IETF Logo Mail Archive

Re: [AVT] FW: New Version Notification fordraft-begen-avt-rtp-cnames-01

"Ali C. Begen (abegen)" <abegen@cisco.com> Thu, 20 May 2010 13:03 UTC

Return-Path: <abegen@cisco.com>
X-Original-To: avt@core3.amsl.com
Delivered-To: avt@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7ADF93A693C for <avt@core3.amsl.com>; Thu, 20 May 2010 06:03:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.231
X-Spam-Level:
X-Spam-Status: No, score=-10.231 tagged_above=-999 required=5 tests=[AWL=0.368, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pEzyhxHxoomT for <avt@core3.amsl.com>; Thu, 20 May 2010 06:03:14 -0700 (PDT)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id 5C5673A6BF3 for <avt@ietf.org>; Thu, 20 May 2010 06:02:56 -0700 (PDT)
Authentication-Results: sj-iport-4.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAKfP9EurRN+K/2dsb2JhbACeCHGjNJlRgnYBC4IQBINA
X-IronPort-AV: E=Sophos;i="4.53,271,1272844800"; d="scan'208";a="132400287"
Received: from sj-core-4.cisco.com ([171.68.223.138]) by sj-iport-4.cisco.com with ESMTP; 20 May 2010 13:02:49 +0000
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-4.cisco.com (8.13.8/8.14.3) with ESMTP id o4KD2n0G016074; Thu, 20 May 2010 13:02:49 GMT
Received: from xmb-sjc-215.amer.cisco.com ([171.70.151.169]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 20 May 2010 06:02:49 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 20 May 2010 06:03:03 -0700
Message-ID: <04CAD96D4C5A3D48B1919248A8FE0D540C2626F6@xmb-sjc-215.amer.cisco.com>
In-Reply-To: <01fc01caf7ea$ebdcbb40$c39631c0$%roni@huawei.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [AVT] FW: New Version Notification fordraft-begen-avt-rtp-cnames-01
Thread-Index: AcrsX4HHCnbPB7dpQ0+55RZub3M3ZgAAGcuQAqCX8hAAQSpLcAANLPIA
References: <04CAD96D4C5A3D48B1919248A8FE0D540C044FF3@xmb-sjc-215.amer.cisco.com> <046601caf6e7$633c3990$c4f0200a@cisco.com> <01fc01caf7ea$ebdcbb40$c39631c0$%roni@huawei.com>
From: "Ali C. Begen (abegen)" <abegen@cisco.com>
To: Roni Even <Even.roni@huawei.com>, "Dan Wing (dwing)" <dwing@cisco.com>, avt@ietf.org
X-OriginalArrivalTime: 20 May 2010 13:02:49.0674 (UTC) FILETIME=[BFF4BAA0:01CAF81C]
Cc: draft-begen-avt-rtp-cnames@tools.ietf.org
Subject: Re: [AVT] FW: New Version Notification fordraft-begen-avt-rtp-cnames-01
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 May 2010 13:03:15 -0000

> -----Original Message-----
> From: Roni Even [mailto:Even.roni@huawei.com]
> Sent: Thursday, May 20, 2010 3:06 AM
> To: Dan Wing (dwing); Ali C. Begen (abegen); avt@ietf.org
> Cc: draft-begen-avt-rtp-cnames@tools.ietf.org
> Subject: RE: [AVT] FW: New Version Notification fordraft-begen-avt-rtp-cnames-01
> 
> Hi,
> 
> >
> > * Question: Are there any ideas on the table for generating a unique
> > identifier that wouldn't be useful for traffic analysis?  That is, a
> > unique
> > identifier that is generated on each call?  For example, a BASE64-
> > encoded
> > SHA1-HMAC of one of the three pieces of information currently suggested
> > in the
> > memo (IPv6 address, unique FQDN, UUID), where the 'secret' is changed
> > for
> > every new RTP session?  This seems it could eliminate traffic analysis
> > concerns.
> >
> 
> RFC 3550 says that one of the usage of RTCP is for monitoring and "To
> facilitate third-party monitoring, the CNAME SHOULD be suitable for either a
> program or a person to locate the source."

What does "locate the source" imply?

We also saw this text the other day and actually I wanna understand this a bit more. The concern Dan is raising is valid in my opinion. The current 3 methods we have in the draft are sticky. If one uses the same CNAME in totally irrelevant RTP sessions, a monitoring agent can still infer that those users are the same person. For several reasons, this is not a good thing. That's why I am inclined to include Dan's suggestion (e.g., hashing) as the 4th method for those who want to take that option. We will also mention this risk in the sec. section.
 
> 
> Other comments
> 
> 1. For the UUID I assume the proposal is to use the string representation of
> the UUID maybe as a URN.

This is the second issue and let's have WG's input on this. Do we need ascii CNAMEs or not? Does it everything need to be encoded in base64?
 
> 2. As for the structure of CNAME, section 6.5.1 of RFC 3550 has the cname
> composed of user and domain name. it also says that
> "The user name SHOULD be in a form that a program such as "finger" or "talk"
> could use, i.e., it typically is the login name rather than the personal
> name.  The host name is not necessarily identical to the one in the
> participant's electronic mail address. "
> Maybe this document should recommend how to create a unique host part of the
> CNAME and not the whole CNAME.

If the host part is unique, why would we still need user@host?
 
Thanks for bringing these up. Let's reach an agreement and we will submit a revision accordingly.

-acbegen

> Regards
> Roni Even
> 
>

v2.23.0 | Report a Bug | By Email