Technical Summary
This document describes the Secure Frame (SFrame) end-to-end
encryption and authentication mechanism for media frames in a
multiparty conference call, in which central media servers (selective
forwarding units or SFUs) can access the media metadata needed to
make forwarding decisions without having access to the actual media.
The proposed mechanism differs from the Secure Real-Time Protocol
(SRTP) in that it is independent of RTP (thus compatible with non-RTP
media transport) and can be applied to whole media frames in order to
be more bandwidth efficient.
Working Group Summary
This document is the input document that caused the formation of the SFrame
working group. It is substantially the same as that original input on a
technical level, though many aspects of that design have been tested in the
working group. The editorial quality is significantly improved and more robust
security and deployment considerations are now present. The one major addition
was the inclusion of a concrete usage of MLS for key management, which was
originally in a separate draft.
This work spent a long time without a lot activity, interspersed with short
bursts of high productivity. The WG chairs believe that sufficient input has
been received despite this.
Document Quality
Implementations and deployments exist. Test vectors are included and are
produced and checked by an automated system.
This document includes a very straightforward integration of AEAD and HKDF.
Careful security review from outside of the working group will be helpful, but
this shepherd believes that this has a low risk profile due to the extreme lack
of novelty. There is no formal analysis.
Personnel
The Document Shepherd for this document is Martin Thomson. The
Responsible Area Director is Murray Kucherawy.