From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-il1-x135.google.com (mail-il1-x135.google.com [IPv6:2607:f8b0:4864:20::135]) by mail.toke.dk (Postfix) with ESMTPS id 6BDC08C7861 for ; Fri, 1 Oct 2021 17:24:54 +0200 (CEST) Authentication-Results: mail.toke.dk; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=MLrstKTq Received: by mail-il1-x135.google.com with SMTP id h20so10896129ilj.13 for ; Fri, 01 Oct 2021 08:24:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=8qCfak9RJiwdx3M5M6FAW1RnRTic0mRFh3n/y1xGrCU=; b=MLrstKTqRTIy7cXDLsOwnvrAMZ65CSfpYN9XBHMhi1rRy+XPKH+bPeQ6NNsoViVWrV rjMhMD6Tan0+RSpdz+Duy3AChyXDVDSkG23+izPUFMKP9179SbGCzvO2yCyFUsCFz3zD NqsbW7YywsIOH9ixJ+FDCfbzlVDAR5gpfjBpguJIQ2jxzH9zc1JQ1sVKQjvBmkCCGYfX xUfSP2XMsh2lHjlskSdgYkeXASWZIqsIhsofAcImHcP+PpvhUnL6aclbemGQptY3LHCU J+IQo3ONhywI2bF8Rj3nlPJEplHo6hs+B9YGpfFUt63RF8N57bjjMRFcCVSpzaKlL9/W 04eA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=8qCfak9RJiwdx3M5M6FAW1RnRTic0mRFh3n/y1xGrCU=; b=arVwH4U/iWRM8cC2ICkca6Sblhhajnk0zN96GuQqFq638cUhL1y0QfcnRt/FztVQLL k9BryTQGjPoCeZyyDC2bxcdNHMZIbca/LGJ2sJKD37Jfl+R7VDuP+Z+0yuw48bRIZO9S yybv/T5j04JXd87cECXmqjyro7zRPCWbhZUER/NFtcXOMQhocA7HWcDf1sWDYNuoR1BP rXLPoatgvr/sUsoKhtAV1u1++Xvbh7nc2abItuX2nShX+IhDjSLCF1Kzo5uZknkRi4/r DWn8z3LXgGvwrX+maPaibvcxTqh2bhi0+uNWqR/kMui2WaCu0GlVWOeBNpODajlBJkAq 5iBQ== X-Gm-Message-State: AOAM531Lxgl4X7yCnRzbFcDi2E9RqQhONpQ8qBZ4b3UeHthrd+9UQBLH VlzE6qRknbhQqJw2XD9+lsdHcYS/FZO1LpWw/3E= X-Google-Smtp-Source: ABdhPJzLns4nKcVftBUI4hRoYHeFbtgiqK7uwxAsgvOzmJb1FmraJo9NJJmb/rhww8l7F11qIJR0NFranZvjhJZERRI= X-Received: by 2002:a05:6e02:c11:: with SMTP id d17mr9576379ile.25.1633101892511; Fri, 01 Oct 2021 08:24:52 -0700 (PDT) MIME-Version: 1.0 References: <9SCVvWIB9TfyEmG6di6LYCmoEeeJ_2Fsqzh8Y58_q0wSF1hRxJ_2I3YKATYXSCnaZQMJ6CdhvseVnbHsDmnSheS5b9SvRk1f9xhna0e2Y5Q=@protonmail.com> <87pmsp3qnx.wl-jch@irif.fr> <87k0iw4yis.wl-jch@irif.fr> In-Reply-To: <87k0iw4yis.wl-jch@irif.fr> From: Dave Taht Date: Fri, 1 Oct 2021 08:24:38 -0700 Message-ID: To: Juliusz Chroboczek Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Message-ID-Hash: S4IBLIVERRI7AJ3QV7DS74DGYLMBFHRU X-Message-ID-Hash: S4IBLIVERRI7AJ3QV7DS74DGYLMBFHRU X-MailFrom: dave.taht@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: "galene@lists.galene.org" X-Mailman-Version: 3.3.4 Precedence: list Subject: [Galene] Re: End-to-end encryption [was: User management] List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Fri, Oct 1, 2021 at 7:20 AM Juliusz Chroboczek wrote: > > > talking to a trusted videoconferencing server. I did rather like the > > insertable streams idea: > > > > https://webrtchacks.com/true-end-to-end-encryption-with-webrtc-insertab= le-streams/ > > I like the idea of end-to-end encryption, but I feel that I'm not ready t= o > implement it yet. > > Insertable streams gives you the ability to perform end-to-end encryption= , > but it does not define the encryption format. So you end up having to > design your own crypto, with all the dangers that this entails. Before w= e > can use insertable streams, we need to have a clear specification of > a recommended encrypted format to use with it. There is an IETF effort t= o > do that, but it's IETF, so it won't conclude before a few years. (Last > time I checked, they were discussing the benefits of two approaches, > SFrame and Spacket, if memory serves, and there was no clear consensus ye= t.) > > There are two other issues. First, in order to do simulcast and keyframe > optimisation, Galene needs to look inside the packets. Jitsi works aroun= d > the issue by not encrypting the first 8 octets of every packet, even one > that does not start a frame, but it's difficult to tell what amount of > information this leaks. The proper solution to the issue is to have an > unencrypted header extension that contains the required information, but > that's only available with AV1 and not implemented yet (Chrome uses > a nonstandard format for AV1). > > Second, simulcast for VP8 requires rewriting the packet contents, which i= s > obviously impossible if the data is encrypted. This is solved with VP9, > but what it means is that you cannot have encrypted simulcast with VP8, > something has to give. > > In short, Dave, I have given some serious thought to the issue of > end-to-end encryption, and I feel that it will need to wait a couple of > years before we can deploy it in production. thanks for having given it much deeper thought than I have so far! I would like then, to somehow, push harder to embed videoconferencing servers such as galene into more edge embedded products. I am very disturbed by the widespread belief among users that videoconferencing servers in the cloud are actually secure, and would like to see services like baby-cams, and personal interactions, move back to the edge, and back under user control (and there's also a bandwidth savings to be had) There is a lot of work going on on edge cpe - like prplos, rdk-b, and security products like these, https://www.theverge.com/2021/9/28/22692073/ring-alarm-pro-amazon-event-rel= ease-date-specs-price-features running on capable hardware, that might be used. > -- Juliusz --=20 Fixing Starlink's Latencies: https://www.youtube.com/watch?v=3Dc9gLo6Xrwgw Dave T=C3=A4ht CEO, TekLibre, LLC