**Session Date/Time:** 27 Mar 2023 06:30 # sframe ## Summary This sframe working group meeting focused on resolving open issues on the sframe draft to enable a working group last call. The meeting involved a detailed review of open GitHub issues, discussing potential resolutions, and assigning action items to the editors. Key topics included stream definitions, key management, replay protection, Rt integration, and metadata handling. ## Key Discussion Points * **Issue #100: Stream Definition:** Debate on whether to include a stream definition in the document. The consensus leaned toward not defining a new stream construct within sframe itself, but requiring applications to specify key usage context. * **Key Management:** Discussion about specifying application requirements for key management, including key rotation and security properties. * **Issue #97: Out of Scope Key Management:** Clarifying the boundaries of key management responsibilities. * **Issue #96: Rt Specifics:** Agreement to audit the document and ensure Rt mentions are primarily examples, maintaining the document's generality. Testing implementation over webrtc data channel. * **Overhead Analysis (PR):** A pull request redoing overhead analysis was flagged for review. * **Issue #76: Replay Protection:** Extensive discussion on replay protection, considering scope, potential timing oracles, and transport layer protections. A proposal emerged to note the security trade-offs and allow applications to implement replay windows (timer-based or counter-based) if needed, without mandating a specific mechanism. * **Issue #70: Adoption Call Feedback:** Identified as needing individual issue breakouts. * **Issue #17: Authenticated Metadata:** Debate on the necessity of an authenticated metadata field. There were concerns about potential misuse and the need for application-level agreement on metadata content. There was a resolution keep the field but provide warnings in the spec text. * **Issue #3: Var Structure:** Consideration of using quick varints. This was rejected. ## Decisions and Action Items * **Issue #100 (Stream Definition):** Editors to clarify application requirements for key usage. Action: Richard, Sergio * **Issue #97 (Out of Scope Key Management):** Document security properties achieved with specific key rotation practices. Action: Richard, Sergio * **Issue #96 (Rt Specifics):** Audit and remove non-essential Rt references. Editors also encouraged to test the code with webrtc data channels and to keep two flavors of implementation. Action: Richard, Sergio * **Overhead Analysis (PR):** Review and provide feedback on the pull request. Action: Justin (reminder needed) * **Issue #76 (Replay Protection):** Editors to document the security trade-offs and allow applications to implement replay windows (timer-based or counter-based) if needed, without mandating a specific mechanism. Action: Richard, Sergio * **Issue #70 (Adoption Call Feedback):** Break out into individual issues. Action: TBD (assigned to in absentia) * **Issue #17 (Authenticated Metadata):** Keep the authenticated metadata feature, add text describing what the application has to do, and confirm necessity during WG Last Call. Action: Richard, Sergio, Yu * **Issue #3 (Var Structure):** Close the issue. Action: Richard, Sergio * **Key Retry:** It has to have a retry mechanism, it has to clear signal of retry. It also can not be marked as a replay. Action: Richard, Sergio * **Key Structure Leakage:** Document the leakage of the sections, if application is concerned then they can use another approach. Action: Martin * **Editors:** Richard, Sergio ## Next Steps * The editors will address the action items and prepare a revised draft. * A virtual interim meeting will be scheduled in about a month, with a poll for times. The meeting will be canceled if the editors provide a satisfactory draft before then. * Continue to nail the punch list the application has to fill out