From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mail-il1-x135.google.com (mail-il1-x135.google.com [IPv6:2607:f8b0:4864:20::135])
	by mail.toke.dk (Postfix) with ESMTPS id 6BDC08C7861
	for <galene@lists.galene.org>; Fri,  1 Oct 2021 17:24:54 +0200 (CEST)
Authentication-Results: mail.toke.dk;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MLrstKTq
Received: by mail-il1-x135.google.com with SMTP id h20so10896129ilj.13
        for <galene@lists.galene.org>; Fri, 01 Oct 2021 08:24:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=8qCfak9RJiwdx3M5M6FAW1RnRTic0mRFh3n/y1xGrCU=;
        b=MLrstKTqRTIy7cXDLsOwnvrAMZ65CSfpYN9XBHMhi1rRy+XPKH+bPeQ6NNsoViVWrV
         rjMhMD6Tan0+RSpdz+Duy3AChyXDVDSkG23+izPUFMKP9179SbGCzvO2yCyFUsCFz3zD
         NqsbW7YywsIOH9ixJ+FDCfbzlVDAR5gpfjBpguJIQ2jxzH9zc1JQ1sVKQjvBmkCCGYfX
         xUfSP2XMsh2lHjlskSdgYkeXASWZIqsIhsofAcImHcP+PpvhUnL6aclbemGQptY3LHCU
         J+IQo3ONhywI2bF8Rj3nlPJEplHo6hs+B9YGpfFUt63RF8N57bjjMRFcCVSpzaKlL9/W
         04eA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=8qCfak9RJiwdx3M5M6FAW1RnRTic0mRFh3n/y1xGrCU=;
        b=arVwH4U/iWRM8cC2ICkca6Sblhhajnk0zN96GuQqFq638cUhL1y0QfcnRt/FztVQLL
         k9BryTQGjPoCeZyyDC2bxcdNHMZIbca/LGJ2sJKD37Jfl+R7VDuP+Z+0yuw48bRIZO9S
         yybv/T5j04JXd87cECXmqjyro7zRPCWbhZUER/NFtcXOMQhocA7HWcDf1sWDYNuoR1BP
         rXLPoatgvr/sUsoKhtAV1u1++Xvbh7nc2abItuX2nShX+IhDjSLCF1Kzo5uZknkRi4/r
         DWn8z3LXgGvwrX+maPaibvcxTqh2bhi0+uNWqR/kMui2WaCu0GlVWOeBNpODajlBJkAq
         5iBQ==
X-Gm-Message-State: AOAM531Lxgl4X7yCnRzbFcDi2E9RqQhONpQ8qBZ4b3UeHthrd+9UQBLH
	VlzE6qRknbhQqJw2XD9+lsdHcYS/FZO1LpWw/3E=
X-Google-Smtp-Source: ABdhPJzLns4nKcVftBUI4hRoYHeFbtgiqK7uwxAsgvOzmJb1FmraJo9NJJmb/rhww8l7F11qIJR0NFranZvjhJZERRI=
X-Received: by 2002:a05:6e02:c11:: with SMTP id d17mr9576379ile.25.1633101892511;
 Fri, 01 Oct 2021 08:24:52 -0700 (PDT)
MIME-Version: 1.0
References: <9SCVvWIB9TfyEmG6di6LYCmoEeeJ_2Fsqzh8Y58_q0wSF1hRxJ_2I3YKATYXSCnaZQMJ6CdhvseVnbHsDmnSheS5b9SvRk1f9xhna0e2Y5Q=@protonmail.com>
 <87pmsp3qnx.wl-jch@irif.fr> <CAA93jw6oy3=w08wywTF41MCsajwxhJvZFjG34WV9mGBZ7Mochg@mail.gmail.com>
 <87k0iw4yis.wl-jch@irif.fr>
In-Reply-To: <87k0iw4yis.wl-jch@irif.fr>
From: Dave Taht <dave.taht@gmail.com>
Date: Fri, 1 Oct 2021 08:24:38 -0700
Message-ID: <CAA93jw7RrrJoCKs82YWXYG=cmkW_-aaGMEc9h55a1DfKSsRqBg@mail.gmail.com>
To: Juliusz Chroboczek <jch@irif.fr>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: S4IBLIVERRI7AJ3QV7DS74DGYLMBFHRU
X-Message-ID-Hash: S4IBLIVERRI7AJ3QV7DS74DGYLMBFHRU
X-MailFrom: dave.taht@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "galene@lists.galene.org" <galene@lists.galene.org>
X-Mailman-Version: 3.3.4
Precedence: list
Subject: [Galene] Re: End-to-end encryption [was: User management]
List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= <galene.lists.galene.org>
Archived-At: <https://lists.galene.org/galene/CAA93jw7RrrJoCKs82YWXYG=cmkW_-aaGMEc9h55a1DfKSsRqBg@mail.gmail.com/>
List-Archive: <https://lists.galene.org/galene/>
List-Help: <mailto:galene-request@lists.galene.org?subject=help>
List-Owner: <mailto:galene-owner@lists.galene.org>
List-Post: <mailto:galene@lists.galene.org>
List-Subscribe: <mailto:galene-join@lists.galene.org>
List-Unsubscribe: <mailto:galene-leave@lists.galene.org>

On Fri, Oct 1, 2021 at 7:20 AM Juliusz Chroboczek <jch@irif.fr> wrote:
>
> > talking to a trusted videoconferencing server. I did rather like the
> > insertable streams idea:
> >
> > https://webrtchacks.com/true-end-to-end-encryption-with-webrtc-insertab=
le-streams/
>
> I like the idea of end-to-end encryption, but I feel that I'm not ready t=
o
> implement it yet.
>
> Insertable streams gives you the ability to perform end-to-end encryption=
,
> but it does not define the encryption format.  So you end up having to
> design your own crypto, with all the dangers that this entails.  Before w=
e
> can use insertable streams, we need to have a clear specification of
> a recommended encrypted format to use with it.  There is an IETF effort t=
o
> do that, but it's IETF, so it won't conclude before a few years.  (Last
> time I checked, they were discussing the benefits of two approaches,
> SFrame and Spacket, if memory serves, and there was no clear consensus ye=
t.)
>
> There are two other issues.  First, in order to do simulcast and keyframe
> optimisation, Galene needs to look inside the packets.  Jitsi works aroun=
d
> the issue by not encrypting the first 8 octets of every packet, even one
> that does not start a frame, but it's difficult to tell what amount of
> information this leaks.  The proper solution to the issue is to have an
> unencrypted header extension that contains the required information, but
> that's only available with AV1 and not implemented yet (Chrome uses
> a nonstandard format for AV1).
>
> Second, simulcast for VP8 requires rewriting the packet contents, which i=
s
> obviously impossible if the data is encrypted.  This is solved with VP9,
> but what it means is that you cannot have encrypted simulcast with VP8,
> something has to give.
>
> In short, Dave, I have given some serious thought to the issue of
> end-to-end encryption, and I feel that it will need to wait a couple of
> years before we can deploy it in production.

thanks for having given it much deeper thought than I have so far!

I would like then, to somehow, push harder to embed videoconferencing
servers such as galene into more edge embedded products. I am very
disturbed by the widespread belief among users that videoconferencing
servers in the cloud are actually secure, and would like to see services
like baby-cams, and personal interactions, move back to the edge, and
back under user control (and there's also a bandwidth savings to be had)

There is a lot of work going on on edge cpe - like prplos, rdk-b,
and security products like these,

https://www.theverge.com/2021/9/28/22692073/ring-alarm-pro-amazon-event-rel=
ease-date-specs-price-features

running on capable hardware,  that might be used.
> -- Juliusz



--=20
Fixing Starlink's Latencies: https://www.youtube.com/watch?v=3Dc9gLo6Xrwgw

Dave T=C3=A4ht CEO, TekLibre, LLC