Re: [webrtc-rtptransport] Sequence number: constraints? (#43) from Martin Algesten via GitHub on 2024-06-12 (public-webrtc-logs@w3.org from June 2024)

From: Martin Algesten via GitHub <sysbot+gh@w3.org>
Date: Wed, 12 Jun 2024 15:10:44 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-2163288849-1718205041-sysbot+gh@w3.org>

For fan-out scenarios with encrypt once and decrypt on multiple clients, the start sequence number (or rather ROC), needs to be sent out of band since the extended sequence number is used to derive the IV for SRTP. I think that means that at least the receiving side needs to be able to set the expected sequence number (or ROC).

https://datatracker.ietf.org/doc/html/rfc3711#section-3.3.1

"Receivers joining an on-going session MUST be given the current ROC value…"

> 2\. Is it possible to set the sequence number to a previous (duplicate) value without the ROC having incremented?

Allowing the IV/nonce derived from the sequence number to repeat, would maybe [break encryption](https://frereit.de/aes_gcm/)?




-- 
GitHub Notification of comment by algesten
Please view or discuss this issue at https://github.com/w3c/webrtc-rtptransport/issues/43#issuecomment-2163288849 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Wednesday, 12 June 2024 15:10:45 UTC