFtZXMgb3IgaW50ZXJsYWNlZCBmaWVsZHMgYXJlIGVuY29kZWQgaW5kZXBlbmRlbnRseSwgZWFj aCBhcyBhbiBlbnRyb3B5LWNvZGVkIHNlZ21lbnQgY29udGFpbmluZyBhIHNpbmdsZSBKUEVHIHNj YW4gdXNpbmcgYSBzdWJzZXQgb2YgdGhlIGJhc2VsaW5lIHNlcXVlbnRpYWwgRENUIG1vZGUuDQoN Cj4gSSBzdXBwb3NlIGV2ZW4gdGhvdWdoIHRoZSBRdWFudGl6YXRpb24gdGFibGVzIGFyZSBub3Qg aW4gdGhlIGNvcnJlY3Qgb3JkZXIgdGhhdCBpcyBiZWNhdXNlIHRoZSBSRkMgd2FzIG9ubHkgc2hv d2luZyB0aGUgdGFibGVzLCBpdCB3b3VsZCBiZSB1cCB0byBzb21lb25lIHRvIHB1dCB0aGVtIGlu dG8gdGhlIFppZ1phZyBvcmRlciBhcyBwZXIgdGhlIEpQRUcgc3BlYy4NCg0KSSB0b29rIGEgY2xv c2VyIGxvb2sgYXQgdGhlIHNhbXBsZSBjb2RlIGhlcmUsIGFuZCB0aGUgU2VuZEZyYW1lKCkgZnVu Y3Rpb24gdGhhdCByZWZlcnMgdG8gdGhlc2UgcXVhbnRpemF0aW9uIHRhYmxlcyBpcyBzaG93aW5n IGFuIGV4YW1wbGUgb2YgaG93IHRvIGZvcm1hdCB0aGUgUlRQIGhlYWRlciBkYXRhIGluIHRoZSBj YXNlIHdoZXJlIGEgZHluYW1pYyBRIHZhbHVlIGlzIHVzZWQgdGhhdCByZXF1aXJlcyB0aGF0IHRo ZSB0YWJsZXMgYmUgdHJhbnNtaXR0ZWQgZXhwbGljaXRseS4gSW4gUlRQLCB0aGUgcXVhbnRpemF0 aW9uIHRhYmxlIGRhdGEgaXMgTk9UIHNlbnQgaW4gemlnLXphZyBvcmRlciwgc28gSSBiZWxpZXZl IHRoZSBzYW1wbGUgY29kZSBoZXJlIGlzIGNvcnJlY3QuIElmIHlvdSBoYXZlIGEgY3VzdG9tIHF1 YW50aXphdGlvbiB0YWJsZSBjb21pbmcgZnJvbSBhbm90aGVyIHNvdXJjZSB3aGljaCBpcyBhbHJl YWR5IGluIHppZy16YWcgb3JkZXIsIHRoaXMgd291bGQgbmVlZCB0byBiZSB1bi1kb25lIGJlZm9y ZSBpdCBpcyBlbmNvZGVkIGluIHRoZSBSVFAgSlBFRyBwYWNrZXQgYXMgaW4tYmFuZCBkYXRhLg0K LS0gDQpSb24gRnJlZGVyaWNrDQpyb25mQGJsdWVjb2F0LmNvbQ0KDQoNCg0K From nobody Tue Feb 17 14:37:07 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DFEC1A87E4 for ; Tue, 17 Feb 2015 14:37:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.911 X-Spam-Level: X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8lrVy6kaS2UW for ; Tue, 17 Feb 2015 14:37:06 -0800 (PST) Received: from plsvl-mailgw-02.bluecoat.com (plsvl-mailgw-02.bluecoat.com [199.91.133.12]) by ietfa.amsl.com (Postfix) with ESMTP id EE7461A1AB5 for ; Tue, 17 Feb 2015 14:37:05 -0800 (PST) Received: from pwsvl-exchts-04.internal.cacheflow.com (esxprd03.bluecoat.com [10.2.2.162]) by plsvl-mailgw-02.bluecoat.com (Postfix) with ESMTP id A032920127; Tue, 17 Feb 2015 14:37:05 -0800 (PST) Received: from pwsvl-excmbx-05.internal.cacheflow.com ([fe80::f848:d461:9aa9:59a8]) by pwsvl-exchts-04.internal.cacheflow.com ([fe80::9403:6f39:feac:adb1%12]) with mapi id 14.03.0123.003; Tue, 17 Feb 2015 14:37:05 -0800 From: "Frederick, Ron" To: Julius Friedman Thread-Topic: [AVTCORE] [Technical Errata Reported] RFC2435 (4094) Thread-Index: AQHQPDU53kDg45vfj0Gx4JNI3XxmLZzzjn8AgAAKzQCAAljPAIAAIBaA Date: Tue, 17 Feb 2015 22:37:03 +0000 Message-ID: References: <87sietgfoe.fsf@hobgoblin.ariadne.com> <54E1A696.8020500@ericsson.com> <893707E3-6213-405F-A245-604603FBA0F5@bluecoat.com> In-Reply-To: <893707E3-6213-405F-A245-604603FBA0F5@bluecoat.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.2.2.106] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Cc: "avt@ietf.org" Subject: Re: [AVTCORE] [Technical Errata Reported] RFC2435 (4094) X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2015 22:37:07 -0000 Sorry - a correction to the final point below in my previous reply: On Feb 17, 2015, at 12:42 PM, Frederick, Ron w= rote: >> I suppose even though the Quantization tables are not in the correct ord= er that is because the RFC was only showing the tables, it would be up to s= omeone to put them into the ZigZag order as per the JPEG spec. >=20 > I took a closer look at the sample code here, and the SendFrame() functio= n that refers to these quantization tables is showing an example of how to = format the RTP header data in the case where a dynamic Q value is used that= requires that the tables be transmitted explicitly. In RTP, the quantizati= on table data is NOT sent in zig-zag order, so I believe the sample code he= re is correct. If you have a custom quantization table coming from another = source which is already in zig-zag order, this would need to be un-done bef= ore it is encoded in the RTP JPEG packet as in-band data. I was wrong about this. Section 3.1.8 does specify zig-zag order for these = coefficients. So, while the code in Appendix A is not wrong by itself, the = reference in Appendix B that suggests that the lqt & cqt parameters passed = into it can be created using MakeTables() is not correct with its tables be= ing in non zig-zag order and no re-ordering being applied before these tabl= es are copied into the SOI segment. Having MakeTables() in Appendix A produce a table which is already in zig-z= ag order is probably the simplest fix. --=20 Ron Frederick ronf@bluecoat.com From nobody Thu Feb 19 00:06:15 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4915C1A88D4 for ; Thu, 19 Feb 2015 00:06:14 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X4QlkEPycTlf for ; Thu, 19 Feb 2015 00:06:12 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D4AA1A88D2 for ; Thu, 19 Feb 2015 00:06:12 -0800 (PST) X-AuditID: c1b4fb25-f791c6d00000617b-c5-54e59971fcb5 Received: from ESESSHC022.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 20.CB.24955.17995E45; Thu, 19 Feb 2015 09:06:09 +0100 (CET) Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.86) with Microsoft SMTP Server id 14.3.210.2; Thu, 19 Feb 2015 09:06:09 +0100 Message-ID: <54E59970.6040804@ericsson.com> Date: Thu, 19 Feb 2015 09:06:08 +0100 From: Magnus Westerlund User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Colin Perkins , , IETF AVTCore WG Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 8bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupkluLIzCtJLcpLzFFi42KZGfG3Rrdw5tMQg9O3rC1e9qxkt1j+8gSj xYwTHA7MHmeXTWXymHb/PpvHkiU/mQKYo7hsUlJzMstSi/TtErgypqy9zFrQwVfxfMZqxgbG +dxdjJwcEgImEkc/v2SGsMUkLtxbz9bFyMUhJHCEUWLqoV8sEM5yRokVt84xdjFycPAKaEv8 nZQGYrIIqEpMPpoP0ssmYCFx80cjG4gtKhAssfj5U1YQm1dAUOLkzCcsILaIQJzEhkmbwOLC Ak4Se6d8ZwexmQUMJI4smsMKYctLNG+dDXaPENCmhqYO1gmMfLOQjJqFpGUWkpYFjMyrGEWL U4uTctONjPVSizKTi4vz8/TyUks2MQLD7uCW36o7GC+/cTzEKMDBqMTD+6HzaYgQa2JZcWXu IUZpDhYlcV4740MhQgLpiSWp2ampBalF8UWlOanFhxiZODilGhgrZza/4eTK/hVn9+N04n1T yazedftP/1pxIvV9Fd/uma1997Urejav1vE67XHD86TDlE3HG44422o8/ny1vvNX5Vabg2Ya XmLlV1d5yois7mv+5nzEMP1WYOKX88n/jx3jaFGOYmjLKKpVMVU+9Sr7mHDsBn3PwP2H46W3 2q59dtHS4cedTx+VWIozEg21mIuKEwF0Hx6ZHAIAAA== Archived-At: Subject: [AVTCORE] My comments on draft-ietf-avtcore-rtp-circuit-breakers-08 X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2015 08:06:14 -0000 Hi, I have just reviewed the latest version of circuit breakers and have the following feedback. I think the document has improved since I last reviewed it (-05) but I think the following issue is not yet addressed from my previous review. > 7) Section 5: > > As there is a difference between CB #1 and #3 and #2 that has to do > with that the first (#1 and #3) uses incoming RTCP reports and that #2 > uses the CB implementers estimate of what the regular reporting > interval is. Thus, I wonder if there needs to exist include a > reflection over t_rr_int as well as the RTCP SSRC timeout calculation > that we recommend to use 5 seconds as fixed minimal value in those > calculations (if 5 sec larger than t_rr_int). I will see if I can propose some text to address this. I also think there is need for scaling the number of reporting intervals it takes to trigger the circuit breakers when using AVPF or reduced minimum. Especially for AVPF there will be a lot of false triggering due to relatively short time intervals that the circuit breakers will sample over. I would really like to have proposals for all open issues in the draft prior to the upcoming meetings deadline. I really like to be able to have this go to WG last call soon after the Dallas meeting. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- From nobody Thu Feb 19 02:16:19 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7027B1A8A6B for ; Thu, 19 Feb 2015 02:16:19 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.01 X-Spam-Level: X-Spam-Status: No, score=-1.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_LOW=-0.7, TVD_FROM_1=0.999, T_RP_MATCHES_RCVD=-0.01] autolearn=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HVOLYINJJYjk for ; Thu, 19 Feb 2015 02:16:17 -0800 (PST) Received: from ns.live555.com (ns.live555.com [4.79.217.242]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC17E1A8A4F for ; Thu, 19 Feb 2015 02:16:17 -0800 (PST) Received: from [127.0.0.1] (localhost.live555.com [127.0.0.1]) by ns.live555.com (8.14.9/8.14.9) with ESMTP id t1JAG5YC046096; Thu, 19 Feb 2015 02:16:06 -0800 (PST) (envelope-from finlayson@live555.com) Content-Type: multipart/alternative; boundary="Apple-Mail=_D291B11D-AD21-4D3A-80B0-783DD940CBEE" Mime-Version: 1.0 (Mac OS X Mail 8.2 $2070.6$) From: Ross Finlayson In-Reply-To: <54E1AD84.80805@ericsson.com> Date: Thu, 19 Feb 2015 23:16:05 +1300 Message-Id: References: <54E1AD84.80805@ericsson.com> To: Magnus Westerlund X-Mailer: Apple Mail (2.2070.6) Archived-At: Cc: avt@ietf.org Subject: Re: [AVTCORE] Summary of AVTCORE WG's Errata decisions X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2015 10:16:19 -0000 --Apple-Mail=_D291B11D-AD21-4D3A-80B0-783DD940CBEE Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Feb 16, 2015, at 9:42 PM, Magnus Westerlund = > = wrote: >=20 > ADs, >=20 > Here is a current summary of the Erratas that are in reported state = for > the AVT WG (AVTCORE has no reported Errata) FYI, last August I reported a minor bug (email copied below) in RFC 3711 = (SRTP). IMHO, this should be added to the RFC 3711 errata at some = point... > Begin forwarded message: >=20 > From: Ross Finlayson > > Subject: Minor bug in RFC 3711 (SRTP), FYI > Date: August 10, 2014 at 5:57:22 PM GMT+12 > Cc: avt@ietf.org > To: mbaugher@cisco.com , = elisabetta.carrara@ericsson.com = , mcgrew@cisco.com = , mats.naslund@ericsson.com = , karl.norrman@ericsson.com = >=20 > In section 3.4 ("Secure RTCP"), there is a bug in "Figure 2. An = example of the format of a Secure RTCP packet..." >=20 > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > = +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+ > |V=3D2|P| RC | PT=3DSR or RR | length = | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ = | >=20 > The boundary between the "PT=3DSR or RR" and the "length" fields is = wrong: The boundary is shown as being between bits 16 and 17; it should = be between bits 15 and 16. I.e., the "PT=3DSR or RR" field should be 8 = bits long, not 9. >=20 > This is just a minor bug, because the equivalent diagram in RFC 3550 = (the normative reference for RTCP) is correct. Nonetheless, this bug = should probably be added to the errata for RFC 3711 >=20 > Ross Finlayson > Live Networks, Inc. > http://www.live555.com/ --Apple-Mail=_D291B11D-AD21-4D3A-80B0-783DD940CBEE Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii

On Feb 16, 2015, at 9:42 PM, = Magnus Westerlund <magnus.westerlund@ericsson.com> wrote:

ADs,
Here is a current summary of the Erratas that are in = reported state for
the AVT WG (AVTCORE has no reported = Errata)

FYI, last = August I reported a minor bug (email copied below) in RFC 3711 (SRTP). = IMHO, this should be added to the RFC 3711 errata at some = point...

Begin forwarded = message:

From: Ross Finlayson <finlayson@live555.com>

Subject: Minor bug in RFC 3711 (SRTP), = FYI

Date: August 10, 2014 at 5:57:22 PM GMT+12

Cc: avt@ietf.org

To: mbaugher@cisco.com, elisabetta.carrara@ericsson.com, mcgrew@cisco.com, mats.naslund@ericsson.com, karl.norrman@ericsson.com

In section 3.4 ("Secure RTCP"), there is a bug in = "Figure 2. An example of the format of a Secure RTCP packet..."

= 0 = 1 = 2 = 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 = 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

= +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<= ;+

|V=3D2|P| RC = | PT=3DSR or RR | = length | |

= +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ = |

The = boundary between the "PT=3DSR or RR" and the "length" fields is wrong: = The boundary is shown as being between bits 16 and 17; it should be = between bits 15 and 16. I.e., the "PT=3DSR or RR" field should be = 8 bits long, not 9.

This is just a minor bug, because the equivalent diagram in = RFC 3550 (the normative reference for RTCP) is correct. = Nonetheless, this bug should probably be added to the errata for = RFC 3711

Ross Finlayson
Live = Networks, Inc.
http://www.live555.com/

= --Apple-Mail=_D291B11D-AD21-4D3A-80B0-783DD940CBEE-- From nobody Thu Feb 19 07:03:53 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73D1D1A906E for ; Thu, 19 Feb 2015 07:03:51 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G8x0xZI6ceYA for ; Thu, 19 Feb 2015 07:03:45 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E7311A8901 for ; Thu, 19 Feb 2015 07:02:43 -0800 (PST) X-AuditID: c1b4fb25-f791c6d00000617b-ec-54e5fb100def Received: from ESESSHC015.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id D0.8A.24955.01BF5E45; Thu, 19 Feb 2015 16:02:41 +0100 (CET) Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.65) with Microsoft SMTP Server id 14.3.210.2; Thu, 19 Feb 2015 16:02:40 +0100 Message-ID: <54E5FB10.2030209@ericsson.com> Date: Thu, 19 Feb 2015 16:02:40 +0100 From: Magnus Westerlund User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: IETF AVTCore WG , "Paul E. Jones" , , "David Benham (dbenham)" Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprALMWRmVeSWpSXmKPExsUyM+Jvja7g76chBofWcVi87FnJbnHm1zwm i1Un/rFanL+wgcmBxWPK742sHkuW/GTyaNh3lD2AOYrLJiU1J7MstUjfLoErY++et+wFzUoV cy+0sTUwXpTuYuTkkBAwkfjRupUdwhaTuHBvPVsXIxeHkMARRol3s7axQjjLGSX+/n3NBFLF K6AtsWv+E1YQm0VAVWJdzxEWEJtNwELi5o9GNhBbVCBYYvHzp6wQ9YISJ2c+YQEZJCIwgVHi dednsISwQKDEm5XbgFZzcDALaEqs36UPEmYWkJdo3jqbGcQWAtrV0NTBOoGRbxaSUbMQOmYh 6VjAyLyKUbQ4tTgpN93IWC+1KDO5uDg/Ty8vtWQTIzAID275rbqD8fIbx0OMAhyMSjy8Hzqf hgixJpYVV+YeYpTmYFES57UzPhQiJJCeWJKanZpakFoUX1Sak1p8iJGJg1OqgXHqnCW/OTzf JflN6Apz8w9wmeXHxHzpXHUET+/tjykPZzdfFz9Usm/zZ6bilAsTVNdsOaH4SPHA+R1niqUO 67YbqzCfUK+O8skKXP+q6cYySS6r67klkvUH/wSvqj7PvGLx0+9RPkkXnMJz4vxyRCx4HV7N e10Sd6P5tg3TpZOs3x4um/AnI16JpTgj0VCLuag4EQBakZyEIwIAAA== Archived-At: Subject: [AVTCORE] Design choice comments on draft-jones-avtcore-private-media-framework-00 X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2015 15:03:51 -0000 Hi, (As individual) I have just reviewed the draft and are supportive of work in this field. However, I have some really high level comments in regards to the design choices. 1. Supported RTP topologies I think you will need to discuss a bit more which RTP topologies that the framework should support. The current draft supports only basic transport translators (Relay) to my understanding, because of it preventing rewriting of RTP sequence number as well as the SSRC. Thus, all RTP streams sent to the server must be forwarded to all other participants. I believe the intention of the document is to support at least Selective Forwarding Middlebox (SFM). However, to support such a topology and be able to suspend delivery of some media streams, then RTP sequence number rewriting becomes a requirement to keep the media streams compliant with current RTP specification. Also people who have been building conferencing middleboxes also uses other topologies, for example the RTP mixer in also used to build switching mixers. Where an SSRC can represent a role rather than a original sender. I think there is need to have some discussion of which RTP topologies this type of solution intends to support so that one can determine which RTP field behaviours that is to be expected and need to be dealt with. I would appreciate your view of what you see as needed to be supported. 2. Additional privacy concerns in RTP/RTCP. The proposed framework protects the RTP payloads and their media content from the middle. However, the document fails to discuss if privacy protection is needed either for the RTP header extensions themselves or if any RTCP packets or their content is privacy sensitive. The RTP header extensions that are defined in IETF, as well as the two 3GPP has registered appears to be privacy sensitive in any way. However, the big picture issue is that RTP header extensions do not require to be standardized. The registration requires only an Expert Review, and they are trivial to use for proprietary extension. So we have no idea what might be showing up here. I could easily believe that someone would for example include a geolocation attached to a video stream to capture where for example a airborne drone where when capturing the video. Suddenly you have data that is privacy sensitive and may require end to end protection. In RTCP you already today have some parts that are privacy sensitive. For example all the SDES items with the exception of CNAME (if generated correctly) can contain privacy sensitive data. Also the APP RTCP packet type might contain data that needs to be protected end to end. Thus I think you need to consider if there are need for additional protection mechanisms to realize the goals of this framework. To me it appears that this are reasonably straightforward SRTP extensions that could solve these issues if they are considered necessary to resolve. Even if the initial solution doesn't provide a fully specified solution, I think it is important to ensure that the framework do support a solution to specified at a later stage. 3. What must be in the trusted zone? Looking at the description it looks like the solution is missing one important part in the trusted zone. That is the list of identities or secret that enables an invited / allowed participant to participate in a particular conference. That functionality is key component of the security solution. How else is the KMF going to be able to determine which asserted identities that are allowed to get the EKT, thus being able to get access to the media. I understand the need for having solution agility when it comes to identity solutions, however the functionality and the requirement on it I think needs to be described in this type of framework. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- From nobody Thu Feb 19 08:01:56 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B51341A19F8; Thu, 19 Feb 2015 08:01:50 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HQbdDeQJT8Ts; Thu, 19 Feb 2015 08:01:45 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 628CF1A90C8; Thu, 19 Feb 2015 08:01:44 -0800 (PST) X-AuditID: c1b4fb25-f791c6d00000617b-90-54e608e6b73b Received: from ESESSHC011.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id BE.32.24955.6E806E45; Thu, 19 Feb 2015 17:01:42 +0100 (CET) Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.53) with Microsoft SMTP Server id 14.3.210.2; Thu, 19 Feb 2015 17:01:41 +0100 Message-ID: <54E608E5.1070102@ericsson.com> Date: Thu, 19 Feb 2015 17:01:41 +0100 From: Magnus Westerlund User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: David McGrew References: <20141029122825.18943.78129.idtracker@ietfa.amsl.com> <3C4AAD4B5304AB44A6BA85173B4675CABC709A18@MSMR-GH1-UEA03.corp.nsa.gov> <545151F9.9050502@cs.tcd.ie> <54516572.8020601@cs.tcd.ie> <5451737B.6060504@cs.tcd.ie> <2D4BE3ED-840A-444C-9D18-09BC3D937D64@cisco.com> <54CA135D.3020304@ericsson.com> <54D4D840.4080808@cs.tcd.ie> <54D8A297.9090505@ericsson.com> <54D93B9A.9090409@cs.tcd.ie> <54DA0C45.2030609@ericsson.com> In-Reply-To: Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 8bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrLLMWRmVeSWpSXmKPExsUyM+Jvje4zjmchBmsvSFq87FnJbrHy23VW i7VHEi1m/JnIbDHh1GtWi6ur/rBbTN97jd2B3WPK742sHmu7r7J5LFnyk8mjf9dLVo8vlz+z BbBGcdmkpOZklqUW6dslcGV8XL+IrWAjf8XWLxOYGhi3cncxcnJICJhIrLj4lxnCFpO4cG89 G4gtJHCEUWJxj2sXIxeQvZxR4vXlWUwgCV4BbYljD7azgNgsAqoSKx8tBrPZBCwkbv5oBGsW FQiWWPz8KStEvaDEyZlPwGpEBJQltr6bzgQylFlgB5PEs0cTwYYKC8RJzHq5iR1i814Wif0H IkBsTgFbiYPTDoJdxyxgIHFk0RxWCFteonnrbGaIem2JhqYO1gmMgrOQ7JuFpGUWkpYFjMyr GEWLU4uTctONjPVSizKTi4vz8/TyUks2MQLD/+CW36o7GC+/cTzEKMDBqMTD+6HzaYgQa2JZ cWXuIUZpDhYlcV4740MhQgLpiSWp2ampBalF8UWlOanFhxiZODilGhjl5nm887/qvu7Ym4ZH +7m3qTn03WqcbfVlixfHakEOER2Pi7/s2QJM2Hu1FI87bWmxmmpzel6RWJ12xYKd/dfWemkp PGN6dfhaGVNTYrvv0yCvJQGzIsujwzwflzFYr/63pkLtEI9a94nGaSY7fm6+Gaa6wbXyBNur 7nPP46y3uR7k+b8kzFSJpTgj0VCLuag4EQDCfTSFYAIAAA== Archived-At: Cc: "draft-ietf-avtcore-srtp-aes-gcm@tools.ietf.org" , IETF AVTCore WG , "avtcore-chairs@tools.ietf.org" , The IESG , Stephen Farrell Subject: Re: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS) X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2015 16:01:50 -0000 On 2015-02-15 15:09, David McGrew wrote: > > My opinion is: it would be best to preserve the existing specification > and implementation work, and retain all ten crypto suite definitions. > But if we want to make SRTP-AEAD be the first instance in which the IETF > will prioritize simplicity over variety and diversity, I�m good with > that, because I certainly see the value of simplicity; then my > recommendation would be to eliminate the four 12-octet authentication > versions. That would leave just six crypto suites, with two different > modes of operation, two different key sizes, and two different tag > lengths (but not all tag lengths for all modes), like this: > > srtp-crypto-suite-ext = "AEAD_AES_128_GCM" / > "AEAD_AES_256_GCM" / > "AEAD_AES_128_CCM" / > "AEAD_AES_256_CCM" / > "AEAD_AES_128_CCM_8" / > "AEAD_AES_256_CCM_8" / > Stephen, WG Having looked at the feedback provided in this discussion so far, I think the above set of 6 are a reasonable selection without unduly limiting functionality, but removing the four least necessary profiles. My proposal is that if no one is disagreeing with this in the next week (Prior to Feb 26 at 16:30 UTC) we use it. If someone disagrees we hold a discussion at the informal IESG telechat on how to proceed. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 F�r�gatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- From nobody Thu Feb 19 08:04:28 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 321CA1A912B for ; Thu, 19 Feb 2015 08:04:26 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.012 X-Spam-Level: X-Spam-Status: No, score=-2.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3K9gFG8UYGUW for ; Thu, 19 Feb 2015 08:04:23 -0800 (PST) Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F20301A90EE for ; Thu, 19 Feb 2015 08:04:22 -0800 (PST) Received: from [156.106.247.97] ([156.106.247.97]) (authenticated bits=0) by dublin.packetizer.com (8.14.9/8.14.9) with ESMTP id t1JG48Lg023135 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 19 Feb 2015 11:04:10 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1424361850; bh=nQjp1iFgcopR60Nj8i7FrurNRrwkOuwnWk5RCwm2XOA=; h=From:To:Subject:Date:In-Reply-To:Reply-To; b=VQOzFwnrbgVj5UZ9w/7WcV5fhVysTe3+qKMRTIQX7OIDfJy/qmdWDLCSbSneafmWa 58K/qFxVcMGFlIp00DO3H7Y4uq3h5aEBgnJswb+S84WXFIz8QKY1ZWek6tmhWW/JZo HbRxC1Bo1a0y/xopLkHYQRyOFFlMBYjOvNGj0MNA= From: "Paul E. Jones" To: "Magnus Westerlund" , "IETF AVTCore WG" , nermeen@cisco.com, "David Benham (dbenham)" Date: Thu, 19 Feb 2015 16:04:09 +0000 Message-Id: In-Reply-To: <54E5FB10.2030209@ericsson.com> User-Agent: eM_Client/6.0.21372.0 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset=utf-8 Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [AVTCORE] Design choice comments on draft-jones-avtcore-private-media-framework-00 X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: "Paul E. Jones" List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2015 16:04:26 -0000 Magnus, >Hi, >(As individual) > >I have just reviewed the draft and are supportive of work in this=20 >field. >However, I have some really high level comments in regards to the=20 >design >choices. > >1. Supported RTP topologies > >I think you will need to discuss a bit more which RTP topologies that >the framework should support. The current draft supports only basic >transport translators (Relay) to my understanding, because of it >preventing rewriting of RTP sequence number as well as the SSRC. Thus, >all RTP streams sent to the server must be forwarded to all other >participants. > >I believe the intention of the document is to support at least=20 >Selective >Forwarding Middlebox (SFM). However, to support such a topology and be >able to suspend delivery of some media streams, then RTP sequence=20 >number >rewriting becomes a requirement to keep the media streams compliant=20 >with >current RTP specification. > >Also people who have been building conferencing middleboxes also uses >other topologies, for example the RTP mixer in also used to build >switching mixers. Where an SSRC can represent a role rather than a >original sender. > >I think there is need to have some discussion of which RTP topologies >this type of solution intends to support so that one can determine=20 >which >RTP field behaviours that is to be expected and need to be dealt with. > >I would appreciate your view of what you see as needed to be supported. I agree that we will need to elaborate a bit more on that, but it's not=20 clear to me if any of the existing topologies that are defined match=20 exactly. The desire to prevent changes to the RTP headers means that=20 something else is needed in order to properly forward media (e.g., a=20 header extension) and account for packet loss, handle congestion issues,= =20 etc. We've been more focused on what we want to accomplish than trying to fit= =20 the solution into a specific topology. I think we can get there, but we= =20 need more discussion as a group. > 2. Additional privacy concerns in RTP/RTCP. > >The proposed framework protects the RTP payloads and their media=20 >content >from the middle. However, the document fails to discuss if privacy >protection is needed either for the RTP header extensions themselves or >if any RTCP packets or their content is privacy sensitive. > >The RTP header extensions that are defined in IETF, as well as the two >3GPP has registered appears to be privacy sensitive in any way.=20 >However, >the big picture issue is that RTP header extensions do not require to=20 >be >standardized. The registration requires only an Expert Review, and they >are trivial to use for proprietary extension. So we have no idea what >might be showing up here. I could easily believe that someone would for >example include a geolocation attached to a video stream to capture >where for example a airborne drone where when capturing the video. >Suddenly you have data that is privacy sensitive and may require end to >end protection. > >In RTCP you already today have some parts that are privacy sensitive. >For example all the SDES items with the exception of CNAME (if=20 >generated >correctly) can contain privacy sensitive data. Also the APP RTCP packet >type might contain data that needs to be protected end to end. > >Thus I think you need to consider if there are need for additional >protection mechanisms to realize the goals of this framework. To me it >appears that this are reasonably straightforward SRTP extensions that >could solve these issues if they are considered necessary to resolve. >Even if the initial solution doesn't provide a fully specified=20 >solution, >I think it is important to ensure that the framework do support a >solution to specified at a later stage. The intention was the RTP header extensions and RTCP could optionally be= =20 encrypted using the SRTP keys exchanged as they are today. This would=20 be done hop-by-hop. This does not provide for end-to-end privacy, of=20 course. That fits with the goals we've stated in the requirements=20 document. We're not trying to hide the fact that two people=20 communicated, for example, but we do not want to disclose what is being=20 communicated. If there is truly a need to encrypt end-to-end such that middle boxes=20 cannot gain access to some RTP header extensions or some RTCP data=20 fields, I would assert we need to define a way to allow some header=20 extensions and some RTCP header fields to be visible hop-by-hop. We do=20 want to enable middleboxes to be able to collect and use RTCP=20 statistics, for example. We also want to allow them to have access to=20 any header extension that help facilitate packet forwarding and=20 processing. > >3. What must be in the trusted zone? > >Looking at the description it looks like the solution is missing one >important part in the trusted zone. That is the list of identities or >secret that enables an invited / allowed participant to participate in=20 >a >particular conference. That functionality is key component of the >security solution. How else is the KMF going to be able to determine >which asserted identities that are allowed to get the EKT, thus being >able to get access to the media. > >I understand the need for having solution agility when it comes to >identity solutions, however the functionality and the requirement on it >I think needs to be described in this type of framework. This framework is only focused on the media aspects. The approach we're= =20 taking here is that there is some kind of exchange that happens between=20 the endpoint and the KMF or some other trusted entity that exists in the= =20 signaling plane. It is through this signaling that a determination is=20 made as to what endpoint can have access to the keys for a particular=20 conference. We expect that fingerprint for the endpoint certificate=20 would be exchanged with the KMF and vice versa. When the DTLS connection is made to the switching conference server,=20 that would be tunneled (via a protocol we've defined but not published)=20 from the switching conference server to the KMF. Effectively, the=20 endpoint and KMF establish a DTLS connection. The KMF would recognize=20 the user as belonging to a particular conference and provide the SRTP=20 keys (using DTLS-SRTP procedures) and the EKT key (via the EKT=20 procedures). One thing I would like to add to the EKT draft is some=20 piece of data that indicates what the conference identifier is. I would= =20 like the endpoint to convey that information as part of the EKT=20 exchange, but no such field exists today. I would also like the=20 conference server to convey the conference identifier for comparison. So, the framework is clearly not complete even on the media side. There= =20 are some editor's notes and perhaps additional items (like the field for= =20 the conference identifier). However, I would prefer to keep the=20 signaling that happens before this point separate. The reason is that I= =20 can imagine that a number of different mechanisms might exists. For a=20 WebRTC client, for example, the signaling might be entirely proprietary.= =20 For SIP devices, we then also have to worry with securing the signaling= =20 exchanges That's important, but I think that can be done in parallel=20 and independently of this media-focused draft. Paul > > >Cheers > >Magnus Westerlund > >---------------------------------------------------------------------- >Services, Media and Network features, Ericsson Research EAB/TXM >---------------------------------------------------------------------- >Ericsson AB | Phone +46 10 7148287 >F=C3=A4r=C3=B6gatan 6 | Mobile +46 73 0949079 >SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com >---------------------------------------------------------------------- > From nobody Thu Feb 19 14:15:08 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 371C41A036F for ; Thu, 19 Feb 2015 14:15:07 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xs5vc67qC2Vt for ; Thu, 19 Feb 2015 14:15:05 -0800 (PST) Received: from mail-pd0-x232.google.com (mail-pd0-x232.google.com [IPv6:2607:f8b0:400e:c02::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B9591A001A for ; Thu, 19 Feb 2015 14:15:05 -0800 (PST) Received: by pdjy10 with SMTP id y10so2886780pdj.6 for ; Thu, 19 Feb 2015 14:15:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=jJh0QuCD1bcFazmH8oCfBvxtgHfHv2q+/hCei0u8D7s=; b=Ezp+RnSLwayzwvT79Uf+4amK1PPCYV6FdqTG/3/z/IW+3qcWYxsfZuIMd8Nxeou/xf brWsi9uEZfpvclrWFupr1f2aR4HfSTi/VhWLRof0j364F9GW4PHdwJTuTx6mOoWdqVUv 5hfab8xgcd8KlGcQ+pRjULumfqFnBlHke9DdasZfa27AFzOou7zMDjJc/VLFPjl1CzyI 0C7WPlUVD9RiCHjLD4JN+N74EtS1iV0ShABctPWJ/xkEps+msBLz5Hem5L0NJ66nJu9B ZV7E28I2aP6M7hDVI6Ijwmlx59FSh00N15Qt3DIkvE+dPYiLgMv0Vblm+qx3QvMP3Pm4 oN1g== MIME-Version: 1.0 X-Received: by 10.66.182.199 with SMTP id eg7mr3727718pac.57.1424384104333; Thu, 19 Feb 2015 14:15:04 -0800 (PST) Received: by 10.70.117.99 with HTTP; Thu, 19 Feb 2015 14:15:04 -0800 (PST) Received: by 10.70.117.99 with HTTP; Thu, 19 Feb 2015 14:15:04 -0800 (PST) Date: Thu, 19 Feb 2015 17:15:04 -0500 Message-ID: From: Julius Friedman To: Magnus Westerlund , Ron Frederick , avt@ietf.org Content-Type: multipart/alternative; boundary=047d7bd6c70a900721050f7844d1 Archived-At: Subject: [AVTCORE] On my erratum X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Feb 2015 22:15:07 -0000 --047d7bd6c70a900721050f7844d1 Content-Type: text/plain; charset=UTF-8 I had sent in an email with the subject "on the following erratum". That email was all but ignored by the IETF until recently. I am preparing a response but I think its faux paus that the erratum was voted against without first getting that input. With that being stated I am preparing a response. Please be patient so that I can include all relevant gripes and details. I have the response prepared and I am proof reading it, please allow me an additional day or two to respond and I will have the email out by the Friday February 20 2015 before 5 PM EST. Thanks. --047d7bd6c70a900721050f7844d1 Content-Type: text/html; charset=UTF-8

I had sent in an email with the subject "on the following erratum".

That email was all but ignored by the IETF until recently.

I am preparing a response but I think its faux paus that the erratum was voted against without first getting that input.

With that being stated I am preparing a response.

Please be patient so that I can include all relevant gripes and details.

I have the response prepared and I am proof reading it, please allow me an additional day or two to respond and I will have the email out by the Friday February 20 2015 before 5 PM EST.

Thanks.

--047d7bd6c70a900721050f7844d1-- From nobody Fri Feb 20 00:36:56 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 965D71A7D80 for ; Fri, 20 Feb 2015 00:36:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MqW4aoswHw97 for ; Fri, 20 Feb 2015 00:36:53 -0800 (PST) Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 951491A711A for ; Fri, 20 Feb 2015 00:36:52 -0800 (PST) X-AuditID: c1b4fb2d-f79fc6d000001087-c2-54e6f22286b9 Received: from ESESSHC007.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id AD.FE.04231.222F6E45; Fri, 20 Feb 2015 09:36:50 +0100 (CET) Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.41) with Microsoft SMTP Server id 14.3.210.2; Fri, 20 Feb 2015 09:36:50 +0100 Message-ID: <54E6F222.4030908@ericsson.com> Date: Fri, 20 Feb 2015 09:36:50 +0100 From: Magnus Westerlund User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Julius Friedman , Ron Frederick , References: In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrILMWRmVeSWpSXmKPExsUyM+Jvja7Sp2chBh8b9C1e9qxktzh+oonZ Yve/VmYHZo+XL26yeuycdZfdY8mSn0wBzFFcNimpOZllqUX6dglcGYffH2Ep2MNbsWz1b7YG xutcXYycHBICJhKHN11nhbDFJC7cW8/WxcjFISRwhFFiz5Ib7BDOckaJa3v/soBU8QpoS9zt mMkGYrMIqEpMPz6PEcRmE7CQuPmjESwuKhAssfj5U1aIekGJkzOfgPWKCORIPL6zg6mLkYND WEBKoulPLUhYSCBA4tzqvewgNqdAoMSFyVeYQUqYBTQl1u/SBwkzC8hLNG+dzQxRri3R0NTB OoFRYBaSBbMQOmYh6VjAyLyKUbQ4tbg4N93IWC+1KDO5uDg/Ty8vtWQTIzBMD275rbuDcfVr x0OMAhyMSjy8BoufhQixJpYVV+YeYpTmYFES57UzPhQiJJCeWJKanZpakFoUX1Sak1p8iJGJ g1OqgbFhL3fm4zYeZpvN8ddtFS6nT0i4WxQje+r6h5uTI1/Xt86pfhzIfG32qu4FDtUb/qko misc1XOZpJnSdfuDlJKgrH3Cn9dr9ogc/v7PdJVXx8bTfUm+H+XP1rd/El1aJi3E5pDkE3m9 cCkLl9tvHuX6J2snx0WsPCxx4rcDtzFbbJ7HIqHvfkosxRmJhlrMRcWJAMQVhE40AgAA Archived-At: Subject: Re: [AVTCORE] On my erratum X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2015 08:36:54 -0000 Julius, Rather than trying to edit the errata that you have submitted, lets discuss the issue you have on the mailing list. If we arrive that the issue is suitable for an errata, then lets formulate it and run an consensus call on it prior to submitting it to the RFC-editor. Also, please do not bunch issues together, especially not on issues that concerns different documents. Instead send separate emails with subjects stating what it concerns so that one can keep things separate and more follow any resulting discussion. Cheers Magnus On 2015-02-19 23:15, Julius Friedman wrote: > I had sent in an email with the subject "on the following erratum". > > That email was all but ignored by the IETF until recently. > > I am preparing a response but I think its faux paus that the erratum was > voted against without first getting that input. > > With that being stated I am preparing a response. > > Please be patient so that I can include all relevant gripes and details. > > I have the response prepared and I am proof reading it, please allow me > an additional day or two to respond and I will have the email out by the > Friday February 20 2015 before 5 PM EST. > > Thanks. > -- Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- From nobody Fri Feb 20 00:42:46 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B4E51A8032 for ; Fri, 20 Feb 2015 00:42:45 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -3.601 X-Spam-Level: X-Spam-Status: No, score=-3.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_22=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ye_Uq9OYz2dx for ; Fri, 20 Feb 2015 00:42:43 -0800 (PST) Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 497BC1A8029 for ; Fri, 20 Feb 2015 00:42:43 -0800 (PST) X-AuditID: c1b4fb30-f79106d000001184-aa-54e6f381d099 Received: from ESESSHC008.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id 40.65.04484.183F6E45; Fri, 20 Feb 2015 09:42:41 +0100 (CET) Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.44) with Microsoft SMTP Server id 14.3.210.2; Fri, 20 Feb 2015 09:42:40 +0100 Message-ID: <54E6F380.3070208@ericsson.com> Date: Fri, 20 Feb 2015 09:42:40 +0100 From: Magnus Westerlund User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Ross Finlayson References: <54E1AD84.80805@ericsson.com> In-Reply-To: Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 8bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrCLMWRmVeSWpSXmKPExsUyM+JvjW7j52chBn/nCVm87FnJbjG18T+r A5PHkiU/mTxWL/nDGsAUxWWTkpqTWZZapG+XwJVx9fgG1oJOsYrZax6zNTBOEOxi5OSQEDCR eL5tBjuELSZx4d56ti5GLg4hgSOMEl8mrWSFcJYzSjyYspsVpIpXQFuiZ8NqJhCbRUBV4vjf 32DdbAIWEjd/NLKB2KICwRKLnz+FqheUODnzCUsXIweHiICWxNVJNSBhZgEhidNzvoGVCAvY SyyYsxrMFhKIkZh9/D4zSDknUHzFRgmIcgOJI4vmsELY8hLNW2czQ5RrSzQ0dbBOYBSchWTZ LCQts5C0LGBkXsUoWpxanJSbbmSkl1qUmVxcnJ+nl5dasokRGKwHt/w22MH48rnjIUYBDkYl Hl6Dxc9ChFgTy4orcw8xSnOwKInz2hkfChESSE8sSc1OTS1ILYovKs1JLT7EyMTBKdXAuPVv 32tt12zDMHOdBUI6R2JOTzqkdZ99U6fdi8BrW2Nn73iy/oR+8WT7HTrPgs3ZkwPmbzTPU5tx +7v90Qctl5W38Xxln+3LtoYpWuES2/M5eyJ9hZ86Gh+1Oxfs0yEmb7ybbR5/rsP09VOk0o/b 1eZEnmS4Hfdr9ccHbXsTTRN/CO9QZj9zQImlOCPRUIu5qDgRAByx8+Q3AgAA Archived-At: Cc: avt@ietf.org Subject: Re: [AVTCORE] Summary of AVTCORE WG's Errata decisions X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2015 08:42:45 -0000 Ross, Yes, I think this is appropriate for an editorial errata. Can you please write this up in an email form based on the Errata template: The old text: New text: Notes: Cheers Magnus On 2015-02-19 11:16, Ross Finlayson wrote: > >> On Feb 16, 2015, at 9:42 PM, Magnus Westerlund >> > > wrote: >> >> ADs, >> >> Here is a current summary of the Erratas that are in reported state for >> the AVT WG (AVTCORE has no reported Errata) > > FYI, last August I reported a minor bug (email copied below) in RFC 3711 > (SRTP). IMHO, this should be added to the RFC 3711 errata at some point... > > > >> Begin forwarded message: >> >> *From: *Ross Finlayson > > >> *Subject: **Minor bug in RFC 3711 (SRTP), FYI* >> *Date: *August 10, 2014 at 5:57:22 PM GMT+12 >> *Cc: *avt@ietf.org >> *To: *mbaugher@cisco.com , >> elisabetta.carrara@ericsson.com >> , mcgrew@cisco.com >> , mats.naslund@ericsson.com >> , karl.norrman@ericsson.com >> >> >> In section 3.4 ("Secure RTCP"), there is a bug in "Figure 2. An >> example of the format of a Secure RTCP packet..." >> >> 0 1 2 3 >> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+<+ >> |V=2|P| RC | PT=SR or RR | length | | >> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | >> >> The boundary between the "PT=SR or RR" and the "length" fields is >> wrong: The boundary is shown as being between bits 16 and 17; it >> should be between bits 15 and 16. I.e., the "PT=SR or RR" field >> should be 8 bits long, not 9. >> >> This is just a minor bug, because the equivalent diagram in RFC 3550 >> (the normative reference for RTCP) is correct. Nonetheless, this bug >> should probably be added to the errata for RFC 3711 >> >> Ross Finlayson >> Live Networks, Inc. >> http://www.live555.com/ >> > -- Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 F�r�gatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- From nobody Fri Feb 20 01:07:18 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 262B71A8718 for ; Fri, 20 Feb 2015 01:07:18 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s58K2fBOK3Zk for ; Fri, 20 Feb 2015 01:07:14 -0800 (PST) Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2660C1A8714 for ; Fri, 20 Feb 2015 01:07:13 -0800 (PST) X-AuditID: c1b4fb2d-f79fc6d000001087-9a-54e6f940937c Received: from ESESSHC017.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 3A.E4.04231.049F6E45; Fri, 20 Feb 2015 10:07:12 +0100 (CET) Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.71) with Microsoft SMTP Server id 14.3.210.2; Fri, 20 Feb 2015 10:07:11 +0100 Message-ID: <54E6F93F.9010307@ericsson.com> Date: Fri, 20 Feb 2015 10:07:11 +0100 From: Magnus Westerlund User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: "Paul E. Jones" , IETF AVTCore WG , , "David Benham (dbenham)" References: In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrKLMWRmVeSWpSXmKPExsUyM+Jvja7Dz2chBvN3yFu87FnJbnHm1zwm i1Un/rFanL+wgcmBxWPK742sHkuW/GTyaNh3lD2AOYrLJiU1J7MstUjfLoErY9qt7awFm0Mr ts0OamA869LFyMkhIWAicf/7E1YIW0ziwr31bCC2kMARRolnq3y7GLmA7OWMEq0HuthBErwC 2hIzp54Bs1kEVCVWrjjJBGKzCVhI3PzRCNYsKhAssfj5U1aIekGJkzOfsIAMEhGYwCjxddUU RpCEsECoROPSnUDNHEAbbCVenywCCXMK2Ens3XqAHSTMLKApsX6XPkiYWUBeonnrbGaI27Ql Gpo6WCcwCsxCsmEWQscsJB0LGJlXMYoWpxYX56YbGeulFmUmFxfn5+nlpZZsYgSG68Etv3V3 MK5+7XiIUYCDUYmH12DxsxAh1sSy4srcQ4zSHCxK4rx2xodChATSE0tSs1NTC1KL4otKc1KL DzEycXBKNTByyuz8+OJ4l6/mzTq5B4Llrb6pwYqTNjo0ml3fkeWZliZ7XmqO5jSp9fuLKq7d zgl6cii/7u/Bicdm/FX1tti7TiUkaQ2/slpghMwa98K1ekvk7dgOhssV7J0wRamuO5hL6dzS 05oPoiYttDxzPS/lAbuGieCfgw43N6w489BOZkmczVG+mfFKLMUZiYZazEXFiQBp0Ux0OAIA AA== Archived-At: Subject: Re: [AVTCORE] Design choice comments on draft-jones-avtcore-private-media-framework-00 X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2015 09:07:18 -0000 Hi, Please see inline. On 2015-02-19 17:04, Paul E. Jones wrote: > Magnus, > >> Hi, >> (As individual) >> >> I have just reviewed the draft and are supportive of work in this field. >> However, I have some really high level comments in regards to the design >> choices. >> >> 1. Supported RTP topologies >> >> I think you will need to discuss a bit more which RTP topologies that >> the framework should support. The current draft supports only basic >> transport translators (Relay) to my understanding, because of it >> preventing rewriting of RTP sequence number as well as the SSRC. Thus, >> all RTP streams sent to the server must be forwarded to all other >> participants. >> >> I believe the intention of the document is to support at least Selective >> Forwarding Middlebox (SFM). However, to support such a topology and be >> able to suspend delivery of some media streams, then RTP sequence number >> rewriting becomes a requirement to keep the media streams compliant with >> current RTP specification. >> >> Also people who have been building conferencing middleboxes also uses >> other topologies, for example the RTP mixer in also used to build >> switching mixers. Where an SSRC can represent a role rather than a >> original sender. >> >> I think there is need to have some discussion of which RTP topologies >> this type of solution intends to support so that one can determine which >> RTP field behaviours that is to be expected and need to be dealt with. >> >> I would appreciate your view of what you see as needed to be supported. > > I agree that we will need to elaborate a bit more on that, but it's not > clear to me if any of the existing topologies that are defined match > exactly. The desire to prevent changes to the RTP headers means that > something else is needed in order to properly forward media (e.g., a > header extension) and account for packet loss, handle congestion issues, > etc. Lets discuss this more, but I like to state my personal position here. I much rather see the security solution take the current RTP into account, rather than forcing us to redefine RTP and make changes to how existing and working mechanisms function. In this case I am especially concerned your disregard to ensure that the RTP sequence numbers will be sent without sender side gaps in the sequence. This as it impacts the existing packet loss detection and reporting mechanisms. > > We've been more focused on what we want to accomplish than trying to fit > the solution into a specific topology. I think we can get there, but we > need more discussion as a group. I think that is fine, but you appear to have jumped to conclusions and suggested technical solutions that consider the security goals but not the RTP implications. Thus, I would suggest that you focus on making clear the high level security requirements and then factor in the existing RTP and its impact on possible solutions. > > > >> 2. Additional privacy concerns in RTP/RTCP. >> >> The proposed framework protects the RTP payloads and their media content >> from the middle. However, the document fails to discuss if privacy >> protection is needed either for the RTP header extensions themselves or >> if any RTCP packets or their content is privacy sensitive. >> >> The RTP header extensions that are defined in IETF, as well as the two >> 3GPP has registered appears to be privacy sensitive in any way. However, >> the big picture issue is that RTP header extensions do not require to be >> standardized. The registration requires only an Expert Review, and they >> are trivial to use for proprietary extension. So we have no idea what >> might be showing up here. I could easily believe that someone would for >> example include a geolocation attached to a video stream to capture >> where for example a airborne drone where when capturing the video. >> Suddenly you have data that is privacy sensitive and may require end to >> end protection. >> >> In RTCP you already today have some parts that are privacy sensitive. >> For example all the SDES items with the exception of CNAME (if generated >> correctly) can contain privacy sensitive data. Also the APP RTCP packet >> type might contain data that needs to be protected end to end. >> >> Thus I think you need to consider if there are need for additional >> protection mechanisms to realize the goals of this framework. To me it >> appears that this are reasonably straightforward SRTP extensions that >> could solve these issues if they are considered necessary to resolve. >> Even if the initial solution doesn't provide a fully specified solution, >> I think it is important to ensure that the framework do support a >> solution to specified at a later stage. > > The intention was the RTP header extensions and RTCP could optionally be > encrypted using the SRTP keys exchanged as they are today. This would > be done hop-by-hop. This does not provide for end-to-end privacy, of > course. That fits with the goals we've stated in the requirements > document. We're not trying to hide the fact that two people > communicated, for example, but we do not want to disclose what is being > communicated. > > If there is truly a need to encrypt end-to-end such that middle boxes > cannot gain access to some RTP header extensions or some RTCP data > fields, I would assert we need to define a way to allow some header > extensions and some RTCP header fields to be visible hop-by-hop. We do > want to enable middleboxes to be able to collect and use RTCP > statistics, for example. We also want to allow them to have access to > any header extension that help facilitate packet forwarding and processing. I fully agree that there MUST be possibility to have both RTP header extensions as well as many type of RTCP packets to be only protected hop by hop. The core of my comment is rather that the solution appear to need to take into account the likely need for end-to-end protection of other RTP/RTCP fields and actively discuss in its security considerations the privacy risk from some existing RTP/RTCP protocol elements, specifically the RTCP SDES items. > > >> >> 3. What must be in the trusted zone? >> >> Looking at the description it looks like the solution is missing one >> important part in the trusted zone. That is the list of identities or >> secret that enables an invited / allowed participant to participate in a >> particular conference. That functionality is key component of the >> security solution. How else is the KMF going to be able to determine >> which asserted identities that are allowed to get the EKT, thus being >> able to get access to the media. >> >> I understand the need for having solution agility when it comes to >> identity solutions, however the functionality and the requirement on it >> I think needs to be described in this type of framework. > > This framework is only focused on the media aspects. The approach we're > taking here is that there is some kind of exchange that happens between > the endpoint and the KMF or some other trusted entity that exists in the > signaling plane. It is through this signaling that a determination is > made as to what endpoint can have access to the keys for a particular > conference. We expect that fingerprint for the endpoint certificate > would be exchanged with the KMF and vice versa. I think that is not sufficient as it can not ensure the security goals of providing confidentiality. Without explicitly discussing the fact that there is a set of trusted participants and the need for a mechanism to verify that a endpoint is representing that such a participant the solution is flawed. I fully understand that there is need to enable multiple technical solutions for verifying that identity, however if the intention is to provide a framework for solving this issue, the requirement on parts that are outside of this WGs main expertise, namely RTP must still be discussed. > > When the DTLS connection is made to the switching conference server, > that would be tunneled (via a protocol we've defined but not published) > from the switching conference server to the KMF. Effectively, the > endpoint and KMF establish a DTLS connection. The KMF would recognize > the user as belonging to a particular conference and provide the SRTP > keys (using DTLS-SRTP procedures) and the EKT key (via the EKT > procedures). One thing I would like to add to the EKT draft is some > piece of data that indicates what the conference identifier is. I would > like the endpoint to convey that information as part of the EKT > exchange, but no such field exists today. I would also like the > conference server to convey the conference identifier for comparison. I do wonder about this part of the solution. Why the structure you have selected? Another potential solution is clearly to run two different DTLS-SRTP handshakes, one directly between endpoint and KMT, the other between the endpoint and server. Once more I think you jumped into solution without motivating why you think the proposed solution is the appropriate. > > So, the framework is clearly not complete even on the media side. There > are some editor's notes and perhaps additional items (like the field for > the conference identifier). However, I would prefer to keep the > signaling that happens before this point separate. The reason is that I > can imagine that a number of different mechanisms might exists. For a > WebRTC client, for example, the signaling might be entirely proprietary. > For SIP devices, we then also have to worry with securing the signaling > exchanges That's important, but I think that can be done in parallel > and independently of this media-focused draft. Fully agree about the need for different signalling mechanism. However, to me it appears there need to be one or a small set of solution or at least hooks for how the KMT can verify the endpoint's right to be in particular session. I hope that you can take this discussion into account and improve your framework document to clearer on what you see as the minimal necessary functions in a solution. And when having established that can go into a discussion of proposed solutions to realize that. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- From nobody Fri Feb 20 08:50:49 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A6EF1A0366 for ; Fri, 20 Feb 2015 08:50:48 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QlnE9kX5rbqK for ; Fri, 20 Feb 2015 08:50:45 -0800 (PST) Received: from haggis.mythic-beasts.com (haggis.mythic-beasts.com [IPv6:2a00:1098:0:86:1000:0:2:1]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 734141A1A96 for ; Fri, 20 Feb 2015 08:50:44 -0800 (PST) Received: from [130.209.247.112] (port=64951 helo=mangole.dcs.gla.ac.uk) by haggis.mythic-beasts.com with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from ) id 1YOqmk-0003yQ-TQ; Fri, 20 Feb 2015 16:50:40 +0000 Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 $1878.6$) From: Colin Perkins In-Reply-To: <54E59970.6040804@ericsson.com> Date: Fri, 20 Feb 2015 16:50:32 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: References: <54E59970.6040804@ericsson.com> To: Magnus Westerlund X-Mailer: Apple Mail (2.1878.6) X-BlackCat-Spam-Score: -28 X-Mythic-Debug: Threshold = On = Archived-At: Cc: varun@comnet.tkk.fi, IETF AVTCore WG Subject: Re: [AVTCORE] My comments on draft-ietf-avtcore-rtp-circuit-breakers-08 X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2015 16:50:48 -0000 Hi, On 19 Feb 2015, at 08:06, Magnus Westerlund = wrote: > Hi, >=20 > I have just reviewed the latest version of circuit breakers and have = the > following feedback. >=20 > I think the document has improved since I last reviewed it (-05) but I > think the following issue is not yet addressed from my previous = review. >=20 >> 7) Section 5: >>=20 >> As there is a difference between CB #1 and #3 and #2 that has to do >> with that the first (#1 and #3) uses incoming RTCP reports and that = #2 >> uses the CB implementers estimate of what the regular reporting >> interval is. Thus, I wonder if there needs to exist include a >> reflection over t_rr_int as well as the RTCP SSRC timeout calculation >> that we recommend to use 5 seconds as fixed minimal value in those >> calculations (if 5 sec larger than t_rr_int). >=20 > I will see if I can propose some text to address this. I=92m not sure how T_tt_interval affects the performance, so suggestions = would be welcomed. > I also think there is need for scaling the number of reporting = intervals > it takes to trigger the circuit breakers when using AVPF or reduced > minimum. Especially for AVPF there will be a lot of false triggering = due > to relatively short time intervals that the circuit breakers will = sample > over. I think it=92s clear we should scale the number of reporting intervals = needed to trigger the circuit breaker inversely with the duration of the = reporting interval, so it takes a roughly constant amount of time to = trigger. We need to write this up and simulate it=92s performance.=20 Do you see RTP/AVPF impacting this differently to the impact of using = the reduced minimum interval? (Or is this the T_rr_interval issue?) > I would really like to have proposals for all open issues in the draft > prior to the upcoming meetings deadline. I really like to be able to > have this go to WG last call soon after the Dallas meeting. Sure, agree. --=20 Colin Perkins https://csperkins.org/ From nobody Fri Feb 20 12:49:58 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3C9481A87B0 for ; Fri, 20 Feb 2015 12:49:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.01 X-Spam-Level: X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XPpcemR3i_5O for ; Fri, 20 Feb 2015 12:49:50 -0800 (PST) Received: from BLU004-OMC3S12.hotmail.com (blu004-omc3s12.hotmail.com [65.55.116.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E4911A879F for ; Fri, 20 Feb 2015 12:49:50 -0800 (PST) Received: from BLU181-W18 ([65.55.116.72]) by BLU004-OMC3S12.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); Fri, 20 Feb 2015 12:49:49 -0800 X-TMN: [StU57jYClUle919AfKtRXZGW7WO9Wuut] X-Originating-Email: [bernard_aboba@hotmail.com] Message-ID: Content-Type: multipart/alternative; boundary="_5973caba-cd32-421c-8066-e48645d19e70_" From: Bernard Aboba To: Magnus Westerlund , IETF AVTCore WG Date: Fri, 20 Feb 2015 12:49:48 -0800 Importance: Normal In-Reply-To: <54E6F93F.9010307@ericsson.com> References: , <54E6F93F.9010307@ericsson.com> MIME-Version: 1.0 X-OriginalArrivalTime: 20 Feb 2015 20:49:49.0418 (UTC) FILETIME=[C48E1CA0:01D04D4E] Archived-At: Subject: Re: [AVTCORE] Design choice comments on draft-jones-avtcore-private-media-framework-00 X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2015 20:49:55 -0000 --_5973caba-cd32-421c-8066-e48645d19e70_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Magnus said:=20 > Lets discuss this more=2C but I like to state my personal position here. = I > much rather see the security solution take the current RTP into account= =2C > rather than forcing us to redefine RTP and make changes to how existing > and working mechanisms function. In this case I am especially concerned > your disregard to ensure that the RTP sequence numbers will be sent > without sender side gaps in the sequence. This as it impacts the > existing packet loss detection and reporting mechanisms. [BA] I agree with Magnus here. Re-defining RTP is a last resort=2C and ev= ery possible effort should be made to avoid it.=20 =20 AFAIK=2C SSRC re-writing is very common in SFUs today=2C even in simulcast-= only implementations. =20 Sequence number rewriting is a requirement in all SFUs that support SRST tr= ansport for SVC (e.g. VP8=2C VP9=2C H.264/SVC=2C H.265 and H.265/SVC).=20 =20 In general=2C it seems possible to avoid these issues by taking the approac= h advocated in draft-cheng-srtp-cloud: providing additional fields within = the encrypted payload=2C rather than assuming that the SFU passes the SSRC = and sequence number fields unmodified. =20 =20 The disadvantage of this approach is a potential decrease in the maximum pa= yload size=2C but presumably the encoder can take this into account. =20 =20 =20 =20 = --_5973caba-cd32-421c-8066-e48645d19e70_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Magnus said:

>=3B Lets= discuss this more=2C but I like to state my personal position here. I
&= gt=3B much rather see the security solution take the current RTP into accou= nt=2C
>=3B rather than forcing us to redefine RTP and make changes to = how existing
>=3B and working mechanisms function. In this case I am e= specially concerned
>=3B your disregard to ensure that the RTP sequenc= e numbers will be sent
>=3B without sender side gaps in the sequence. = This as it impacts the
>=3B existing packet loss detection and reporti= ng mechanisms.

[BA] I agree with Magnus here. =3B =3B Re-def= ining RTP is a last resort=2C and every possible effort should be made to a= void it.
=3B
AFAIK=2C SSRC re-writing is very common in SFUs to= day=2C even in simulcast-only implementations. =3B =3B
Sequence = number rewriting is a requirement in all SFUs that support SRST transport f= or SVC (e.g. VP8=2C VP9=2C H.264/SVC=2C H.265 and H.265/SVC).
=3B<= BR>In general=2C it seems possible to avoid these issues by taking =3Bt= he approach advocated in draft-cheng-srtp-cloud: =3B providing addition= al fields within the encrypted payload=2C rather than assuming that the SFU= passes the SSRC and sequence number fields unmodified. =3B
= =3B
The disadvantage of this approach is a potential decrease in the max= imum payload size=2C but presumably the encoder can take this into account.= =3B
=3B
=3B
=3B

= --_5973caba-cd32-421c-8066-e48645d19e70_-- From nobody Fri Feb 20 14:03:29 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFDDD1A019B for ; Fri, 20 Feb 2015 14:03:28 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CrAplEzPqTAe for ; Fri, 20 Feb 2015 14:03:27 -0800 (PST) Received: from mail-pa0-x22c.google.com (mail-pa0-x22c.google.com [IPv6:2607:f8b0:400e:c03::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 108AC1A0194 for ; Fri, 20 Feb 2015 14:03:26 -0800 (PST) Received: by padfb1 with SMTP id fb1so11112553pad.8 for ; Fri, 20 Feb 2015 14:03:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=f1K7FibP+8Z6kT2vlJgcIL560K8btAuSp6BfkG3CquY=; b=qI5SvvvaZQ/vyHD9s0EIxwjDhOOe62aK7H4exVTkUsjX5r9Q6L14MhCqUjO7h8GdSq 2kGbav1QQ5URILBO3QfS8NvpvuTRqBm8c44LihJpo5Z2jNds/PZSSIygl6CXuF5x53Qh tjDzH2nRFd+X+RByn7aeUCFDp9+D7yRI78IOhmh45IfSapb1JhpwD/ffB9xcBhSqAtaM AonMAr3O9n3DdhGObLkalXuDs6qkW9gsGBTvHGeGniEOrOZuY5O2BPqP3djPYNYizv/l 7Gd6DBCmfjp954oYA6byaHahqk4GRntRyqNkKW1xpmUgKuCPO4X3RkJNUfBWDdYNdtvg Xf6A== MIME-Version: 1.0 X-Received: by 10.68.204.39 with SMTP id kv7mr20189319pbc.49.1424469806208; Fri, 20 Feb 2015 14:03:26 -0800 (PST) Received: by 10.70.117.99 with HTTP; Fri, 20 Feb 2015 14:03:26 -0800 (PST) Date: Fri, 20 Feb 2015 17:03:26 -0500 Message-ID: From: Julius Friedman To: avt@ietf.org Content-Type: multipart/alternative; boundary=e89a8f234a31cade9d050f8c38a5 Archived-At: Subject: [AVTCORE] On my recently submitted errata X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Feb 2015 22:03:28 -0000 --e89a8f234a31cade9d050f8c38a5 Content-Type: text/plain; charset=UTF-8 I have sent he preliminary copy of what I hope will allow for the updates I suggest as improvements to the various standards in question however I did not send such document to the list in public as of yet. I move to make no excuses for my delay however there is a lot of subject material both to reference and disambiguate and as a result Magnus and Ron have a copy of the document and I will address the list in public as appropriate in due course, I appreciate your patience in this matter. I am sure you will be updated as appropriate. Sincerely, Julius Friedman --e89a8f234a31cade9d050f8c38a5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

I have sent he preliminary copy of what I hope will allow = for the updates I suggest as improvements to the various standards in quest= ion however I did not send such document to the list in public as of yet.

I move to make no excuses for my delay however there is a= lot of subject material both to reference and disambiguate and as a result= Magnus and Ron have a copy of the document and I will address the list in = public as appropriate in due course, I appreciate your patience in this mat= ter.

I am sure you will be updated as appropriate.=

Sincerely,

Julius Friedman

--e89a8f234a31cade9d050f8c38a5-- From nobody Mon Feb 23 04:16:19 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DB301A1A73; Mon, 23 Feb 2015 04:16:16 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FWorUWRlQWG3; Mon, 23 Feb 2015 04:16:13 -0800 (PST) Received: from emvm-gh1-uea08.nsa.gov (emvm-gh1-uea08.nsa.gov [63.239.67.9]) by ietfa.amsl.com (Postfix) with ESMTP id B806E1A1A72; Mon, 23 Feb 2015 04:16:12 -0800 (PST) X-TM-IMSS-Message-ID: <2c469c850002d0e0@nsa.gov> Received: from MSHT-GH1-UEA01.corp.nsa.gov (msht-gh1-uea01.corp.nsa.gov [10.215.227.18]) by nsa.gov ([63.239.67.9]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 2c469c850002d0e0 ; Mon, 23 Feb 2015 07:16:30 -0500 Received: from MSMR-GH1-UEA01.corp.nsa.gov (10.215.225.4) by MSHT-GH1-UEA01.corp.nsa.gov (10.215.227.18) with Microsoft SMTP Server (TLS) id 14.2.347.0; Mon, 23 Feb 2015 07:16:05 -0500 Received: from MSMR-GH1-UEA03.corp.nsa.gov ([10.215.224.3]) by MSMR-GH1-UEA01.corp.nsa.gov ([10.215.225.4]) with mapi id 14.02.0347.000; Mon, 23 Feb 2015 07:16:04 -0500 From: "Igoe, Kevin M." To: 'Magnus Westerlund' , 'David McGrew' Thread-Topic: Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS) Thread-Index: AQHP83PgqVzDocYf9UC217fNF4hOKZxHcuyQgABb2YCAAAOhAIAAE5YAgAAOCQCAAAKygIAACCmAgI/US4CADNZ3AIAEhLyAgAC2aACAAPjAgIAH4VyAgAZouoCABa+doA== Date: Mon, 23 Feb 2015 12:16:03 +0000 Message-ID: <3C4AAD4B5304AB44A6BA85173B4675CABC7E6949@MSMR-GH1-UEA03.corp.nsa.gov> References: <20141029122825.18943.78129.idtracker@ietfa.amsl.com> <3C4AAD4B5304AB44A6BA85173B4675CABC709A18@MSMR-GH1-UEA03.corp.nsa.gov> <545151F9.9050502@cs.tcd.ie> <54516572.8020601@cs.tcd.ie> <5451737B.6060504@cs.tcd.ie> <2D4BE3ED-840A-444C-9D18-09BC3D937D64@cisco.com> <54CA135D.3020304@ericsson.com> <54D4D840.4080808@cs.tcd.ie> <54D8A297.9090505@ericsson.com> <54D93B9A.9090409@cs.tcd.ie> <54DA0C45.2030609@ericsson.com> <54E608E5.1070102@ericsson.com> In-Reply-To: <54E608E5.1070102@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.215.224.46] Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Cc: "'avtcore-chairs@tools.ietf.org'" , "'draft-ietf-avtcore-srtp-aes-gcm@tools.ietf.org'" , 'The IESG' , 'IETF AVTCore WG' , 'Stephen Farrell' Subject: Re: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS) X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 12:16:16 -0000 I am content with that. > -----Original Message----- > From: Magnus Westerlund [mailto:magnus.westerlund@ericsson.com] > Sent: Thursday, February 19, 2015 11:02 AM > To: David McGrew > Cc: Stephen Farrell; avtcore-chairs@tools.ietf.org; draft-ietf-avtcore-sr= tp-aes-gcm@tools.ietf.org; The IESG; Igoe, Kevin M.; IETF > AVTCore WG > Subject: Re: Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm= -14: (with DISCUSS) >=20 > On 2015-02-15 15:09, David McGrew wrote: > > > > My opinion is: it would be best to preserve the existing specification > > and implementation work, and retain all ten crypto suite definitions. > > But if we want to make SRTP-AEAD be the first instance in which the > > IETF will prioritize simplicity over variety and diversity, I'm good > > with that, because I certainly see the value of simplicity; then my > > recommendation would be to eliminate the four 12-octet authentication > > versions. That would leave just six crypto suites, with two different > > modes of operation, two different key sizes, and two different tag > > lengths (but not all tag lengths for all modes), like this: > > > > srtp-crypto-suite-ext =3D "AEAD_AES_128_GCM" / > > "AEAD_AES_256_GCM" / > > "AEAD_AES_128_CCM" / > > "AEAD_AES_256_CCM" / > > "AEAD_AES_128_CCM_8" / > > "AEAD_AES_256_CCM_8" / > > >=20 > Stephen, WG >=20 > Having looked at the feedback provided in this discussion so far, I think= the above set of 6 are a reasonable selection without unduly > limiting functionality, but removing the four least necessary profiles. >=20 > My proposal is that if no one is disagreeing with this in the next week (= Prior to Feb 26 at 16:30 UTC) we use it. If someone disagrees we > hold a discussion at the informal IESG telechat on how to proceed. >=20 > Cheers >=20 > Magnus Westerlund >=20 > ---------------------------------------------------------------------- > Services, Media and Network features, Ericsson Research EAB/TXM > ---------------------------------------------------------------------- > Ericsson AB | Phone +46 10 7148287 > F=E4r=F6gatan 6 | Mobile +46 73 0949079 > SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com > ---------------------------------------------------------------------- From nobody Mon Feb 23 05:34:02 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3C6E1A1B6F for ; Mon, 23 Feb 2015 05:34:00 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id duydm6qQLpDj for ; Mon, 23 Feb 2015 05:33:58 -0800 (PST) Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97C2E1A1B20 for ; Mon, 23 Feb 2015 05:33:50 -0800 (PST) X-AuditID: c1b4fb3a-f79116d000000fec-66-54eb2c3c518c Received: from ESESSHC011.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 90.EA.04076.C3C2BE45; Mon, 23 Feb 2015 14:33:48 +0100 (CET) Received: from ESESSMB209.ericsson.se ([169.254.9.214]) by ESESSHC011.ericsson.se ([153.88.183.51]) with mapi id 14.03.0210.002; Mon, 23 Feb 2015 14:33:47 +0100 From: Christer Holmberg To: "avt@ietf.org" Thread-Topic: WGLC: draft-ietf-straw-b2bua-rtcp-03.txt Thread-Index: AdBPa6G93iYYLgF6Tt2JeXOX3wxijQAATThQ Date: Mon, 23 Feb 2015 13:33:46 +0000 Message-ID: <7594FB04B1934943A5C02806D1A2204B1D714D50@ESESSMB209.ericsson.se> References: <7594FB04B1934943A5C02806D1A2204B1D713C28@ESESSMB209.ericsson.se> In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1D713C28@ESESSMB209.ericsson.se> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [153.88.183.148] Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B1D714D50ESESSMB209erics_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrHLMWRmVeSWpSXmKPExsUyM+Jvja6NzusQgzu3hSxe9qxkd2D0WLLk J1MAYxSXTUpqTmZZapG+XQJXxt2NH1gLzphXTHn0kK2BcaZhFyMnh4SAiUT/4olsELaYxIV7 64FsLg4hgSOMEod/vWeBcJYwSuxvmgbkcHCwCVhIdP/TBmkQEVCUaL32mREkLCxgKvG2MwQi bCYxb34vO4RtJPF38nUwm0VAVWLK5W5WEJtXwFfi8ubLYHEhIHvirJUsIDangJ/Eos0vwO5h BLrn+6k1TCA2s4C4xK0n85kg7hSQWLLnPDOELSrx8vE/VghbSaJxyRNWiPp8icOb1jFC7BKU ODnzCcsERpFZSEbNQlI2C0kZRFxHYsHuT2wQtrbEsoWvmWHsMwceMyGLL2BkX8UoWpxaXJyb bmSkl1qUmVxcnJ+nl5dasokRGEEHt/y22sF48LnjIUYBDkYlHt4N01+FCLEmlhVX5h5ilOZg URLntTM+FCIkkJ5YkpqdmlqQWhRfVJqTWnyIkYmDU6qBcfX7Xeum/v0m88RzW/qEmEsmp/cb hum+Snjo/ZY3aN3OA8rBpi1XFgjXdDvFThG5VXkk87j3nmWP84+KKP46qN78L/LmRnnHI1Yy S8ONvOwkM7jc1m0/EHarWd34ACNP8q3/AgU2EgrJy65Pt0xj1cmbZlqRUXyi1qM+VsvbZ/GO xCU7X825o8RSnJFoqMVcVJwIALW0lxyBAgAA Archived-At: Subject: [AVTCORE] FW: WGLC: draft-ietf-straw-b2bua-rtcp-03.txt X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 13:34:00 -0000 --_000_7594FB04B1934943A5C02806D1A2204B1D714D50ESESSMB209erics_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable FYI, The STRAW WG has announced WGLC for the following draft: draft-ietf-straw-b2bua-rtcp-03.txt Some of the discussions on the draft have been about RTP terminology, and t= he relationship to AVTCORE. For that reason, the STRAW WG chairs think it would be very good if some fr= om the AVT community would be able to perform a WGLC review of the draft. Please post any review comments on the STRAW list. Thanks! Christer & Victor STRAW chairs From: straw [mailto:straw-bounces@ietf.org] On Behalf Of Christer Holmberg Sent: 23 February 2015 15:23 To: straw@ietf.org Cc: draft-ietf-straw-b2bua-rtcp.all@tools.ietf.org Subject: [straw] WGLC: draft-ietf-straw-b2bua-rtcp-03.txt (As co-chair) Hi, This is a working group last call announcement for draft-ietf-straw-b2bua-r= tcp-03.txt. The working group last call will run for 2,5 weeks, until Friday 13th (hope= fully it won't end in horror :). Please provide your comments on the STRAW list. Regards, Christer --_000_7594FB04B1934943A5C02806D1A2204B1D714D50ESESSMB209erics_ Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

FYI,=

The STRAW WG has annou= nced WGLC for the following draft:

draft-ietf-straw-b2bua= -rtcp-03.txt

Some of the discussion= s on the draft have been about RTP terminology, and the relationship to AVT= CORE.

For that reason, the S= TRAW WG chairs think it would be very good if some from the AVT community w= ould be able to perform a WGLC review of the draft.

Please post any review= comments on the STRAW list.

Thanks!

Christer & Victor<= o:p>

STRAW chairs

From: straw [mailto:straw-bounces@ietf.org] On Behalf Of Christer Holmberg
Sent: 23 February 2015 15:23
To: straw@ietf.org
Cc: draft-ietf-straw-b2bua-rtcp.all@tools.ietf.org
Subject: [straw] WGLC: draft-ietf-straw-b2bua-rtcp-03.txt=

(As co-chair)

Hi,

This is a working group last call announcement for d= raft-ietf-straw-b2bua-rtcp-03.txt.

The working group last call will run for 2,5 week= s, until Friday 13^th (hopefully it won’t end in horror :).=

Please provide your comments on the STRAW list.

Regards,

Christer

--_000_7594FB04B1934943A5C02806D1A2204B1D714D50ESESSMB209erics_-- From nobody Mon Feb 23 06:43:51 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9F01A1B00 for ; Mon, 23 Feb 2015 06:43:49 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cyRqKUKw-Nn5 for ; Mon, 23 Feb 2015 06:43:48 -0800 (PST) Received: from mail-wi0-x231.google.com (mail-wi0-x231.google.com [IPv6:2a00:1450:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F41291A1AD0 for ; Mon, 23 Feb 2015 06:43:47 -0800 (PST) Received: by mail-wi0-f177.google.com with SMTP id bs8so17567024wib.4 for ; Mon, 23 Feb 2015 06:43:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:subject:date:message-id:mime-version:content-type :thread-index:content-language; bh=25Tgfo5Fd0tEb3RURmF6Ut0eD73O/ldnIoTp2ls09CU=; b=La4pNCy+K/a7MRIhFKfmW24BZJYBrQQ/7AyQjuri/hTLFHfZMr5Y7PuVgg0sWi+RpN 9qISXjYKeFS7r8bBhG3hjR+QuN1bSyYG9y7sF1mPTcIg2JEXGgeabE42djc/pMaaXeKY JOsZGvou57FEFOESINDP8z2RDbLRVYCw/0qQ6lOcDNu6T6Ffq3OIlPPedxk7bf7MU8Jb ZkCFdGg4GbHUt/lqatihgfMTcvN20qFgb+rz2kzOiGE446iJRAheSufGE9yHPPk7AGaH QPTMdueTWSjqJK2hHhskNLjB+FxYbL/tPN22KPfWH8dyjxV4Gi7/KIeaBK7jysxeEPWI rD2w== X-Received: by 10.194.186.200 with SMTP id fm8mr23062810wjc.138.1424702626536; Mon, 23 Feb 2015 06:43:46 -0800 (PST) Received: from RoniE (bzq-79-177-192-183.red.bezeqint.net. [79.177.192.183]) by mx.google.com with ESMTPSA id n1sm16172266wib.11.2015.02.23.06.43.45 for (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 23 Feb 2015 06:43:45 -0800 (PST) From: "Roni Even" To: Date: Mon, 23 Feb 2015 16:43:43 +0200 Message-ID: <02eb01d04f77$2047e6f0$60d7b4d0$@gmail.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_02EC_01D04F87.E3D15330" X-Mailer: Microsoft Outlook 14.0 Thread-Index: AdBPdxzMF6BMTQNsT3+3vpeXXBY9Xg== Content-Language: en-us Archived-At: Subject: [AVTCORE] call for AVTcore agenda requests X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 14:43:49 -0000 This is a multipart message in MIME format. ------=_NextPart_000_02EC_01D04F87.E3D15330 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Hi, The preliminary agenda of IETF-92 was published. The AVTCORE WG meeting is scheduled as follows: Tuesday, March 24, 2015 1300-15000 Afternoon Session I Venetian RAI avtcore Audio/Video Transport Core Maintenance WG Note that this scheduling is subject to change. Please send the chairs your requests for agenda items. Thanks and Regards, Roni Even AVTCORE co-chair ------=_NextPart_000_02EC_01D04F87.E3D15330 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Hi,

The = preliminary agenda of IETF-92 was published. The AVTCORE WG meeting is = scheduled as follows:

Tuesday, = March 24, 2015

1300-15000 = Afternoon Session I

Venetian = RAI = = avtcore = &= nbsp; Audio/Video Transport Core = Maintenance WG

Note that = this scheduling is subject to change.

Please send = the chairs your requests for agenda items.

Thanks and = Regards,

Roni Even

AVTCORE = co-chair

------=_NextPart_000_02EC_01D04F87.E3D15330-- From nobody Mon Feb 23 08:13:22 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B88A31A1B96 for ; Mon, 23 Feb 2015 08:13:21 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.801 X-Spam-Level: X-Spam-Status: No, score=-2.801 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TzpbBGayqH2o for ; Mon, 23 Feb 2015 08:13:19 -0800 (PST) Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9154A1A1B81 for ; Mon, 23 Feb 2015 08:13:16 -0800 (PST) X-AuditID: c1b4fb30-f79626d000003cf6-48-54eb519a2867 Received: from ESESSHC012.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id CB.9C.15606.A915BE45; Mon, 23 Feb 2015 17:13:14 +0100 (CET) Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.56) with Microsoft SMTP Server id 14.3.210.2; Mon, 23 Feb 2015 17:13:13 +0100 Message-ID: <54EB5198.2070803@ericsson.com> Date: Mon, 23 Feb 2015 17:13:12 +0100 From: Magnus Westerlund User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Colin Perkins References: <54E59970.6040804@ericsson.com> In-Reply-To: Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 8bit X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrHLMWRmVeSWpSXmKPExsUyM+Jvje6swNchBj2PTCxe9qxkt1j+8gSj xYwTHA7MHmeXTWXymHb/PpvHkiU/mQKYo7hsUlJzMstSi/TtErgyJjxYylhwVafi5oFZjA2M N5S7GDk5JARMJK59XM0OYYtJXLi3nq2LkYtDSOAIo0R391pWCGc5o8S+GY+ZQKp4BbQl3j0/ CdbBIqAq8WbBWzCbTcBC4uaPRjYQW1QgWGLx86esEPWCEidnPmEBsUWA6ncc/8fYxcjBwSxg KTH1qx5IWFjATWLb1r9g5UICCRItG7qZQWxOAUeJb1c/gcWZBQwkjiyaA2XLSzRvnc0MUa8t 0dDUwTqBUXAWkm2zkLTMQtKygJF5FaNocWpxUm66kZFealFmcnFxfp5eXmrJJkZgAB/c8ttg B+PL546HGAU4GJV4eDdMfxUixJpYVlyZe4hRmoNFSZzXzvhQiJBAemJJanZqakFqUXxRaU5q 8SFGJg5OqQbGhIQ1qssVMyMrKjcsuyPe7hbIdDtm+WrzN/b2D/7dNdim35Ym6z7XaslHrzaF 327mDZIPV59a/UFPUWp36rXVuXxrTENk9ZRXbGC+L1N/3Hr7qvO2GsZxU59p+SQEb31S9HFG 2p2df/9OMz7by6t0dHHu/dtrnVrbgo3vbVx/qjg+4kFzbuwdJZbijERDLeai4kQAgHva7kEC AAA= Archived-At: Cc: varun@comnet.tkk.fi, IETF AVTCore WG Subject: Re: [AVTCORE] My comments on draft-ietf-avtcore-rtp-circuit-breakers-08 X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 16:13:21 -0000 On 2015-02-20 17:50, Colin Perkins wrote: > Hi, > > On 19 Feb 2015, at 08:06, Magnus Westerlund wrote: > >> Hi, >> >> I have just reviewed the latest version of circuit breakers and have the >> following feedback. >> >> I think the document has improved since I last reviewed it (-05) but I >> think the following issue is not yet addressed from my previous review. >> >>> 7) Section 5: >>> >>> As there is a difference between CB #1 and #3 and #2 that has to do >>> with that the first (#1 and #3) uses incoming RTCP reports and that #2 >>> uses the CB implementers estimate of what the regular reporting >>> interval is. Thus, I wonder if there needs to exist include a >>> reflection over t_rr_int as well as the RTCP SSRC timeout calculation >>> that we recommend to use 5 seconds as fixed minimal value in those >>> calculations (if 5 sec larger than t_rr_int). >> >> I will see if I can propose some text to address this. > > I�m not sure how T_tt_interval affects the performance, so > suggestions would be welcomed. So the impact that T_rr_int has on the AVPF implementation is to limiting the regular reporting (without any feedback) to no more often than a randomized [0.5,1.5] of T_rr_int per reporting interval. As the CB are based on the regular reporting, the choice of T_rr_int will affect the CB behaviour. Thus we have a potential issue with CB#2 and RTCP timeout. This breaker must clearly take T_rr_int into account as that affect the RTCP regular transmission interval. Thus, a media sender can't use its basic Td calculation to determine how many reporting intervals that passed, i.e this text from section 4.2: When calculating the timeout, the deterministic RTCP reporting interval, Td, without the randomization factor, and with a fixed minimum interval Tmin=5 seconds) SHOULD be used. The rationale for this choice of timeout is as described in Section 6.2 of RFC 3550 [RFC3550]. But, this could only be affected if T_rr_int is larger than 2,25 seconds. This is an approximation of where T_rr_int will result in any potential longer reporting intervals than what Tmin = 5 does. This approximation is based on the issue discussed in Section 6.1.1 of https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-multi-stream/ However, that case is a worst case and in fact Section 6.1.3 do recommends a T_rr_int value of 4 for compatibility with AVP as that balances the timeout issues in both directions if the AVPF does not follow https://datatracker.ietf.org/doc/draft-ietf-avtcore-rtp-multi-stream/ This value of T_rr_int will increase the chance of being timed out following the above calculation slightly, and primarily in the case when the bandwidth and participant numbers results in a Td close to T_rr_int. Thus, I think one possible resolution is simply to forbid using T_rr_int larger than 4 seconds in combination with circuit breakers. > >> I also think there is need for scaling the number of reporting intervals >> it takes to trigger the circuit breakers when using AVPF or reduced >> minimum. Especially for AVPF there will be a lot of false triggering due >> to relatively short time intervals that the circuit breakers will sample >> over. > > I think it�s clear we should scale the number of reporting intervals needed to trigger the circuit breaker inversely with the duration of the reporting interval, so it takes a roughly constant amount of time to trigger. We need to write this up and simulate it�s performance. > > Do you see RTP/AVPF impacting this differently to the impact of > using the reduced minimum interval? (Or is this the T_rr_interval issue?) T_rr_int will affect the number of reporting intervals one can expect (statistically) during a certain time period within a given RTP session. I think the scaling will resolve this potential concern as long as T_rr_int is smaller than 4 seconds. I would note that there is one difficulty for the scaling. If one has bandwidth to have Td value of 0.1 seconds and a T_rr_int of 3 seconds, then the number of actually sent regular reports will depend on how much feedback one needed to send. Especially in combination with Reduced size RTCP. Because if reduced size RTP is used for all early packets, then the regular RTCP packets are the ones being counted towards the CB. And RFC 4585 in Section 4.5.3 contains this implementation specific behaviour when one has FB to send and comes upon a transmission point with a T_rr_int != 0. 2b) If t_rr_last + T_rr_current_interval > tn and RTCP FB messages have been stored and are awaiting transmission, an RTCP packet MUST be scheduled for transmission at tn. This RTCP packet MAY be a minimal or a Regular RTCP packet (at the discretion of the implementer), and the compound RTCP packet MUST include the stored RTCP FB message(s). t_rr_last MUST remain unchanged. Thus, the number of RTCP packets that contains RR or SR can and will likely vary over a time interval even if the other parameters affecting report interval is fixed. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 F�r�gatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- From nobody Mon Feb 23 15:16:44 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9CCA1A1A62; Mon, 23 Feb 2015 15:16:42 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.511 X-Spam-Level: X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eUuE2Ofq52KX; Mon, 23 Feb 2015 15:16:41 -0800 (PST) Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C147C1A1A45; Mon, 23 Feb 2015 15:16:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=4065; q=dns/txt; s=iport; t=1424733400; x=1425943000; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=7oKSRzk4xNcnC65Qx//foYge+coLDLPO3XkQEnhEtvQ=; b=dBT1I4pnsJxyteF1lpzOWOQvd5cyiSATp9HwytT7gB7OIWDFxc0xA/4Z YpftaTk7qZL4UZmjNnRAaEe8+rAXbmkx6/HPcBB/pwtVFKFMRA9JJ/bvP +rUzRTlkl7W0dvEGM6JX/fKP3azI+zkxOokRpc3Sa1SBEhcbfJ6CFVb+9 o=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0ApBQDOs+tU/5BdJa1bgwZSWgTDCwqFcAKBJEMBAQEBAQF8hBABAQQBAQEJbQ4CAgEIGCcHGwwLFBECBAENBYgvDdMsAQEBAQEBAQEBAQEBAQEBAQEBAQEBEwQEiw+EbgeEKwWFYoQ6hTaJQ5MzIoIygTxvgUR/AQEB X-IronPort-AV: E=Sophos;i="5.09,634,1418083200"; d="scan'208";a="398501850" Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-6.cisco.com with ESMTP; 23 Feb 2015 23:16:40 +0000 Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id t1NNGeuc004409 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 23 Feb 2015 23:16:40 GMT Received: from xmb-rcd-x14.cisco.com ([169.254.4.229]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.03.0195.001; Mon, 23 Feb 2015 17:16:39 -0600 From: "Mo Zanaty (mzanaty)" To: Magnus Westerlund , "David McGrew (mcgrew)" , John Mattsson Thread-Topic: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS) Thread-Index: AQHQT77GzgiGf2lZgk+Ajujhv6SsqA== Date: Mon, 23 Feb 2015 23:16:39 +0000 Message-ID: References: <20141029122825.18943.78129.idtracker@ietfa.amsl.com> <3C4AAD4B5304AB44A6BA85173B4675CABC709A18@MSMR-GH1-UEA03.corp.nsa.gov> <545151F9.9050502@cs.tcd.ie> <54516572.8020601@cs.tcd.ie> <5451737B.6060504@cs.tcd.ie> <2D4BE3ED-840A-444C-9D18-09BC3D937D64@cisco.com> <54CA135D.3020304@ericsson.com> <54D4D840.4080808@cs.tcd.ie> <54D8A297.9090505@ericsson.com> <54D93B9A.9090409@cs.tcd.ie> <54DA0C45.2030609@ericsson.com> <54E608E5.1070102@ericsson.com> In-Reply-To: <54E608E5.1070102@ericsson.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.4.8.150116 x-originating-ip: [10.150.30.107] Content-Type: text/plain; charset="iso-8859-1" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Cc: Stephen Farrell , "avtcore-chairs@tools.ietf.org" , "draft-ietf-avtcore-srtp-aes-gcm@tools.ietf.org" , IETF AVTCore WG , The IESG Subject: Re: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS) X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Feb 2015 23:16:42 -0000 I am fine with keeping only these 6 suites by eliminating 96 bit auth tags. However, I do wonder if any SRTP application will ever use CCM with full length tags or 256 bit keys, rather than using GCM. If not, another 3 suites can be eliminated, leaving only 3 suites: AEAD_AES_256_GCM AEAD_AES_128_GCM AEAD_AES_128_CCM_8/64 I also agree with John that 64 bit auth tags are sufficient for SRTP even using GCM. The NIST recommendation is key rotation after roughly 2^40 packets of 1.5 KB, which is many years for a 100 Mbps SRTP stream! And this is to protect against an attack where the receiver/victim notifies the sender/attacker of every auth failure, which is not possible in SRTP since no such feedback exists. And as John mentioned, the DOS of so many forged packets and auth failure messages would be a much worse consequence than compromising the auth tag. So I would also be fine with only 64 bit auth tags for both GCM and CCM. AEAD_AES_256_GCM_8/64 AEAD_AES_128_GCM_8/64 AEAD_AES_128_CCM_8/64 If we go this final route, I suggest updating section 14.2 with a table for 1.5 KB packets (not just 64 KB), and more concrete guidance on what the security ramifications are. In particular, that these (many) forgeries can only inject random data since the decryption key is unknown. That is, they inject a chosen cipher text but a random plain text after decryption since the decryption key is unknown and not compromised by this auth key attack. The security ramifications of this auth key attack are minor in my opinion, especially relative to the major denial-of-service caused by so many forgeries and auth failure feedback. I would not be fine with anything less than this. One GCM is not sufficient, we need both 128 and 256 bit keys. GCM is not sufficient, we also need CCM (128_8/64). Mo On 2/19/15, 11:01 AM, Magnus Westerlund wrote: On 2015-02-15 15:09, David McGrew wrote: >=20 > My opinion is: it would be best to preserve the existing specification > and implementation work, and retain all ten crypto suite definitions. > But if we want to make SRTP-AEAD be the first instance in which the IETF > will prioritize simplicity over variety and diversity, I=B9m good with > that, because I certainly see the value of simplicity; then my > recommendation would be to eliminate the four 12-octet authentication > versions. That would leave just six crypto suites, with two different > modes of operation, two different key sizes, and two different tag > lengths (but not all tag lengths for all modes), like this: >=20 > srtp-crypto-suite-ext =3D "AEAD_AES_128_GCM" / > "AEAD_AES_256_GCM" / > "AEAD_AES_128_CCM" / > "AEAD_AES_256_CCM" / > "AEAD_AES_128_CCM_8" / > "AEAD_AES_256_CCM_8" / >=20 Stephen, WG Having looked at the feedback provided in this discussion so far, I think the above set of 6 are a reasonable selection without unduly limiting functionality, but removing the four least necessary profiles. My proposal is that if no one is disagreeing with this in the next week (Prior to Feb 26 at 16:30 UTC) we use it. If someone disagrees we hold a discussion at the informal IESG telechat on how to proceed. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 F=E4r=F6gatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- _______________________________________________ Audio/Video Transport Core Maintenance avt@ietf.org https://www.ietf.org/mailman/listinfo/avt From nobody Tue Feb 24 04:06:57 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 310271A1A00; Tue, 24 Feb 2015 04:06:55 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yA0zPQMl4T1O; Tue, 24 Feb 2015 04:06:54 -0800 (PST) Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BD6071A19F2; Tue, 24 Feb 2015 04:06:53 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 715D1BED8; Tue, 24 Feb 2015 12:06:52 +0000 (GMT) X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q5ERmPLi_qld; Tue, 24 Feb 2015 12:06:50 +0000 (GMT) Received: from [10.87.48.73] (unknown [86.46.27.159]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 40184BED4; Tue, 24 Feb 2015 12:06:50 +0000 (GMT) Message-ID: <54EC6956.8090009@cs.tcd.ie> Date: Tue, 24 Feb 2015 12:06:46 +0000 From: Stephen Farrell User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 MIME-Version: 1.0 To: Magnus Westerlund , David McGrew References: <20141029122825.18943.78129.idtracker@ietfa.amsl.com> <3C4AAD4B5304AB44A6BA85173B4675CABC709A18@MSMR-GH1-UEA03.corp.nsa.gov> <545151F9.9050502@cs.tcd.ie> <54516572.8020601@cs.tcd.ie> <5451737B.6060504@cs.tcd.ie> <2D4BE3ED-840A-444C-9D18-09BC3D937D64@cisco.com> <54CA135D.3020304@ericsson.com> <54D4D840.4080808@cs.tcd.ie> <54D8A297.9090505@ericsson.com> <54D93B9A.9090409@cs.tcd.ie> <54DA0C45.2030609@ericsson.com> <54E608E5.1070102@ericsson.com> In-Reply-To: <54E608E5.1070102@ericsson.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Archived-At: Cc: "avtcore-chairs@tools.ietf.org" , "draft-ietf-avtcore-srtp-aes-gcm@tools.ietf.org" , IETF AVTCore WG , The IESG Subject: Re: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS) X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2015 12:06:55 -0000 We seem to have opinions all over the map on this one. Sorry for making life difficult;-) I guess we'll be discussing it on the informal telechat this Thursday though, so just picking some set then would seem like the best approach. (I'll still briefly argue for the minimal set, but I accept we should just pick something then and be done with this.) S. On 19/02/15 16:01, Magnus Westerlund wrote: > On 2015-02-15 15:09, David McGrew wrote: >> >> My opinion is: it would be best to preserve the existing specification >> and implementation work, and retain all ten crypto suite definitions. >> But if we want to make SRTP-AEAD be the first instance in which the IETF >> will prioritize simplicity over variety and diversity, I’m good with >> that, because I certainly see the value of simplicity; then my >> recommendation would be to eliminate the four 12-octet authentication >> versions. That would leave just six crypto suites, with two different >> modes of operation, two different key sizes, and two different tag >> lengths (but not all tag lengths for all modes), like this: >> >> srtp-crypto-suite-ext = "AEAD_AES_128_GCM" / >> "AEAD_AES_256_GCM" / >> "AEAD_AES_128_CCM" / >> "AEAD_AES_256_CCM" / >> "AEAD_AES_128_CCM_8" / >> "AEAD_AES_256_CCM_8" / >> > > Stephen, WG > > Having looked at the feedback provided in this discussion so far, I > think the above set of 6 are a reasonable selection without unduly > limiting functionality, but removing the four least necessary profiles. > > My proposal is that if no one is disagreeing with this in the next week > (Prior to Feb 26 at 16:30 UTC) we use it. If someone disagrees we hold a > discussion at the informal IESG telechat on how to proceed. > > Cheers > > Magnus Westerlund > > ---------------------------------------------------------------------- > Services, Media and Network features, Ericsson Research EAB/TXM > ---------------------------------------------------------------------- > Ericsson AB | Phone +46 10 7148287 > Färögatan 6 | Mobile +46 73 0949079 > SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com > ---------------------------------------------------------------------- > From nobody Tue Feb 24 10:07:36 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A84671A1BCE; Tue, 24 Feb 2015 10:07:34 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.511 X-Spam-Level: X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z55j55-njRE5; Tue, 24 Feb 2015 10:07:29 -0800 (PST) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8C0EE1A1B9E; Tue, 24 Feb 2015 10:07:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5808; q=dns/txt; s=iport; t=1424801249; x=1426010849; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=eIsBQ7GPQqhsx6o2+LZqbx0tEgHb8yV907sZx+75Fmo=; b=TgI2/+8QgZoj4a8wa2qTqiOuluB+a48FzmIlRmUOvYsrkB5BF6te1ZKo 1e0SudXe8ctRR2rF5PPhtdnNiM0nQrY6r7rowqx3s1hKpL2prjUVYBMxx 32BnuHp/mE5LfMBBAR/h9OPxaolwvyiQcBD1gGJE9UaBOx/N1sCVPeDpZ M=; X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CEBQBzvexU/4sNJK1bgwZSWgTDEgqFcAKBKkMBAQEBAQF8hBABAQQBAQEJbQ4CAgEIGCcHGwwLFBECBAENBYgvDdRuAQEBAQEBAQEBAQEBAQEBAQEBAQEYBIsPhBdXB4QrBYVkiXKDYIVlgVORZCKCMoE8bwGBAkF/AQEB X-IronPort-AV: E=Sophos;i="5.09,640,1418083200"; d="scan'208";a="398813367" Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-4.cisco.com with ESMTP; 24 Feb 2015 18:07:12 +0000 Received: from xhc-rcd-x12.cisco.com (xhc-rcd-x12.cisco.com [173.37.183.86]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id t1OI7Cle004870 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 24 Feb 2015 18:07:12 GMT Received: from xmb-rcd-x14.cisco.com ([169.254.4.229]) by xhc-rcd-x12.cisco.com ([173.37.183.86]) with mapi id 14.03.0195.001; Tue, 24 Feb 2015 12:07:12 -0600 From: "Mo Zanaty (mzanaty)" To: Magnus Westerlund , "David McGrew (mcgrew)" , John Mattsson Thread-Topic: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS) Thread-Index: AQHQUFy1yzfApg2NckKwE5Q/GdQjxA== Date: Tue, 24 Feb 2015 18:07:11 +0000 Message-ID: References: <20141029122825.18943.78129.idtracker@ietfa.amsl.com> <3C4AAD4B5304AB44A6BA85173B4675CABC709A18@MSMR-GH1-UEA03.corp.nsa.gov> <545151F9.9050502@cs.tcd.ie> <54516572.8020601@cs.tcd.ie> <5451737B.6060504@cs.tcd.ie> <2D4BE3ED-840A-444C-9D18-09BC3D937D64@cisco.com> <54CA135D.3020304@ericsson.com> <54D4D840.4080808@cs.tcd.ie> <54D8A297.9090505@ericsson.com> <54D93B9A.9090409@cs.tcd.ie> <54DA0C45.2030609@ericsson.com> <54E608E5.1070102@ericsson.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/14.4.8.150116 x-originating-ip: [64.100.32.216] Content-Type: text/plain; charset="windows-1254" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Cc: The IESG , "avtcore-chairs@tools.ietf.org" , "draft-ietf-avtcore-srtp-aes-gcm@tools.ietf.org" , IETF AVTCore WG , Stephen Farrell Subject: Re: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS) X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2015 18:07:34 -0000 I would like to point out the strongest argument for the sufficiency of 64 bit auth tags, taken directly from the SRTP RFC. http://tools.ietf.org/html/rfc3711#section-9.2 ...when 2^48 SRTP packets or 2^31 SRTCP packets have been secured with the same key (whichever occurs before), the key management MUST be called to provide new master key(s)=85 Note: in most typical applications (assuming at least one RTCP packet for every 128,000 RTP packets), it will be the SRTCP index that first reaches the upper limit, although the time until this occurs is very long: even at 200 SRTCP packets/sec, the 2^31 index space of SRTCP is enough to secure approximately 4 months of communication. This should make it clear that any potential weakness in GCM auth that reduces the effective strength of 64 bit auth tags by 7-12 bits (for 2-64 KB packets) is moot due to the SRTCP 31 bit limit and SRTP 48 bit limit. An attacker would hit rekey criteria before achieving 0.1% chance of a single successfully forged packet (of chosen cipher text but random plain text since decryption keys are not compromised). DOS criteria would likely be hit much sooner at such extreme numbers of packets. Furthermore, this reduced effective strength of auth tags only applies against attacks which are anyway impossible in SRTP due to no auth failure feedback. So 64 bit auth tags should be sufficient for SRTP applications. (As long as the auth transform has no truncation issues.) Mo On 2/23/15, 6:16 PM, Mo Zanaty (mzanaty) wrote: I am fine with keeping only these 6 suites by eliminating 96 bit auth tags. However, I do wonder if any SRTP application will ever use CCM with full length tags or 256 bit keys, rather than using GCM. If not, another 3 suites can be eliminated, leaving only 3 suites: AEAD_AES_256_GCM AEAD_AES_128_GCM AEAD_AES_128_CCM_8/64 I also agree with John that 64 bit auth tags are sufficient for SRTP even using GCM. The NIST recommendation is key rotation after roughly 2^40 packets of 1.5 KB, which is many years for a 100 Mbps SRTP stream! And this is to protect against an attack where the receiver/victim notifies the sender/attacker of every auth failure, which is not possible in SRTP since no such feedback exists. And as John mentioned, the DOS of so many forged packets and auth failure messages would be a much worse consequence than compromising the auth tag. So I would also be fine with only 64 bit auth tags for both GCM and CCM. AEAD_AES_256_GCM_8/64 AEAD_AES_128_GCM_8/64 AEAD_AES_128_CCM_8/64 If we go this final route, I suggest updating section 14.2 with a table for 1.5 KB packets (not just 64 KB), and more concrete guidance on what the security ramifications are. In particular, that these (many) forgeries can only inject random data since the decryption key is unknown. That is, they inject a chosen cipher text but a random plain text after decryption since the decryption key is unknown and not compromised by this auth key attack. The security ramifications of this auth key attack are minor in my opinion, especially relative to the major denial-of-service caused by so many forgeries and auth failure feedback. I would not be fine with anything less than this. One GCM is not sufficient, we need both 128 and 256 bit keys. GCM is not sufficient, we also need CCM (128_8/64). Mo On 2/19/15, 11:01 AM, Magnus Westerlund wrote: On 2015-02-15 15:09, David McGrew wrote: >=20 > My opinion is: it would be best to preserve the existing specification > and implementation work, and retain all ten crypto suite definitions. > But if we want to make SRTP-AEAD be the first instance in which the IETF > will prioritize simplicity over variety and diversity, I=B9m good with > that, because I certainly see the value of simplicity; then my > recommendation would be to eliminate the four 12-octet authentication > versions. That would leave just six crypto suites, with two different > modes of operation, two different key sizes, and two different tag > lengths (but not all tag lengths for all modes), like this: >=20 > srtp-crypto-suite-ext =3D "AEAD_AES_128_GCM" / > "AEAD_AES_256_GCM" / > "AEAD_AES_128_CCM" / > "AEAD_AES_256_CCM" / > "AEAD_AES_128_CCM_8" / > "AEAD_AES_256_CCM_8" / >=20 Stephen, WG Having looked at the feedback provided in this discussion so far, I think the above set of 6 are a reasonable selection without unduly limiting functionality, but removing the four least necessary profiles. My proposal is that if no one is disagreeing with this in the next week (Prior to Feb 26 at 16:30 UTC) we use it. If someone disagrees we hold a discussion at the informal IESG telechat on how to proceed. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 F=E4r=F6gatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ---------------------------------------------------------------------- _______________________________________________ Audio/Video Transport Core Maintenance avt@ietf.org https://www.ietf.org/mailman/listinfo/avt _______________________________________________ Audio/Video Transport Core Maintenance avt@ietf.org https://www.ietf.org/mailman/listinfo/avt From nobody Wed Feb 25 00:48:56 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F0AC81A702F; Wed, 25 Feb 2015 00:48:54 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5yUQvElJfM5z; Wed, 25 Feb 2015 00:48:52 -0800 (PST) Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8B751A7026; Wed, 25 Feb 2015 00:48:50 -0800 (PST) X-AuditID: c1b4fb25-f791c6d00000617b-41-54ed8c705226 Received: from ESESSHC013.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 6F.94.24955.07C8DE45; Wed, 25 Feb 2015 09:48:48 +0100 (CET) Received: from ESESSMB307.ericsson.se ([169.254.7.112]) by ESESSHC013.ericsson.se ([153.88.183.57]) with mapi id 14.03.0210.002; Wed, 25 Feb 2015 09:48:48 +0100 From: John Mattsson To: Stephen Farrell , Magnus Westerlund , "Mo Zanaty (mzanaty)" Thread-Topic: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS) Thread-Index: AQHQQh5oJgFl6m3W+E63IOWS9grYL5zoLHSAgAC2aACAAPjAgIAH4VuAgAZou4CABsLbgIABO96AgAD2VAA= Date: Wed, 25 Feb 2015 08:48:47 +0000 Message-ID: <28669AE0-DF31-4910-BD97-5B319BFD1398@ericsson.com> References: <20141029122825.18943.78129.idtracker@ietfa.amsl.com> <3C4AAD4B5304AB44A6BA85173B4675CABC709A18@MSMR-GH1-UEA03.corp.nsa.gov> <545151F9.9050502@cs.tcd.ie> <54516572.8020601@cs.tcd.ie> <5451737B.6060504@cs.tcd.ie> <2D4BE3ED-840A-444C-9D18-09BC3D937D64@cisco.com> <54CA135D.3020304@ericsson.com> <54D4D840.4080808@cs.tcd.ie> <54D8A297.9090505@ericsson.com> <54D93B9A.9090409@cs.tcd.ie> <54DA0C45.2030609@ericsson.com> <54E608E5.1070102@ericsson.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [153.88.183.20] Content-Type: multipart/alternative; boundary="_000_28669AE0DF314910BD975B319BFD1398ericssoncom_" MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrBIsWRmVeSWpSXmKPExsUyM+JvjW5Bz9sQg72fjS1e9qxkt1j57Tqr xdojiRYz/kxktri66g+7xYsHc5gspu+9xu7A7jHl90ZWj7XdV9k8liz5yeTx5fJntgCWKC6b lNSczLLUIn27BK6MQ0desRZsPc1YcWDLfZYGxqZjjF2MnBwSAiYS/77vYYKwxSQu3FvP1sXI xSEkcIRR4tD8DnYIZwmjxPVXz1lAqtgEDCTm7mkAqxIRmMAo8f/vFWYQh1lgCpPEmZVdzCBV wgIZEj/737KC2CICmRJH386HspMknu78AraPRUBV4sbGF2BxXgF7iU8dq1gg1u1llZh/+gc7 SIJTQF9i7+PtYDYj0IHfT60Ba2YWEJe49WQ+1OECEkv2nGeGsEUlXj7+xwphK0pcnb4cqj5Z 4tXv2cwQywQlTs58wjKBUXQWklGzkJTNQlI2i5EDKK4psX6XPkSJosSU7ofsELaGROucuVC2 tcS2AyeYkdUsYORYxShanFqclJtuZKyXWpSZXFycn6eXl1qyiREY1Qe3/FbdwXj5jeMhRgEO RiUe3gLFNyFCrIllxZW5hxilOViUxHntjA+FCAmkJ5akZqemFqQWxReV5qQWH2Jk4uCUamCU mK7/LPfri+9shm97Xi3n0Uy6VO+Xf678WcRped27+04JSP8TdnwbJFba6G9ju7JSS+q8zBXO T98muH+YzvNR7eqFG959tw3OOX9P2uZxdSqX0YmHHZdWd9521rLlPLHK/LFSt4eg8FH/S8aP 1YunH+76s0hKVYM9RF323hfPGb45edYZD38rsRRnJBpqMRcVJwIA7cW2I8sCAAA= Archived-At: Cc: "avtcore-chairs@tools.ietf.org" , "David McGrew $mcgrew$" , "draft-ietf-avtcore-srtp-aes-gcm@tools.ietf.org" , IETF AVTCore WG , The IESG Subject: Re: [AVTCORE] Stephen Farrell's Discuss on draft-ietf-avtcore-srtp-aes-gcm-14: (with DISCUSS) X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Feb 2015 08:48:55 -0000 --_000_28669AE0DF314910BD975B319BFD1398ericssoncom_ Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SSBhbSBmaW5lIHdpdGgga2VlcGluZyBvbmx5IHRoZSA2IHN1aXRlcyBzdWdnZXN0ZWQgYnkgRGF2 aWQuDQoNCk9uIDIwMTUtMDItMjQgTW8gWmFuYXR5IHdyb3RlOg0KPiBJIGFsc28gYWdyZWUgd2l0 aCBKb2huIHRoYXQgNjQgYml0IGF1dGggdGFncyBhcmUgc3VmZmljaWVudCBmb3IgU1JUUCBldmVu IHVzaW5nIEdDTS4NCg0KVGhlIHJlYXNvbiBHQ01fNjQgd2FzIHJlbW92ZWQgd2FzIGJlY2F1c2Ug SSBwb2ludGVkIG91dCB0aGF0IHRoZSBkcmFmdCBzaG91bGQgZm9sbG93IHRoZSBOSVNUIHJlcXVp cmVtZW50cyBpbiBTUCA4MDAtMzhELCBBcHBlbmRpeCBDLiBLZXZpbiBhbmQgRGF2aWQgY2hvc2Ug dG8gcmVtb3ZlIEdDTV82NCBpbnN0ZWFkLg0KDQpDaGVlcnMsDQpKb2huDQoNCk9uIDI0IEZlYiAy MDE1LCBhdCAxOTowNywgTW8gWmFuYXR5IChtemFuYXR5KSA8bXphbmF0eUBjaXNjby5jb208bWFp bHRvOm16YW5hdHlAY2lzY28uY29tPj4gd3JvdGU6DQoNCkkgd291bGQgbGlrZSB0byBwb2ludCBv dXQgdGhlIHN0cm9uZ2VzdCBhcmd1bWVudCBmb3IgdGhlIHN1ZmZpY2llbmN5IG9mIDY0DQpiaXQg YXV0aCB0YWdzLCB0YWtlbiBkaXJlY3RseSBmcm9tIHRoZSBTUlRQIFJGQy4NCg0KaHR0cDovL3Rv b2xzLmlldGYub3JnL2h0bWwvcmZjMzcxMSNzZWN0aW9uLTkuMg0KDQogIC4uLndoZW4gMl40OCBT UlRQIHBhY2tldHMgb3IgMl4zMSBTUlRDUCBwYWNrZXRzIGhhdmUgYmVlbiBzZWN1cmVkDQogIHdp dGggdGhlIHNhbWUga2V5ICh3aGljaGV2ZXIgb2NjdXJzIGJlZm9yZSksIHRoZSBrZXkgbWFuYWdl bWVudCBNVVNUDQogIGJlIGNhbGxlZCB0byBwcm92aWRlIG5ldyBtYXN0ZXIga2V5KHMp4oCmDQoN CiAgTm90ZTogaW4gbW9zdCB0eXBpY2FsIGFwcGxpY2F0aW9ucyAoYXNzdW1pbmcgYXQgbGVhc3Qg b25lIFJUQ1AgcGFja2V0DQogIGZvciBldmVyeSAxMjgsMDAwIFJUUCBwYWNrZXRzKSwgaXQgd2ls bCBiZSB0aGUgU1JUQ1AgaW5kZXggdGhhdCBmaXJzdA0KICByZWFjaGVzIHRoZSB1cHBlciBsaW1p dCwgYWx0aG91Z2ggdGhlIHRpbWUgdW50aWwgdGhpcyBvY2N1cnMgaXMgdmVyeQ0KICBsb25nOiBl dmVuIGF0IDIwMCBTUlRDUCBwYWNrZXRzL3NlYywgdGhlIDJeMzEgaW5kZXggc3BhY2Ugb2YgU1JU Q1AgaXMNCiAgZW5vdWdoIHRvIHNlY3VyZSBhcHByb3hpbWF0ZWx5IDQgbW9udGhzIG9mIGNvbW11 bmljYXRpb24uDQoNCg0KVGhpcyBzaG91bGQgbWFrZSBpdCBjbGVhciB0aGF0IGFueSBwb3RlbnRp YWwgd2Vha25lc3MgaW4gR0NNIGF1dGggdGhhdA0KcmVkdWNlcyB0aGUgZWZmZWN0aXZlIHN0cmVu Z3RoIG9mIDY0IGJpdCBhdXRoIHRhZ3MgYnkgNy0xMiBiaXRzIChmb3IgMi02NA0KS0IgcGFja2V0 cykgaXMgbW9vdCBkdWUgdG8gdGhlIFNSVENQIDMxIGJpdCBsaW1pdCBhbmQgU1JUUCA0OCBiaXQg bGltaXQuDQpBbiBhdHRhY2tlciB3b3VsZCBoaXQgcmVrZXkgY3JpdGVyaWEgYmVmb3JlIGFjaGll dmluZyAwLjElIGNoYW5jZSBvZiBhDQpzaW5nbGUgc3VjY2Vzc2Z1bGx5IGZvcmdlZCBwYWNrZXQg KG9mIGNob3NlbiBjaXBoZXIgdGV4dCBidXQgcmFuZG9tIHBsYWluDQp0ZXh0IHNpbmNlIGRlY3J5 cHRpb24ga2V5cyBhcmUgbm90IGNvbXByb21pc2VkKS4gRE9TIGNyaXRlcmlhIHdvdWxkIGxpa2Vs eQ0KYmUgaGl0IG11Y2ggc29vbmVyIGF0IHN1Y2ggZXh0cmVtZSBudW1iZXJzIG9mIHBhY2tldHMu IEZ1cnRoZXJtb3JlLCB0aGlzDQpyZWR1Y2VkIGVmZmVjdGl2ZSBzdHJlbmd0aCBvZiBhdXRoIHRh Z3Mgb25seSBhcHBsaWVzIGFnYWluc3QgYXR0YWNrcyB3aGljaA0KYXJlIGFueXdheSBpbXBvc3Np YmxlIGluIFNSVFAgZHVlIHRvIG5vIGF1dGggZmFpbHVyZSBmZWVkYmFjay4NCg0KU28gNjQgYml0 IGF1dGggdGFncyBzaG91bGQgYmUgc3VmZmljaWVudCBmb3IgU1JUUCBhcHBsaWNhdGlvbnMuDQoo QXMgbG9uZyBhcyB0aGUgYXV0aCB0cmFuc2Zvcm0gaGFzIG5vIHRydW5jYXRpb24gaXNzdWVzLikN Cg0KTW8NCg0KDQpPbiAyLzIzLzE1LCA2OjE2IFBNLCBNbyBaYW5hdHkgKG16YW5hdHkpIDxtemFu YXR5QGNpc2NvLmNvbT4gd3JvdGU6DQoNCkkgYW0gZmluZSB3aXRoIGtlZXBpbmcgb25seSB0aGVz ZSA2IHN1aXRlcyBieSBlbGltaW5hdGluZyA5NiBiaXQgYXV0aCB0YWdzLg0KDQpIb3dldmVyLCBJ IGRvIHdvbmRlciBpZiBhbnkgU1JUUCBhcHBsaWNhdGlvbiB3aWxsIGV2ZXIgdXNlIENDTSB3aXRo IGZ1bGwNCmxlbmd0aCB0YWdzIG9yIDI1NiBiaXQga2V5cywgcmF0aGVyIHRoYW4gdXNpbmcgR0NN LiBJZiBub3QsIGFub3RoZXIgMw0Kc3VpdGVzIGNhbiBiZSBlbGltaW5hdGVkLCBsZWF2aW5nIG9u bHkgMyBzdWl0ZXM6DQoNCkFFQURfQUVTXzI1Nl9HQ00NCkFFQURfQUVTXzEyOF9HQ00NCkFFQURf QUVTXzEyOF9DQ01fOC82NA0KDQpJIGFsc28gYWdyZWUgd2l0aCBKb2huIHRoYXQgNjQgYml0IGF1 dGggdGFncyBhcmUgc3VmZmljaWVudCBmb3IgU1JUUCBldmVuDQp1c2luZyBHQ00uIFRoZSBOSVNU IHJlY29tbWVuZGF0aW9uIGlzIGtleSByb3RhdGlvbiBhZnRlciByb3VnaGx5IDJeNDANCnBhY2tl dHMgb2YgMS41IEtCLCB3aGljaCBpcyBtYW55IHllYXJzIGZvciBhIDEwMCBNYnBzIFNSVFAgc3Ry ZWFtISBBbmQNCnRoaXMgaXMgdG8gcHJvdGVjdCBhZ2FpbnN0IGFuIGF0dGFjayB3aGVyZSB0aGUg cmVjZWl2ZXIvdmljdGltIG5vdGlmaWVzDQp0aGUgc2VuZGVyL2F0dGFja2VyIG9mIGV2ZXJ5IGF1 dGggZmFpbHVyZSwgd2hpY2ggaXMgbm90IHBvc3NpYmxlIGluIFNSVFANCnNpbmNlIG5vIHN1Y2gg ZmVlZGJhY2sgZXhpc3RzLiBBbmQgYXMgSm9obiBtZW50aW9uZWQsIHRoZSBET1Mgb2Ygc28gbWFu eQ0KZm9yZ2VkIHBhY2tldHMgYW5kIGF1dGggZmFpbHVyZSBtZXNzYWdlcyB3b3VsZCBiZSBhIG11 Y2ggd29yc2UgY29uc2VxdWVuY2UNCnRoYW4gY29tcHJvbWlzaW5nIHRoZSBhdXRoIHRhZy4NCg0K U28gSSB3b3VsZCBhbHNvIGJlIGZpbmUgd2l0aCBvbmx5IDY0IGJpdCBhdXRoIHRhZ3MgZm9yIGJv dGggR0NNIGFuZCBDQ00uDQoNCkFFQURfQUVTXzI1Nl9HQ01fOC82NA0KQUVBRF9BRVNfMTI4X0dD TV84LzY0DQpBRUFEX0FFU18xMjhfQ0NNXzgvNjQNCg0KSWYgd2UgZ28gdGhpcyBmaW5hbCByb3V0 ZSwgSSBzdWdnZXN0IHVwZGF0aW5nIHNlY3Rpb24gMTQuMiB3aXRoIGEgdGFibGUNCmZvciAxLjUg S0IgcGFja2V0cyAobm90IGp1c3QgNjQgS0IpLCBhbmQgbW9yZSBjb25jcmV0ZSBndWlkYW5jZSBv biB3aGF0DQp0aGUgc2VjdXJpdHkgcmFtaWZpY2F0aW9ucyBhcmUuIEluIHBhcnRpY3VsYXIsIHRo YXQgdGhlc2UgKG1hbnkpIGZvcmdlcmllcw0KY2FuIG9ubHkgaW5qZWN0IHJhbmRvbSBkYXRhIHNp bmNlIHRoZSBkZWNyeXB0aW9uIGtleSBpcyB1bmtub3duLiBUaGF0IGlzLA0KdGhleSBpbmplY3Qg YSBjaG9zZW4gY2lwaGVyIHRleHQgYnV0IGEgcmFuZG9tIHBsYWluIHRleHQgYWZ0ZXIgZGVjcnlw dGlvbg0Kc2luY2UgdGhlIGRlY3J5cHRpb24ga2V5IGlzIHVua25vd24gYW5kIG5vdCBjb21wcm9t aXNlZCBieSB0aGlzIGF1dGgga2V5DQphdHRhY2suIFRoZSBzZWN1cml0eSByYW1pZmljYXRpb25z IG9mIHRoaXMgYXV0aCBrZXkgYXR0YWNrIGFyZSBtaW5vciBpbiBteQ0Kb3BpbmlvbiwgZXNwZWNp YWxseSByZWxhdGl2ZSB0byB0aGUgbWFqb3IgZGVuaWFsLW9mLXNlcnZpY2UgY2F1c2VkIGJ5IHNv DQptYW55IGZvcmdlcmllcyBhbmQgYXV0aCBmYWlsdXJlIGZlZWRiYWNrLg0KDQpJIHdvdWxkIG5v dCBiZSBmaW5lIHdpdGggYW55dGhpbmcgbGVzcyB0aGFuIHRoaXMuIE9uZSBHQ00gaXMgbm90DQpz dWZmaWNpZW50LCB3ZSBuZWVkIGJvdGggMTI4IGFuZCAyNTYgYml0IGtleXMuIEdDTSBpcyBub3Qg c3VmZmljaWVudCwgd2UNCmFsc28gbmVlZCBDQ00gKDEyOF84LzY0KS4NCg0KTW8NCg0KDQoNCk9u IDIvMTkvMTUsIDExOjAxIEFNLCBNYWdudXMgV2VzdGVybHVuZCA8bWFnbnVzLndlc3Rlcmx1bmRA ZXJpY3Nzb24uY29tPg0Kd3JvdGU6DQoNCk9uIDIwMTUtMDItMTUgMTU6MDksIERhdmlkIE1jR3Jl dyB3cm90ZToNCg0KTXkgb3BpbmlvbiBpczogaXQgd291bGQgYmUgYmVzdCB0byBwcmVzZXJ2ZSB0 aGUgZXhpc3Rpbmcgc3BlY2lmaWNhdGlvbg0KYW5kIGltcGxlbWVudGF0aW9uIHdvcmssIGFuZCBy ZXRhaW4gYWxsIHRlbiBjcnlwdG8gc3VpdGUgZGVmaW5pdGlvbnMuDQpCdXQgaWYgd2Ugd2FudCB0 byBtYWtlIFNSVFAtQUVBRCBiZSB0aGUgZmlyc3QgaW5zdGFuY2UgaW4gd2hpY2ggdGhlIElFVEYN CndpbGwgIHByaW9yaXRpemUgc2ltcGxpY2l0eSBvdmVyIHZhcmlldHkgYW5kIGRpdmVyc2l0eSwg ScK5bSBnb29kIHdpdGgNCnRoYXQsIGJlY2F1c2UgSSBjZXJ0YWlubHkgc2VlIHRoZSB2YWx1ZSBv ZiBzaW1wbGljaXR5OyB0aGVuIG15DQpyZWNvbW1lbmRhdGlvbiB3b3VsZCBiZSB0byBlbGltaW5h dGUgdGhlIGZvdXIgMTItb2N0ZXQgYXV0aGVudGljYXRpb24NCnZlcnNpb25zLiAgVGhhdCB3b3Vs ZCBsZWF2ZSBqdXN0IHNpeCBjcnlwdG8gc3VpdGVzLCB3aXRoIHR3byBkaWZmZXJlbnQNCm1vZGVz IG9mIG9wZXJhdGlvbiwgdHdvIGRpZmZlcmVudCBrZXkgc2l6ZXMsIGFuZCB0d28gZGlmZmVyZW50 IHRhZw0KbGVuZ3RocyAoYnV0IG5vdCBhbGwgdGFnIGxlbmd0aHMgZm9yIGFsbCBtb2RlcyksIGxp a2UgdGhpczoNCg0KICAgICBzcnRwLWNyeXB0by1zdWl0ZS1leHQgPSAiQUVBRF9BRVNfMTI4X0dD TSIgICAgLw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiQUVBRF9BRVNfMjU2X0dDTSIg ICAgLw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiQUVBRF9BRVNfMTI4X0NDTSIgICAg Lw0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiQUVBRF9BRVNfMjU2X0NDTSIgICAgLw0K ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAiQUVBRF9BRVNfMTI4X0NDTV84IiAgLw0KICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAiQUVBRF9BRVNfMjU2X0NDTV84IiAgLw0KDQoNClN0 ZXBoZW4sIFdHDQoNCkhhdmluZyBsb29rZWQgYXQgdGhlIGZlZWRiYWNrIHByb3ZpZGVkIGluIHRo aXMgZGlzY3Vzc2lvbiBzbyBmYXIsIEkNCnRoaW5rIHRoZSBhYm92ZSBzZXQgb2YgNiBhcmUgYSBy ZWFzb25hYmxlIHNlbGVjdGlvbiB3aXRob3V0IHVuZHVseQ0KbGltaXRpbmcgZnVuY3Rpb25hbGl0 eSwgYnV0IHJlbW92aW5nIHRoZSBmb3VyIGxlYXN0IG5lY2Vzc2FyeSBwcm9maWxlcy4NCg0KTXkg cHJvcG9zYWwgaXMgdGhhdCBpZiBubyBvbmUgaXMgZGlzYWdyZWVpbmcgd2l0aCB0aGlzIGluIHRo ZSBuZXh0IHdlZWsNCihQcmlvciB0byBGZWIgMjYgYXQgMTY6MzAgVVRDKSB3ZSB1c2UgaXQuIElm IHNvbWVvbmUgZGlzYWdyZWVzIHdlIGhvbGQgYQ0KZGlzY3Vzc2lvbiBhdCB0aGUgaW5mb3JtYWwg SUVTRyB0ZWxlY2hhdCBvbiBob3cgdG8gcHJvY2VlZC4NCg0KQ2hlZXJzDQoNCk1hZ251cyBXZXN0 ZXJsdW5kDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0NClNlcnZpY2VzLCBNZWRpYSBhbmQgTmV0d29yayBmZWF0 dXJlcywgRXJpY3Nzb24gUmVzZWFyY2ggRUFCL1RYTQ0KLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KRXJpY3Nzb24g QUIgICAgICAgICAgICAgICAgIHwgUGhvbmUgICs0NiAxMCA3MTQ4Mjg3DQpGw6Ryw7ZnYXRhbiA2 ICAgICAgICAgICAgICAgICB8IE1vYmlsZSArNDYgNzMgMDk0OTA3OQ0KU0UtMTY0IDgwIFN0b2Nr aG9sbSwgU3dlZGVuIHwgbWFpbHRvOiBtYWdudXMud2VzdGVybHVuZEBlcmljc3Nvbi5jb20NCi0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0NCg0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX18NCkF1ZGlvL1ZpZGVvIFRyYW5zcG9ydCBDb3JlIE1haW50ZW5hbmNlDQphdnRAaWV0Zi5v cmcNCmh0dHBzOi8vd3d3LmlldGYub3JnL21haWxtYW4vbGlzdGluZm8vYXZ0DQoNCl9fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fDQpBdWRpby9WaWRlbyBUcmFu c3BvcnQgQ29yZSBNYWludGVuYW5jZQ0KYXZ0QGlldGYub3JnDQpodHRwczovL3d3dy5pZXRmLm9y Zy9tYWlsbWFuL2xpc3RpbmZvL2F2dA0KDQoNCg== --_000_28669AE0DF314910BD975B319BFD1398ericssoncom_ Content-Type: text/html; charset="utf-8" Content-ID: <0584050DE44C2148BCDF227C0E738C03@ericsson.com> Content-Transfer-Encoding: base64 PGh0bWw+DQo8aGVhZD4NCjxtZXRhIGh0dHAtZXF1aXY9IkNvbnRlbnQtVHlwZSIgY29udGVudD0i dGV4dC9odG1sOyBjaGFyc2V0PXV0Zi04Ij4NCjwvaGVhZD4NCjxib2R5IHN0eWxlPSJ3b3JkLXdy YXA6IGJyZWFrLXdvcmQ7IC13ZWJraXQtbmJzcC1tb2RlOiBzcGFjZTsgLXdlYmtpdC1saW5lLWJy ZWFrOiBhZnRlci13aGl0ZS1zcGFjZTsiIGNsYXNzPSIiPg0KPGRpdiBhcHBsZS1jb250ZW50LWVk aXRlZD0idHJ1ZSIgY2xhc3M9IiI+DQo8ZGl2IHN0eWxlPSJvcnBoYW5zOiBhdXRvOyB0ZXh0LWFs aWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgd2lkb3dzOiBhdXRvOyIgY2xhc3M9IiI+DQo8 ZGl2IHN0eWxlPSJmb250LXN0eWxlOiBub3JtYWw7IGZvbnQtdmFyaWFudDogbm9ybWFsOyBmb250 LXdlaWdodDogbm9ybWFsOyBsZXR0ZXItc3BhY2luZzogbm9ybWFsOyBsaW5lLWhlaWdodDogbm9y bWFsOyB0ZXh0LXRyYW5zZm9ybTogbm9uZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFj aW5nOiAwcHg7IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6IDBweDsgb3JwaGFuczogYXV0bzsg dGV4dC1hbGlnbjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHdpZG93czogYXV0bzsgbWFyZ2lu OiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8Zm9udCBmYWNlPSJBcmlhbCwgc2Fucy1z ZXJpZiIgY2xhc3M9IiI+SSBhbSBmaW5lIHdpdGgga2VlcGluZyBvbmx5IHRoZSA2IHN1aXRlcyBz dWdnZXN0ZWQgYnkgRGF2aWQuPC9mb250PjwvZGl2Pg0KPGRpdiBzdHlsZT0iZm9udC1zdHlsZTog bm9ybWFsOyBmb250LXZhcmlhbnQ6IG5vcm1hbDsgZm9udC13ZWlnaHQ6IG5vcm1hbDsgbGV0dGVy LXNwYWNpbmc6IG5vcm1hbDsgbGluZS1oZWlnaHQ6IG5vcm1hbDsgdGV4dC10cmFuc2Zvcm06IG5v bmU7IHdoaXRlLXNwYWNlOiBub3JtYWw7IHdvcmQtc3BhY2luZzogMHB4OyAtd2Via2l0LXRleHQt c3Ryb2tlLXdpZHRoOiAwcHg7IG9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0 LWluZGVudDogMHB4OyB3aWRvd3M6IGF1dG87IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNs YXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KPC9kaXY+DQo8ZGl2IHN0eWxlPSJmb250LXN0eWxlOiBu b3JtYWw7IGZvbnQtdmFyaWFudDogbm9ybWFsOyBmb250LXdlaWdodDogbm9ybWFsOyBsZXR0ZXIt c3BhY2luZzogbm9ybWFsOyBsaW5lLWhlaWdodDogbm9ybWFsOyB0ZXh0LXRyYW5zZm9ybTogbm9u ZTsgd2hpdGUtc3BhY2U6IG5vcm1hbDsgd29yZC1zcGFjaW5nOiAwcHg7IC13ZWJraXQtdGV4dC1z dHJva2Utd2lkdGg6IDBweDsgb3JwaGFuczogYXV0bzsgdGV4dC1hbGlnbjogc3RhcnQ7IHRleHQt aW5kZW50OiAwcHg7IHdpZG93czogYXV0bzsgbWFyZ2luOiAwY20gMGNtIDAuMDAwMXB0OyIgY2xh c3M9IiI+DQpPbiAyMDE1LTAyLTI0IE1vIFphbmF0eSB3cm90ZTo8L2Rpdj4NCjxkaXYgc3R5bGU9 ImZvbnQtc3R5bGU6IG5vcm1hbDsgZm9udC12YXJpYW50OiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBu b3JtYWw7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7IGxpbmUtaGVpZ2h0OiBub3JtYWw7IHRleHQt dHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFjZTogbm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsg LXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4OyBvcnBoYW5zOiBhdXRvOyB0ZXh0LWFsaWdu OiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgd2lkb3dzOiBhdXRvOyBtYXJnaW46IDBjbSAwY20g MC4wMDAxcHQ7IiBjbGFzcz0iIj4NCiZndDsgSSBhbHNvIGFncmVlIHdpdGggSm9obiB0aGF0IDY0 IGJpdCBhdXRoIHRhZ3MgYXJlIHN1ZmZpY2llbnQgZm9yIFNSVFAgZXZlbiZuYnNwO3VzaW5nIEdD TS4mbmJzcDs8L2Rpdj4NCjxkaXYgc3R5bGU9ImZvbnQtc3R5bGU6IG5vcm1hbDsgZm9udC12YXJp YW50OiBub3JtYWw7IGZvbnQtd2VpZ2h0OiBub3JtYWw7IGxldHRlci1zcGFjaW5nOiBub3JtYWw7 IGxpbmUtaGVpZ2h0OiBub3JtYWw7IHRleHQtdHJhbnNmb3JtOiBub25lOyB3aGl0ZS1zcGFjZTog bm9ybWFsOyB3b3JkLXNwYWNpbmc6IDBweDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0aDogMHB4 OyBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsgZm9udC1zaXplOiAxMXB0OyBvcnBo YW5zOiBhdXRvOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgd2lkb3dzOiBh dXRvOyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJm b250LXNpemU6IDlwdDsgZm9udC1mYW1pbHk6IEFyaWFsLCBzYW5zLXNlcmlmOyIgY2xhc3M9IiI+ PGJyIGNsYXNzPSIiPg0KPC9zcGFuPjwvZGl2Pg0KPGRpdiBzdHlsZT0ib3JwaGFuczogYXV0bzsg dGV4dC1hbGlnbjogc3RhcnQ7IHRleHQtaW5kZW50OiAwcHg7IHdpZG93czogYXV0bzsgbWFyZ2lu OiAwY20gMGNtIDAuMDAwMXB0OyIgY2xhc3M9IiI+DQo8Zm9udCBmYWNlPSJBcmlhbCwgc2Fucy1z ZXJpZiIgY2xhc3M9IiI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogOXB0OyIgY2xhc3M9IiI+VGhl IHJlYXNvbiBHQ01fNjQgd2FzIHJlbW92ZWQgd2FzIGJlY2F1c2UgSSBwb2ludGVkIG91dCB0aGF0 IHRoZSBkcmFmdCBzaG91bGQgZm9sbG93IHRoZSBOSVNUIHJlcXVpcmVtZW50cyBpbiBTUCA4MDAt MzhELCBBcHBlbmRpeCBDLiZuYnNwOzwvc3Bhbj5LZXZpbiBhbmQgRGF2aWQgY2hvc2UgdG8gcmVt b3ZlJm5ic3A7PC9mb250PjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2Vy aWY7IiBjbGFzcz0iIj5HQ01fNjQNCiBpbnN0ZWFkLjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9 Im9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB3aWRv d3M6IGF1dG87IG1hcmdpbjogMGNtIDBjbSAwLjAwMDFwdDsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5 bGU9ImZvbnQtZmFtaWx5OiBBcmlhbCwgc2Fucy1zZXJpZjsiIGNsYXNzPSIiPjxiciBjbGFzcz0i Ij4NCjwvc3Bhbj48L2Rpdj4NCjxkaXYgc3R5bGU9Im9ycGhhbnM6IGF1dG87IHRleHQtYWxpZ246 IHN0YXJ0OyB0ZXh0LWluZGVudDogMHB4OyB3aWRvd3M6IGF1dG87IG1hcmdpbjogMGNtIDBjbSAw LjAwMDFwdDsiIGNsYXNzPSIiPg0KPHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OiBBcmlhbCwgc2Fu cy1zZXJpZjsiIGNsYXNzPSIiPkNoZWVycyw8L3NwYW4+PC9kaXY+DQo8ZGl2IHN0eWxlPSJvcnBo YW5zOiBhdXRvOyB0ZXh0LWFsaWduOiBzdGFydDsgdGV4dC1pbmRlbnQ6IDBweDsgd2lkb3dzOiBh dXRvOyBtYXJnaW46IDBjbSAwY20gMC4wMDAxcHQ7IiBjbGFzcz0iIj4NCjxzcGFuIHN0eWxlPSJm b250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7IiBjbGFzcz0iIj5Kb2huPC9zcGFuPjwvZGl2 Pg0KPC9kaXY+DQo8L2Rpdj4NCjxiciBjbGFzcz0iIj4NCjxkaXY+DQo8YmxvY2txdW90ZSB0eXBl PSJjaXRlIiBjbGFzcz0iIj4NCjxkaXYgY2xhc3M9IiI+T24gMjQgRmViIDIwMTUsIGF0IDE5OjA3 LCBNbyBaYW5hdHkgKG16YW5hdHkpICZsdDs8YSBocmVmPSJtYWlsdG86bXphbmF0eUBjaXNjby5j b20iIGNsYXNzPSIiPm16YW5hdHlAY2lzY28uY29tPC9hPiZndDsgd3JvdGU6PC9kaXY+DQo8YnIg Y2xhc3M9IkFwcGxlLWludGVyY2hhbmdlLW5ld2xpbmUiPg0KPGRpdiBjbGFzcz0iIj5JIHdvdWxk IGxpa2UgdG8gcG9pbnQgb3V0IHRoZSBzdHJvbmdlc3QgYXJndW1lbnQgZm9yIHRoZSBzdWZmaWNp ZW5jeSBvZiA2NDxiciBjbGFzcz0iIj4NCmJpdCBhdXRoIHRhZ3MsIHRha2VuIGRpcmVjdGx5IGZy b20gdGhlIFNSVFAgUkZDLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCjxhIGhyZWY9Imh0 dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzM3MTEjc2VjdGlvbi05LjIiIGNsYXNzPSIiPmh0 dHA6Ly90b29scy5pZXRmLm9yZy9odG1sL3JmYzM3MTEjc2VjdGlvbi05LjI8L2E+PGJyIGNsYXNz PSIiPg0KPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Li4ud2hlbiAyXjQ4IFNSVFAgcGFja2V0 cyBvciAyXjMxIFNSVENQIHBhY2tldHMgaGF2ZSBiZWVuIHNlY3VyZWQ8YnIgY2xhc3M9IiI+DQom bmJzcDsmbmJzcDt3aXRoIHRoZSBzYW1lIGtleSAod2hpY2hldmVyIG9jY3VycyBiZWZvcmUpLCB0 aGUga2V5IG1hbmFnZW1lbnQgTVVTVDxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwO2JlIGNhbGxl ZCB0byBwcm92aWRlIG5ldyBtYXN0ZXIga2V5KHMp4oCmPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KJm5ic3A7Jm5ic3A7Tm90ZTogaW4gbW9zdCB0eXBpY2FsIGFwcGxpY2F0aW9ucyAoYXNz dW1pbmcgYXQgbGVhc3Qgb25lIFJUQ1AgcGFja2V0PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7 Zm9yIGV2ZXJ5IDEyOCwwMDAgUlRQIHBhY2tldHMpLCBpdCB3aWxsIGJlIHRoZSBTUlRDUCBpbmRl eCB0aGF0IGZpcnN0PGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7cmVhY2hlcyB0aGUgdXBwZXIg bGltaXQsIGFsdGhvdWdoIHRoZSB0aW1lIHVudGlsIHRoaXMgb2NjdXJzIGlzIHZlcnk8YnIgY2xh c3M9IiI+DQombmJzcDsmbmJzcDtsb25nOiBldmVuIGF0IDIwMCBTUlRDUCBwYWNrZXRzL3NlYywg dGhlIDJeMzEgaW5kZXggc3BhY2Ugb2YgU1JUQ1AgaXM8YnIgY2xhc3M9IiI+DQombmJzcDsmbmJz cDtlbm91Z2ggdG8gc2VjdXJlIGFwcHJveGltYXRlbHkgNCBtb250aHMgb2YgY29tbXVuaWNhdGlv bi48YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpUaGlzIHNob3Vs ZCBtYWtlIGl0IGNsZWFyIHRoYXQgYW55IHBvdGVudGlhbCB3ZWFrbmVzcyBpbiBHQ00gYXV0aCB0 aGF0PGJyIGNsYXNzPSIiPg0KcmVkdWNlcyB0aGUgZWZmZWN0aXZlIHN0cmVuZ3RoIG9mIDY0IGJp dCBhdXRoIHRhZ3MgYnkgNy0xMiBiaXRzIChmb3IgMi02NDxiciBjbGFzcz0iIj4NCktCIHBhY2tl dHMpIGlzIG1vb3QgZHVlIHRvIHRoZSBTUlRDUCAzMSBiaXQgbGltaXQgYW5kIFNSVFAgNDggYml0 IGxpbWl0LjxiciBjbGFzcz0iIj4NCkFuIGF0dGFja2VyIHdvdWxkIGhpdCByZWtleSBjcml0ZXJp YSBiZWZvcmUgYWNoaWV2aW5nIDAuMSUgY2hhbmNlIG9mIGE8YnIgY2xhc3M9IiI+DQpzaW5nbGUg c3VjY2Vzc2Z1bGx5IGZvcmdlZCBwYWNrZXQgKG9mIGNob3NlbiBjaXBoZXIgdGV4dCBidXQgcmFu ZG9tIHBsYWluPGJyIGNsYXNzPSIiPg0KdGV4dCBzaW5jZSBkZWNyeXB0aW9uIGtleXMgYXJlIG5v dCBjb21wcm9taXNlZCkuIERPUyBjcml0ZXJpYSB3b3VsZCBsaWtlbHk8YnIgY2xhc3M9IiI+DQpi ZSBoaXQgbXVjaCBzb29uZXIgYXQgc3VjaCBleHRyZW1lIG51bWJlcnMgb2YgcGFja2V0cy4gRnVy dGhlcm1vcmUsIHRoaXM8YnIgY2xhc3M9IiI+DQpyZWR1Y2VkIGVmZmVjdGl2ZSBzdHJlbmd0aCBv ZiBhdXRoIHRhZ3Mgb25seSBhcHBsaWVzIGFnYWluc3QgYXR0YWNrcyB3aGljaDxiciBjbGFzcz0i Ij4NCmFyZSBhbnl3YXkgaW1wb3NzaWJsZSBpbiBTUlRQIGR1ZSB0byBubyBhdXRoIGZhaWx1cmUg ZmVlZGJhY2suPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KU28gNjQgYml0IGF1dGggdGFn cyBzaG91bGQgYmUgc3VmZmljaWVudCBmb3IgU1JUUCBhcHBsaWNhdGlvbnMuPGJyIGNsYXNzPSIi Pg0KKEFzIGxvbmcgYXMgdGhlIGF1dGggdHJhbnNmb3JtIGhhcyBubyB0cnVuY2F0aW9uIGlzc3Vl cy4pPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KTW88YnIgY2xhc3M9IiI+DQo8YnIgY2xh c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpPbiAyLzIzLzE1LCA2OjE2IFBNLCBNbyBaYW5hdHkgKG16 YW5hdHkpICZsdDttemFuYXR5QGNpc2NvLmNvbSZndDsgd3JvdGU6PGJyIGNsYXNzPSIiPg0KPGJy IGNsYXNzPSIiPg0KSSBhbSBmaW5lIHdpdGgga2VlcGluZyBvbmx5IHRoZXNlIDYgc3VpdGVzIGJ5 IGVsaW1pbmF0aW5nIDk2IGJpdCBhdXRoIHRhZ3MuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KSG93ZXZlciwgSSBkbyB3b25kZXIgaWYgYW55IFNSVFAgYXBwbGljYXRpb24gd2lsbCBldmVy IHVzZSBDQ00gd2l0aCBmdWxsPGJyIGNsYXNzPSIiPg0KbGVuZ3RoIHRhZ3Mgb3IgMjU2IGJpdCBr ZXlzLCByYXRoZXIgdGhhbiB1c2luZyBHQ00uIElmIG5vdCwgYW5vdGhlciAzPGJyIGNsYXNzPSIi Pg0Kc3VpdGVzIGNhbiBiZSBlbGltaW5hdGVkLCBsZWF2aW5nIG9ubHkgMyBzdWl0ZXM6PGJyIGNs YXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KQUVBRF9BRVNfMjU2X0dDTTxiciBjbGFzcz0iIj4NCkFF QURfQUVTXzEyOF9HQ008YnIgY2xhc3M9IiI+DQpBRUFEX0FFU18xMjhfQ0NNXzgvNjQ8YnIgY2xh c3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpJIGFsc28gYWdyZWUgd2l0aCBKb2huIHRoYXQgNjQgYml0 IGF1dGggdGFncyBhcmUgc3VmZmljaWVudCBmb3IgU1JUUCBldmVuPGJyIGNsYXNzPSIiPg0KdXNp bmcgR0NNLiBUaGUgTklTVCByZWNvbW1lbmRhdGlvbiBpcyBrZXkgcm90YXRpb24gYWZ0ZXIgcm91 Z2hseSAyXjQwPGJyIGNsYXNzPSIiPg0KcGFja2V0cyBvZiAxLjUgS0IsIHdoaWNoIGlzIG1hbnkg eWVhcnMgZm9yIGEgMTAwIE1icHMgU1JUUCBzdHJlYW0hIEFuZDxiciBjbGFzcz0iIj4NCnRoaXMg aXMgdG8gcHJvdGVjdCBhZ2FpbnN0IGFuIGF0dGFjayB3aGVyZSB0aGUgcmVjZWl2ZXIvdmljdGlt IG5vdGlmaWVzPGJyIGNsYXNzPSIiPg0KdGhlIHNlbmRlci9hdHRhY2tlciBvZiBldmVyeSBhdXRo IGZhaWx1cmUsIHdoaWNoIGlzIG5vdCBwb3NzaWJsZSBpbiBTUlRQPGJyIGNsYXNzPSIiPg0Kc2lu Y2Ugbm8gc3VjaCBmZWVkYmFjayBleGlzdHMuIEFuZCBhcyBKb2huIG1lbnRpb25lZCwgdGhlIERP UyBvZiBzbyBtYW55PGJyIGNsYXNzPSIiPg0KZm9yZ2VkIHBhY2tldHMgYW5kIGF1dGggZmFpbHVy ZSBtZXNzYWdlcyB3b3VsZCBiZSBhIG11Y2ggd29yc2UgY29uc2VxdWVuY2U8YnIgY2xhc3M9IiI+ DQp0aGFuIGNvbXByb21pc2luZyB0aGUgYXV0aCB0YWcuPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNz PSIiPg0KU28gSSB3b3VsZCBhbHNvIGJlIGZpbmUgd2l0aCBvbmx5IDY0IGJpdCBhdXRoIHRhZ3Mg Zm9yIGJvdGggR0NNIGFuZCBDQ00uPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KQUVBRF9B RVNfMjU2X0dDTV84LzY0PGJyIGNsYXNzPSIiPg0KQUVBRF9BRVNfMTI4X0dDTV84LzY0PGJyIGNs YXNzPSIiPg0KQUVBRF9BRVNfMTI4X0NDTV84LzY0PGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIi Pg0KSWYgd2UgZ28gdGhpcyBmaW5hbCByb3V0ZSwgSSBzdWdnZXN0IHVwZGF0aW5nIHNlY3Rpb24g MTQuMiB3aXRoIGEgdGFibGU8YnIgY2xhc3M9IiI+DQpmb3IgMS41IEtCIHBhY2tldHMgKG5vdCBq dXN0IDY0IEtCKSwgYW5kIG1vcmUgY29uY3JldGUgZ3VpZGFuY2Ugb24gd2hhdDxiciBjbGFzcz0i Ij4NCnRoZSBzZWN1cml0eSByYW1pZmljYXRpb25zIGFyZS4gSW4gcGFydGljdWxhciwgdGhhdCB0 aGVzZSAobWFueSkgZm9yZ2VyaWVzPGJyIGNsYXNzPSIiPg0KY2FuIG9ubHkgaW5qZWN0IHJhbmRv bSBkYXRhIHNpbmNlIHRoZSBkZWNyeXB0aW9uIGtleSBpcyB1bmtub3duLiBUaGF0IGlzLDxiciBj bGFzcz0iIj4NCnRoZXkgaW5qZWN0IGEgY2hvc2VuIGNpcGhlciB0ZXh0IGJ1dCBhIHJhbmRvbSBw bGFpbiB0ZXh0IGFmdGVyIGRlY3J5cHRpb248YnIgY2xhc3M9IiI+DQpzaW5jZSB0aGUgZGVjcnlw dGlvbiBrZXkgaXMgdW5rbm93biBhbmQgbm90IGNvbXByb21pc2VkIGJ5IHRoaXMgYXV0aCBrZXk8 YnIgY2xhc3M9IiI+DQphdHRhY2suIFRoZSBzZWN1cml0eSByYW1pZmljYXRpb25zIG9mIHRoaXMg YXV0aCBrZXkgYXR0YWNrIGFyZSBtaW5vciBpbiBteTxiciBjbGFzcz0iIj4NCm9waW5pb24sIGVz cGVjaWFsbHkgcmVsYXRpdmUgdG8gdGhlIG1ham9yIGRlbmlhbC1vZi1zZXJ2aWNlIGNhdXNlZCBi eSBzbzxiciBjbGFzcz0iIj4NCm1hbnkgZm9yZ2VyaWVzIGFuZCBhdXRoIGZhaWx1cmUgZmVlZGJh Y2suPGJyIGNsYXNzPSIiPg0KPGJyIGNsYXNzPSIiPg0KSSB3b3VsZCBub3QgYmUgZmluZSB3aXRo IGFueXRoaW5nIGxlc3MgdGhhbiB0aGlzLiBPbmUgR0NNIGlzIG5vdDxiciBjbGFzcz0iIj4NCnN1 ZmZpY2llbnQsIHdlIG5lZWQgYm90aCAxMjggYW5kIDI1NiBiaXQga2V5cy4gR0NNIGlzIG5vdCBz dWZmaWNpZW50LCB3ZTxiciBjbGFzcz0iIj4NCmFsc28gbmVlZCBDQ00gKDEyOF84LzY0KS48YnIg Y2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpNbzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4N CjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCk9uIDIvMTkvMTUsIDExOjAxIEFNLCBNYWdu dXMgV2VzdGVybHVuZCAmbHQ7bWFnbnVzLndlc3Rlcmx1bmRAZXJpY3Nzb24uY29tJmd0OzxiciBj bGFzcz0iIj4NCndyb3RlOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCk9uIDIwMTUtMDIt MTUgMTU6MDksIERhdmlkIE1jR3JldyB3cm90ZTo8YnIgY2xhc3M9IiI+DQo8YmxvY2txdW90ZSB0 eXBlPSJjaXRlIiBjbGFzcz0iIj48YnIgY2xhc3M9IiI+DQpNeSBvcGluaW9uIGlzOiBpdCB3b3Vs ZCBiZSBiZXN0IHRvIHByZXNlcnZlIHRoZSBleGlzdGluZyBzcGVjaWZpY2F0aW9uPGJyIGNsYXNz PSIiPg0KYW5kIGltcGxlbWVudGF0aW9uIHdvcmssIGFuZCByZXRhaW4gYWxsIHRlbiBjcnlwdG8g c3VpdGUgZGVmaW5pdGlvbnMuPGJyIGNsYXNzPSIiPg0KQnV0IGlmIHdlIHdhbnQgdG8gbWFrZSBT UlRQLUFFQUQgYmUgdGhlIGZpcnN0IGluc3RhbmNlIGluIHdoaWNoIHRoZSBJRVRGPGJyIGNsYXNz PSIiPg0Kd2lsbCAmbmJzcDtwcmlvcml0aXplIHNpbXBsaWNpdHkgb3ZlciB2YXJpZXR5IGFuZCBk aXZlcnNpdHksIEnCuW0gZ29vZCB3aXRoPGJyIGNsYXNzPSIiPg0KdGhhdCwgYmVjYXVzZSBJIGNl cnRhaW5seSBzZWUgdGhlIHZhbHVlIG9mIHNpbXBsaWNpdHk7IHRoZW4gbXk8YnIgY2xhc3M9IiI+ DQpyZWNvbW1lbmRhdGlvbiB3b3VsZCBiZSB0byBlbGltaW5hdGUgdGhlIGZvdXIgMTItb2N0ZXQg YXV0aGVudGljYXRpb248YnIgY2xhc3M9IiI+DQp2ZXJzaW9ucy4gJm5ic3A7VGhhdCB3b3VsZCBs ZWF2ZSBqdXN0IHNpeCBjcnlwdG8gc3VpdGVzLCB3aXRoIHR3byBkaWZmZXJlbnQ8YnIgY2xhc3M9 IiI+DQptb2RlcyBvZiBvcGVyYXRpb24sIHR3byBkaWZmZXJlbnQga2V5IHNpemVzLCBhbmQgdHdv IGRpZmZlcmVudCB0YWc8YnIgY2xhc3M9IiI+DQpsZW5ndGhzIChidXQgbm90IGFsbCB0YWcgbGVu Z3RocyBmb3IgYWxsIG1vZGVzKSwgbGlrZSB0aGlzOjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3NydHAtY3J5cHRvLXN1aXRlLWV4dCA9 ICZxdW90O0FFQURfQUVTXzEyOF9HQ00mcXVvdDsgJm5ic3A7Jm5ic3A7Jm5ic3A7LzxiciBjbGFz cz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZxdW90O0FFQURfQUVTXzI1Nl9HQ00mcXVvdDsgJm5ic3A7Jm5ic3A7Jm5ic3A7 LzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZxdW90O0FFQURfQUVTXzEyOF9DQ00mcXVvdDsgJm5ic3A7Jm5i c3A7Jm5ic3A7LzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZxdW90O0FFQURfQUVTXzI1Nl9DQ00mcXVvdDsg Jm5ic3A7Jm5ic3A7Jm5ic3A7LzxiciBjbGFzcz0iIj4NCiZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZu YnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZxdW90O0FFQURfQUVTXzEyOF9D Q01fOCZxdW90OyAmbmJzcDsvPGJyIGNsYXNzPSIiPg0KJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7JnF1b3Q7QUVBRF9BRVNfMjU2X0ND TV84JnF1b3Q7ICZuYnNwOy88YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQo8L2Jsb2NrcXVv dGU+DQo8YnIgY2xhc3M9IiI+DQpTdGVwaGVuLCBXRzxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0i Ij4NCkhhdmluZyBsb29rZWQgYXQgdGhlIGZlZWRiYWNrIHByb3ZpZGVkIGluIHRoaXMgZGlzY3Vz c2lvbiBzbyBmYXIsIEk8YnIgY2xhc3M9IiI+DQp0aGluayB0aGUgYWJvdmUgc2V0IG9mIDYgYXJl IGEgcmVhc29uYWJsZSBzZWxlY3Rpb24gd2l0aG91dCB1bmR1bHk8YnIgY2xhc3M9IiI+DQpsaW1p dGluZyBmdW5jdGlvbmFsaXR5LCBidXQgcmVtb3ZpbmcgdGhlIGZvdXIgbGVhc3QgbmVjZXNzYXJ5 IHByb2ZpbGVzLjxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCk15IHByb3Bvc2FsIGlzIHRo YXQgaWYgbm8gb25lIGlzIGRpc2FncmVlaW5nIHdpdGggdGhpcyBpbiB0aGUgbmV4dCB3ZWVrPGJy IGNsYXNzPSIiPg0KKFByaW9yIHRvIEZlYiAyNiBhdCAxNjozMCBVVEMpIHdlIHVzZSBpdC4gSWYg c29tZW9uZSBkaXNhZ3JlZXMgd2UgaG9sZCBhPGJyIGNsYXNzPSIiPg0KZGlzY3Vzc2lvbiBhdCB0 aGUgaW5mb3JtYWwgSUVTRyB0ZWxlY2hhdCBvbiBob3cgdG8gcHJvY2VlZC48YnIgY2xhc3M9IiI+ DQo8YnIgY2xhc3M9IiI+DQpDaGVlcnM8YnIgY2xhc3M9IiI+DQo8YnIgY2xhc3M9IiI+DQpNYWdu dXMgV2VzdGVybHVuZDxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCi0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS08 YnIgY2xhc3M9IiI+DQpTZXJ2aWNlcywgTWVkaWEgYW5kIE5ldHdvcmsgZmVhdHVyZXMsIEVyaWNz c29uIFJlc2VhcmNoIEVBQi9UWE08YnIgY2xhc3M9IiI+DQotLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tPGJyIGNsYXNz PSIiPg0KRXJpY3Nzb24gQUIgJm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5i c3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7 fCBQaG9uZSAmbmJzcDsmIzQzOzQ2IDEwIDcxNDgyODc8YnIgY2xhc3M9IiI+DQpGw6Ryw7ZnYXRh biA2ICZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNw OyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwOyZuYnNwO3wgTW9iaWxlICYjNDM7 NDYgNzMgMDk0OTA3OTxiciBjbGFzcz0iIj4NClNFLTE2NCA4MCBTdG9ja2hvbG0sIFN3ZWRlbiB8 IG1haWx0bzogbWFnbnVzLndlc3Rlcmx1bmRAZXJpY3Nzb24uY29tPGJyIGNsYXNzPSIiPg0KLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLTxiciBjbGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCl9fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fPGJyIGNsYXNzPSIiPg0KQXVkaW8vVmlkZW8g VHJhbnNwb3J0IENvcmUgTWFpbnRlbmFuY2U8YnIgY2xhc3M9IiI+DQphdnRAaWV0Zi5vcmc8YnIg Y2xhc3M9IiI+DQpodHRwczovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2F2dDxiciBj bGFzcz0iIj4NCjxiciBjbGFzcz0iIj4NCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fPGJyIGNsYXNzPSIiPg0KQXVkaW8vVmlkZW8gVHJhbnNwb3J0IENvcmUg TWFpbnRlbmFuY2U8YnIgY2xhc3M9IiI+DQphdnRAaWV0Zi5vcmc8YnIgY2xhc3M9IiI+DQpodHRw czovL3d3dy5pZXRmLm9yZy9tYWlsbWFuL2xpc3RpbmZvL2F2dDxiciBjbGFzcz0iIj4NCjxiciBj bGFzcz0iIj4NCjwvZGl2Pg0KPC9ibG9ja3F1b3RlPg0KPC9kaXY+DQo8YnIgY2xhc3M9IiI+DQo8 L2JvZHk+DQo8L2h0bWw+DQo= --_000_28669AE0DF314910BD975B319BFD1398ericssoncom_-- From nobody Fri Feb 27 12:08:33 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD4361A0067 for ; Fri, 27 Feb 2015 12:08:31 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.91 X-Spam-Level: X-Spam-Status: No, score=-6.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ChpmFDwI83Ai for ; Fri, 27 Feb 2015 12:08:30 -0800 (PST) Received: from emvm-gh1-uea08.nsa.gov (emvm-gh1-uea08.nsa.gov [63.239.67.9]) by ietfa.amsl.com (Postfix) with ESMTP id 10CC61A0053 for ; Fri, 27 Feb 2015 12:08:29 -0800 (PST) X-TM-IMSS-Message-ID: <4290682200074bb5@nsa.gov> Received: from MSHT-GH1-UEA01.corp.nsa.gov (msht-gh1-uea01.corp.nsa.gov [10.215.227.18]) by nsa.gov ([63.239.67.9]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 AES128-SHA (128/128)) id 4290682200074bb5 ; Fri, 27 Feb 2015 15:08:47 -0500 Received: from MSMR-GH1-UEA08.corp.nsa.gov (10.215.225.3) by MSHT-GH1-UEA01.corp.nsa.gov (10.215.227.18) with Microsoft SMTP Server (TLS) id 14.2.347.0; Fri, 27 Feb 2015 15:08:29 -0500 Received: from MSMR-GH1-UEA03.corp.nsa.gov ([10.215.224.3]) by MSMR-GH1-UEA08.corp.nsa.gov ([10.215.225.3]) with mapi id 14.02.0347.000; Fri, 27 Feb 2015 15:08:28 -0500 From: "Igoe, Kevin M." To: "'avt@ietf.org'" Thread-Topic: Are thare any existing uses of CCM mode in SRTP? Thread-Index: AdBSySZw1rAEskNLRrukGWoZmrPASA== Date: Fri, 27 Feb 2015 20:08:27 +0000 Message-ID: <3C4AAD4B5304AB44A6BA85173B4675CABC7F0078@MSMR-GH1-UEA03.corp.nsa.gov> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.215.224.46] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [AVTCORE] Are thare any existing uses of CCM mode in SRTP? X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2015 20:08:32 -0000 Despite its name, the ID draft-avtcore-srtp aes-gcm actually supports two (= 2) AEAD modes of operation, GCM and CCM. There are known GCM based develo= pments underway, but at a telechat held yesterday to discuss this ID it be= came apparent that no one participating in the chat was aware of ANY use of= CCM in SRTP. Hence it was suggested we purge CCM from the current ID =20 This is a call to the mailing list to see if anyone is aware of any concret= e existing projects underway that use CCM mode in SRTP. If there are none,= CCM will be eliminated from the current ID.=20 (Note that if at some date in the future someone wishes to deploy CCM in SR= TP, a simple cut and paste from previous drafts of the current ID can be us= ed to craft a new CCM only ID.) From nobody Fri Feb 27 12:19:59 2015 Return-Path: X-Original-To: avt@ietfa.amsl.com Delivered-To: avt@ietfa.amsl.com Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98C631A0019 for ; Fri, 27 Feb 2015 12:19:58 -0800 (PST) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.902 X-Spam-Level: X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cpbjxgJTVPdo for ; Fri, 27 Feb 2015 12:19:57 -0800 (PST) Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2on0083.outbound.protection.outlook.com [207.46.100.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 302391A00BD for ; Fri, 27 Feb 2015 12:19:43 -0800 (PST) Received: from CY1PR0501MB1578.namprd05.prod.outlook.com (25.161.161.152) by CY1PR0501MB1435.namprd05.prod.outlook.com (25.160.148.153) with Microsoft SMTP Server (TLS) id 15.1.93.16; Fri, 27 Feb 2015 20:19:41 +0000 Received: from CY1PR0501MB1579.namprd05.prod.outlook.com (25.161.161.153) by CY1PR0501MB1578.namprd05.prod.outlook.com (25.161.161.152) with Microsoft SMTP Server (TLS) id 15.1.93.16; Fri, 27 Feb 2015 20:19:40 +0000 Received: from CY1PR0501MB1579.namprd05.prod.outlook.com ([25.161.161.153]) by CY1PR0501MB1579.namprd05.prod.outlook.com ([25.161.161.153]) with mapi id 15.01.0093.004; Fri, 27 Feb 2015 20:19:40 +0000 From: "Wyss, Felix" To: "Igoe, Kevin M." , "'avt@ietf.org'" Thread-Topic: Are thare any existing uses of CCM mode in SRTP? Thread-Index: AdBSySZw1rAEskNLRrukGWoZmrPASAAALbWg Date: Fri, 27 Feb 2015 20:19:40 +0000 Message-ID: References: <3C4AAD4B5304AB44A6BA85173B4675CABC7F0078@MSMR-GH1-UEA03.corp.nsa.gov> In-Reply-To: <3C4AAD4B5304AB44A6BA85173B4675CABC7F0078@MSMR-GH1-UEA03.corp.nsa.gov> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [107.147.12.61] authentication-results: nsa.gov; dkim=none (message not signed) header.d=none; x-microsoft-antispam: BCL:0;PCL:0;RULEID:;SRVR:CY1PR0501MB1578;UriScan:; inin-custom-wld: WL-D x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:; SRVR:CY1PR0501MB1578; x-forefront-prvs: 05009853EF x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(164054003)(51704005)(13464003)(99286002)(15975445007)(77156002)(62966003)(86362001)(74316001)(122556002)(102836002)(40100003)(76576001)(87936001)(19580405001)(2950100001)(19580395003)(2900100001)(107886001)(92566002)(33656002)(66066001)(76176999)(2656002)(46102003)(54356999)(50986999)(491001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR0501MB1578; H:CY1PR0501MB1579.namprd05.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en; Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Feb 2015 20:19:40.4360 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8d07eb62-a903-4bae-bcc2-66c244e76b27 X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR0501MB1578 X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:CY1PR0501MB1435; X-OriginatorOrg: inin.com Archived-At: Subject: Re: [AVTCORE] Are thare any existing uses of CCM mode in SRTP? X-BeenThere: avt@ietf.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: Audio/Video Transport Core Maintenance List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2015 20:19:58 -0000 I am very much in favor of removing CCM. =20 Something I would like to ask for, though: Could you *please* add test vect= ors to the RFC? As an implementer, having meaningful test vectors greatly = helps in development and testing. IMHO test vectors should be a MUST requi= rement for any RFCs describing cryptographic protocols. Thanks, --Felix > -----Original Message----- > From: avt [mailto:avt-bounces@ietf.org] On Behalf Of Igoe, Kevin M. > Sent: Friday, February 27, 2015 15:08 > To: 'avt@ietf.org' > Subject: [AVTCORE] Are thare any existing uses of CCM mode in SRTP? >=20 > Despite its name, the ID draft-avtcore-srtp aes-gcm actually supports two= (2) > AEAD modes of operation, GCM and CCM. There are known GCM based > developments underway, but at a telechat held yesterday to discuss this = ID > it became apparent that no one participating in the chat was aware of ANY > use of CCM in SRTP. Hence it was suggested we purge CCM from the current > ID >=20 > This is a call to the mailing list to see if anyone is aware of any concr= ete > existing projects underway that use CCM mode in SRTP. If there are none, > CCM will be eliminated from the current ID. >=20 > (Note that if at some date in the future someone wishes to deploy CCM in > SRTP, a simple cut and paste from previous drafts of the current ID can b= e > used to craft a new CCM only ID.) >=20 > _______________________________________________ > Audio/Video Transport Core Maintenance > avt@ietf.org > https://www.ietf.org/mailman/listinfo/avt