Re: [AVT] FW: New Version Notification for draft-begen-avt-rtp-cnames-01
"Dan Wing" <dwing@cisco.com> Wed, 19 May 2010 00:08 UTC
Return-Path: <dwing@cisco.com>
X-Original-To: avt@core3.amsl.com
Delivered-To: avt@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 227DF3A68ED for <avt@core3.amsl.com>; Tue, 18 May 2010 17:08:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.925
X-Spam-Level:
X-Spam-Status: No, score=-8.925 tagged_above=-999 required=5 tests=[AWL=-0.926, BAYES_50=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I7CFiMPtJwQj for <avt@core3.amsl.com>; Tue, 18 May 2010 17:08:26 -0700 (PDT)
Received: from sj-iport-4.cisco.com (sj-iport-4.cisco.com [171.68.10.86]) by core3.amsl.com (Postfix) with ESMTP id E86DF3A6817 for <avt@ietf.org>; Tue, 18 May 2010 17:08:26 -0700 (PDT)
Authentication-Results: sj-iport-4.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-AV: E=Sophos;i="4.53,258,1272844800"; d="scan'208";a="131504123"
Received: from sj-core-1.cisco.com ([171.71.177.237]) by sj-iport-4.cisco.com with ESMTP; 19 May 2010 00:08:19 +0000
Received: from dwingwxp01 ([10.32.240.196]) by sj-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o4J08J7R010557; Wed, 19 May 2010 00:08:19 GMT
From: Dan Wing <dwing@cisco.com>
To: "'Ali C. Begen (abegen)'" <abegen@cisco.com>, avt@ietf.org
References: <04CAD96D4C5A3D48B1919248A8FE0D540C044FF3@xmb-sjc-215.amer.cisco.com>
Date: Tue, 18 May 2010 17:08:19 -0700
Message-ID: <046601caf6e7$633c3990$c4f0200a@cisco.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <04CAD96D4C5A3D48B1919248A8FE0D540C044FF3@xmb-sjc-215.amer.cisco.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3350
Thread-Index: AcrsX4HHCnbPB7dpQ0+55RZub3M3ZgAAGcuQAqCX8hA=
Cc: draft-begen-avt-rtp-cnames@tools.ietf.org
Subject: Re: [AVT] FW: New Version Notification for draft-begen-avt-rtp-cnames-01
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 May 2010 00:08:28 -0000
> Here is the new version of the CNAME draft. > > http://www.ietf.org/id/draft-begen-avt-rtp-cnames-01.txt > > We took the comments into consideration. Hopefully, the text > is almost complete now. Feedback is welcome. I support this becoming an AVT WG document. This resolves some long-standing concerns I have had with RFC3550's suggestions around CNAMEs. My two large-ish issues with the draft: 1. FQDNs are not necessarily unique, but the draft assumes they are. For example, 'home.comcast.net' is probably a very common FQDN for Comcast customers. 2. The three current recommendations (IPv6 address, FQDN, UUID) all expose information about the RTP host, which provides additional information for traffic analysis. We might consider suggesting something more robust against traffic analysis, which changes for every RTP session, and which does not use an identifier (e.g., IPv6 address) that can be correlated with the endpoint. Detail: * Abstract should remove citations to RFC3550, because for style reasons the RFC Editor will remove that prior to publication. * Section 1, Change reference from [I-D.miles-behave-l2nat] to RFC3022. * Section 1 reads: [RFC3550] suggests that such applications provide a configuration option to allow the user to choose a unique CNAME, and puts the burden on the translator to translate CNAMEs from private addresses to public addresses if necessary to keep private addresses from being exposed. Experience has shown that this does not work well in practice. it is true that RFC3550 mentions CNAME "addresses" should be "translated". But CNAMEs might, or might not, contain an address. If RFC3550 had recommended any sort of CNAME translation, it should not have used the word 'address'; rather, it should have just said 'translate'. As an example, and something else that should also be discussed in the Introduction, is that hosts are often given simple names ("host" or "home" or "home-pc") and can use the default domain name assigned by their ISP (a real example is comcast.net; an example for the I-D would of course be example.net). Thus, ignoring NAT and RFC1918 addresses and everything for just a moment, and thinking about some IPv6 nirvana, a RTP endpoint that uses a FQDN such as "home-pc.comcast.net" is *also* not going to have a unique CNAME. So, please add FQDN collisions as another example in the Introduction. * Section 3, "Choice of RTCP CNAME in Private Networks" I don't like the title. The introduction already dissuaded readers from thinking this was a problem solely with RFC1918 addresses. * Section 3, It is a difficult task for a host to determine whether it resides behind a NAT without the help of an external mechanism such as STUN [RFC5389]. Actually, it can be impossible, because "I am behind a NAT" is not a binary answer. Rather, it depends on the path to the RTP peer if I am "behind a NAT". For example, when communicating between two hosts in my house. I would rather that sentence above be rewritten to say: It is difficult, and in some cases impossible, for a host to determine if there is a NAT between itself and its RTP peer. and don't mention STUN at all. * Section 3 recommends against IP address. It should say "IPv4" (rather than "IP"). * Section 3, which IPv6 address should be used? Maybe recommend using the IPv6 privacy address [RFC4941], if present? * Section 3, I found the word "order" in the following paragraph confusing: This memo does not mandate a specific order in which these methods should be practiced. A specific order would be only needed if an RTP endpoint was expected to be comprised of multiple programs that independently needed to choose the same CNAME. Since this is not a common implementation technique, a specific order is not needed. How about saying, instead, "Each of the techniques is equally effective, and an implementation can choose which to use." As for the need to pick a single CNAME if there are disconnected bits and pieces of RTP; do we need to mention that? Seems like an implementation detail. If you want to mention it, I suggest doing so in a separate paragraph and/or section. * Section 4, Security Considerations: The security considerations of [RFC3550] apply to this document as well. and RFC3550's Security Considerations says only this about CNAMEs: Within RTCP, the CNAME and NAME information may be used to impersonate another participant. The recommendations in draft-begen-avt-rtp-cnames create some additional security exposure, specifically the ability for an on-path sniffer to examine RTCP messages and get the unique identifier of the RTP endpoint (IPv6 address, MAC address, or UUID) and correlate RTP traffic to/from different endpoints. As SRTP (RFC3711) recommends that SRTCP be only authenticated (not encrypted), the normal SRTP operation will continue to expose that same information. Here is a suggestion to get that started: Following the recommendations of this memo provides additional information in RTCP which is useful for traffic analysis. The recommended default encryption mode for SRTCP [RFC3711] uses authentication (without encryption), so if traffic analysis is a concern the SRTCP payloads should be encrypted. * Question: Are there any ideas on the table for generating a unique identifier that wouldn't be useful for traffic analysis? That is, a unique identifier that is generated on each call? For example, a BASE64-encoded SHA1-HMAC of one of the three pieces of information currently suggested in the memo (IPv6 address, unique FQDN, UUID), where the 'secret' is changed for every new RTP session? This seems it could eliminate traffic analysis concerns. -d
- [AVT] FW: New Version Notification for draft-bege… Ali C. Begen (abegen)
- Re: [AVT] FW: New Version Notification for draft-… Dan Wing
- Re: [AVT] FW: New Version Notification for draft-… Ali C. Begen (abegen)
- Re: [AVT] FW: New Version Notification for draft-… Dan Wing
- Re: [AVT] FW: New Version Notification for draft-… Ali C. Begen (abegen)
- Re: [AVT] FW: New Version Notification for draft-… Roni Even
- Re: [AVT] FW: New Version Notification fordraft-b… Ali C. Begen (abegen)
- Re: [AVT] FW: New Version Notification fordraft-b… Colin Perkins
- Re: [AVT] FW: New Version Notificationfor draft-b… Dan Wing
- Re: [AVT] FW: New Version Notificationfor draft-b… Ali C. Begen (abegen)
- Re: [AVT] FW: New Version Notification for draft-… Peter Musgrave
- Re: [AVT] FW: New Version Notification for draft-… Ali C. Begen (abegen)
- Re: [AVT] FW: New Version Notification for draft-… Peter Musgrave
- Re: [AVT] FW: New Version Notification for draft-… Ali C. Begen (abegen)