Richards, Thanks for the explanation.
The third paragraph of the Intro section says: The Secure Real-Time Protocol (SRTP) is already widely used for HBH encryption [RFC3711]. The SRTP "double encryption" scheme defines a way to do E2E encryption in SRTP [RFC8723]. Unfortunately, this scheme has poor efficiency and high complexity, and its entanglement with RTP makes it unworkable in several realistic SFU scenarios. Is Secure Frame intended for fixing the poor efficiency and high complexity of SRTP? The SRTP used for HBH requires the SFU to perform the decryption, correct? Can Secure Frame use the SRTP? Thank you, Linda From: Richard Barnes <[email protected]> Sent: Wednesday, April 3, 2024 7:44 AM To: Linda Dunbar <[email protected]> Cc: [email protected]; [email protected]; [email protected]; [email protected] Subject: Re: Genart last call review of draft-ietf-sframe-enc-07 Hi Linda, Secure Frames are *not* decrypted by the SFU. The outer HBH encryption is decrypted by the SFU, but the point of the E2E encryption is that the SFU does not have the keys. The document does not claim to save on SFU processing. For a switching SFU, the processing should be roughly the same with or without SFrame. --Richard On Sat, Mar 30, 2024 at 9:23 AM Linda Dunbar via Datatracker <[email protected]<mailto:[email protected]>> wrote: Reviewer: Linda Dunbar Review result: Ready I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please treat these comments just like any other last call comments. For more information, please see the FAQ at <https://wiki.ietf.org/en/group/gen/GenArtFAQ>. Document: draft-ietf-sframe-enc-?? Reviewer: Linda Dunbar Review Date: 2024-03-30 IETF LC End Date: 2024-02-15 IESG Telechat date: 2024-04-04 Summary: This document describes the Secure Frame (SFrame) end-to-end encryption and authentication mechanism for media frames. Question: As the Secure Frames are decrypted by the SFU, why it is less processing than the Hop-by-hop encryption between endpoint and SFU? Thank you, Linda
_______________________________________________ Gen-art mailing list [email protected] https://www.ietf.org/mailman/listinfo/gen-art
