A Solution Framework for Private Media in Privacy-Enhanced RTP Conferencing (PERC)
RFC 8871

Document Type RFC - Proposed Standard (January 2021; No errata)
Authors Paul Jones  , David Benham  , Christian Groves 
Last updated 2021-01-18
Replaces draft-jones-perc-private-media-framework
Stream Internet Engineering Task Force (IETF)
Formats plain text html xml pdf htmlized (tools) htmlized bibtex
Stream WG state Submitted to IESG for Publication (wg milestone: Mar 2018 - Submit architecture ... )
Document shepherd Nils Ohlmeier
Shepherd write-up Show (last changed 2018-09-20)
IESG IESG state RFC 8871 (Proposed Standard)
Action Holders
Consensus Boilerplate Yes
Telechat date
Responsible AD Alexey Melnikov
Send notices to Nils Ohlmeier <nohlmeier@mozilla.com>
IANA IANA review state Version Changed - Review Needed
IANA action state No IANA Actions

Internet Engineering Task Force (IETF)                          P. Jones
Request for Comments: 8871                                         Cisco
Category: Standards Track                                      D. Benham
ISSN: 2070-1721                                                C. Groves
                                                            January 2021

     A Solution Framework for Private Media in Privacy-Enhanced RTP
                          Conferencing (PERC)


   This document describes a solution framework for ensuring that media
   confidentiality and integrity are maintained end to end within the
   context of a switched conferencing environment where Media
   Distributors are not trusted with the end-to-end media encryption
   keys.  The solution builds upon existing security mechanisms defined
   for the Real-time Transport Protocol (RTP).

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at

Copyright Notice

   Copyright (c) 2021 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (https://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction
   2.  Conventions Used in This Document
   3.  PERC Entities and Trust Model
     3.1.  Untrusted Entities
       3.1.1.  Media Distributor
       3.1.2.  Call Processing
     3.2.  Trusted Entities
       3.2.1.  Endpoint
       3.2.2.  Key Distributor
   4.  Framework for PERC
     4.1.  E2E-Authenticated and HBH-Authenticated Encryption
     4.2.  E2E Key Confidentiality
     4.3.  E2E Keys and Endpoint Operations
     4.4.  HBH Keys and Per-Hop Operations
     4.5.  Key Exchange
       4.5.1.  Initial Key Exchange and Key Distributor
       4.5.2.  Key Exchange during a Conference
   5.  Authentication
     5.1.  Identity Assertions
     5.2.  Certificate Fingerprints in Session Signaling
     5.3.  Conference Identification
   6.  PERC Keys
     6.1.  Key Inventory and Management Considerations
     6.2.  DTLS-SRTP Exchange Yields HBH Keys
     6.3.  The Key Distributor Transmits the KEK (EKT Key)
     6.4.  Endpoints Fabricate an SRTP Master Key
     6.5.  Summary of Key Types and Entity Possession
   7.  Encrypted Media Packet Format
   8.  Security Considerations
     8.1.  Third-Party Attacks
     8.2.  Media Distributor Attacks
       8.2.1.  Denial of Service
       8.2.2.  Replay Attacks
       8.2.3.  Delayed Playout Attacks
       8.2.4.  Splicing Attacks
       8.2.5.  RTCP Attacks
     8.3.  Key Distributor Attacks
     8.4.  Endpoint Attacks
   9.  IANA Considerations
   10. References
     10.1.  Normative References
     10.2.  Informative References
   Authors' Addresses

1.  Introduction

   Switched conferencing is an increasingly popular model for multimedia
   conferences with multiple participants using a combination of audio,
   video, text, and other media types.  With this model, real-time media
   flows from conference participants are not mixed, transcoded,
   translated, recomposed, or otherwise manipulated by a Media
   Distributor, as might be the case with a traditional media server or
   Multipoint Control Unit (MCU).  Instead, media flows transmitted by
   conference participants are simply forwarded by Media Distributors to
   each of the other participants.  Media Distributors often forward
   only a subset of flows based on voice activity detection or other
   criteria.  In some instances, Media Distributors may make limited
   modifications to RTP headers [RFC3550], for example, but the actual
   media content (e.g., voice or video data) is unaltered.

   An advantage of switched conferencing is that Media Distributors can
   be more easily deployed on general-purpose computing hardware,
   including virtualized environments in private and public clouds.
   Virtualized public cloud environments have been viewed as less
Show full document text