- From: Sergio Garcia Murillo via GitHub <sysbot+gh@w3.org>
- Date: Thu, 14 May 2020 17:17:22 +0000
- To: public-webrtc-logs@w3.org
Forward and Post-Compromise Security requires that the e2ee keys are updated anytime a participant joins/leave the call. https://tools.ietf.org/html/draft-ietf-mls-architecture-04#section-3.2.2.1 The key exchange happens async and on a different path than the webrtc signaling and media (by definition). So it may happen that when a new participant joins the SFU side request a key frame and the sender generates the e2ee encrypted frame with a key not known by the receiver, so it will be discarded. When the sender updates his sending key with the new key, it will send it in a non-key frame frame, so the receiver will be able to decrypt it, but not decode it. Receiver will re-request an key frame then, but due to sender and sfu policies, that new key frame could take some time to be generated. It the sender sends a key frame when the new e2ee key is in use, the time required for the new participant to display the video is minimized. Also, there are several optimizations (specially on authenticating and signing) that can be done on key frames, so it is always interesting to be able to control the key frame generation from the e2ee side. Hope it is clearer now. -- GitHub Notification of comment by murillo128 Please view or discuss this issue at https://github.com/w3c/webrtc-extensions/pull/37#issuecomment-628774128 using your GitHub account
Received on Thursday, 14 May 2020 17:17:24 UTC