Session Date/Time: 27 Mar 2023 06:30

sframe

Summary

This sframe working group meeting focused on resolving open issues on the sframe draft to enable a working group last call. The meeting involved a detailed review of open GitHub issues, discussing potential resolutions, and assigning action items to the editors. Key topics included stream definitions, key management, replay protection, Rt integration, and metadata handling.

Key Discussion Points

Issue #100: Stream Definition: Debate on whether to include a stream definition in the document. The consensus leaned toward not defining a new stream construct within sframe itself, but requiring applications to specify key usage context.
Key Management: Discussion about specifying application requirements for key management, including key rotation and security properties.
Issue #97: Out of Scope Key Management: Clarifying the boundaries of key management responsibilities.
Issue #96: Rt Specifics: Agreement to audit the document and ensure Rt mentions are primarily examples, maintaining the document's generality. Testing implementation over webrtc data channel.
Overhead Analysis (PR): A pull request redoing overhead analysis was flagged for review.
Issue #76: Replay Protection: Extensive discussion on replay protection, considering scope, potential timing oracles, and transport layer protections. A proposal emerged to note the security trade-offs and allow applications to implement replay windows (timer-based or counter-based) if needed, without mandating a specific mechanism.
Issue #70: Adoption Call Feedback: Identified as needing individual issue breakouts.
Issue #17: Authenticated Metadata: Debate on the necessity of an authenticated metadata field. There were concerns about potential misuse and the need for application-level agreement on metadata content. There was a resolution keep the field but provide warnings in the spec text.
Issue #3: Var Structure: Consideration of using quick varints. This was rejected.

Decisions and Action Items

Issue #100 (Stream Definition): Editors to clarify application requirements for key usage. Action: Richard, Sergio
Issue #97 (Out of Scope Key Management): Document security properties achieved with specific key rotation practices. Action: Richard, Sergio
Issue #96 (Rt Specifics): Audit and remove non-essential Rt references. Editors also encouraged to test the code with webrtc data channels and to keep two flavors of implementation. Action: Richard, Sergio
Overhead Analysis (PR): Review and provide feedback on the pull request. Action: Justin (reminder needed)
Issue #76 (Replay Protection): Editors to document the security trade-offs and allow applications to implement replay windows (timer-based or counter-based) if needed, without mandating a specific mechanism. Action: Richard, Sergio
Issue #70 (Adoption Call Feedback): Break out into individual issues. Action: TBD (assigned to in absentia)
Issue #17 (Authenticated Metadata): Keep the authenticated metadata feature, add text describing what the application has to do, and confirm necessity during WG Last Call. Action: Richard, Sergio, Yu
Issue #3 (Var Structure): Close the issue. Action: Richard, Sergio
Key Retry: It has to have a retry mechanism, it has to clear signal of retry. It also can not be marked as a replay. Action: Richard, Sergio
Key Structure Leakage: Document the leakage of the sections, if application is concerned then they can use another approach. Action: Martin
Editors: Richard, Sergio

Next Steps

The editors will address the action items and prepare a revised draft.
A virtual interim meeting will be scheduled in about a month, with a poll for times. The meeting will be canceled if the editors provide a satisfactory draft before then.
Continue to nail the punch list the application has to fill out