[Galene] Re: End-to-end encryption [was: User management]

[Dave Taht <dave.taht@gmail.com>]

On Fri, Oct 1, 2021 at 7:20 AM Juliusz Chroboczek <jch@irif.fr> wrote:
>
> > talking to a trusted videoconferencing server. I did rather like the
> > insertable streams idea:
> >
> > https://webrtchacks.com/true-end-to-end-encryption-with-webrtc-insertable-streams/
>
> I like the idea of end-to-end encryption, but I feel that I'm not ready to
> implement it yet.
>
> Insertable streams gives you the ability to perform end-to-end encryption,
> but it does not define the encryption format.  So you end up having to
> design your own crypto, with all the dangers that this entails.  Before we
> can use insertable streams, we need to have a clear specification of
> a recommended encrypted format to use with it.  There is an IETF effort to
> do that, but it's IETF, so it won't conclude before a few years.  (Last
> time I checked, they were discussing the benefits of two approaches,
> SFrame and Spacket, if memory serves, and there was no clear consensus yet.)
>
> There are two other issues.  First, in order to do simulcast and keyframe
> optimisation, Galene needs to look inside the packets.  Jitsi works around
> the issue by not encrypting the first 8 octets of every packet, even one
> that does not start a frame, but it's difficult to tell what amount of
> information this leaks.  The proper solution to the issue is to have an
> unencrypted header extension that contains the required information, but
> that's only available with AV1 and not implemented yet (Chrome uses
> a nonstandard format for AV1).
>
> Second, simulcast for VP8 requires rewriting the packet contents, which is
> obviously impossible if the data is encrypted.  This is solved with VP9,
> but what it means is that you cannot have encrypted simulcast with VP8,
> something has to give.
>
> In short, Dave, I have given some serious thought to the issue of
> end-to-end encryption, and I feel that it will need to wait a couple of
> years before we can deploy it in production.

thanks for having given it much deeper thought than I have so far!

I would like then, to somehow, push harder to embed videoconferencing
servers such as galene into more edge embedded products. I am very
disturbed by the widespread belief among users that videoconferencing
servers in the cloud are actually secure, and would like to see services
like baby-cams, and personal interactions, move back to the edge, and
back under user control (and there's also a bandwidth savings to be had)

There is a lot of work going on on edge cpe - like prplos, rdk-b,
and security products like these,

https://www.theverge.com/2021/9/28/22692073/ring-alarm-pro-amazon-event-release-date-specs-price-features

running on capable hardware,  that might be used.
> -- Juliusz



-- 
Fixing Starlink's Latencies: https://www.youtube.com/watch?v=c9gLo6Xrwgw

Dave Täht CEO, TekLibre, LLC