Consider making some of the private headers public

[sorenstoutner]

I work on packaging Chromium (and Qt WebEngine) in Debian. One of my projects is to get to the stage where Chromium can be built using a system copy of libsrtp instead of the version that is included in the Chromium codebase. Doing so has positive security implications because an update to the system copy of libsrtp can fix a security problem in all instances of the Chromium and derivitive packages in Debian.

The blocker for doing so is that Chromium utilizes some of the private headers in the libsrtp package. This is discussed in the following Chromium issue:

https://issues.chromium.org/issues/40272799

Unfortunately, this issue is currently marked private. I have made a request for the visibility to be opened up, but in the meantime I don't think anyone would mind me quoting this section:

The include from webrtc/pc/srtp_session.c seems harder to remove. It's used in GetRtpAuthParams and GetSendStreamPacketIndex with calls originating from sending packets with external auth. I haven't followed this codepath, but I believe the external auth is used for things like the abs-send-time header extension where chrome needs to update the header extensions close to the socket and then reapply the authentication.

The purpose of this feature request is to see how willing the libsrtp developers would be to make the necessary parts of this private header public. Additionally, to understand if there are any negative implications to doing so.

For a little bit of background, see the following bug reports:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866784

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038240