IETF Logo Mail Archive

Re: [AVT] FW: New Version Notification fordraft-begen-avt-rtp-cnames-01

Colin Perkins <csp@csperkins.org> Thu, 20 May 2010 22:09 UTC

Return-Path: <csp@csperkins.org>
X-Original-To: avt@core3.amsl.com
Delivered-To: avt@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 690D83A6885 for <avt@core3.amsl.com>; Thu, 20 May 2010 15:09:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.855
X-Spam-Level:
X-Spam-Status: No, score=-2.855 tagged_above=-999 required=5 tests=[AWL=-0.745, BAYES_05=-1.11, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L91Zsjks1kfH for <avt@core3.amsl.com>; Thu, 20 May 2010 15:09:42 -0700 (PDT)
Received: from anchor-msapost-1.mail.demon.net (anchor-msapost-1.mail.demon.net [195.173.77.164]) by core3.amsl.com (Postfix) with ESMTP id F0D7C3A681B for <avt@ietf.org>; Thu, 20 May 2010 15:09:41 -0700 (PDT)
Received: from starkperkins.demon.co.uk ([80.176.158.71] helo=[192.168.0.14]) by anchor-post-1.mail.demon.net with esmtpsa (AUTH csperkins-dwh) (TLSv1:AES128-SHA:128) (Exim 4.69) id 1OFDvq-0006nR-iX; Thu, 20 May 2010 22:09:35 +0000
Message-Id: <1AA6DFF9-FA5E-4D2D-A2F0-9CB89143B662@csperkins.org>
From: Colin Perkins <csp@csperkins.org>
To: "Ali C. Begen" <abegen@cisco.com>
In-Reply-To: <04CAD96D4C5A3D48B1919248A8FE0D540C2626F6@xmb-sjc-215.amer.cisco.com>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Thu, 20 May 2010 23:09:32 +0100
References: <04CAD96D4C5A3D48B1919248A8FE0D540C044FF3@xmb-sjc-215.amer.cisco.com> <046601caf6e7$633c3990$c4f0200a@cisco.com> <01fc01caf7ea$ebdcbb40$c39631c0$%roni@huawei.com> <04CAD96D4C5A3D48B1919248A8FE0D540C2626F6@xmb-sjc-215.amer.cisco.com>
X-Mailer: Apple Mail (2.936)
Cc: draft-begen-avt-rtp-cnames@tools.ietf.org, "Dan Wing (dwing)" <dwing@cisco.com>, Roni Even <Even.roni@huawei.com>, avt@ietf.org
Subject: Re: [AVT] FW: New Version Notification fordraft-begen-avt-rtp-cnames-01
X-BeenThere: avt@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Audio/Video Transport Working Group <avt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/avt>
List-Post: <mailto:avt@ietf.org>
List-Help: <mailto:avt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/avt>, <mailto:avt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 May 2010 22:09:43 -0000

On 20 May 2010, at 14:03, Ali C. Begen (abegen) wrote:
>> -----Original Message-----
>> From: Roni Even [mailto:Even.roni@huawei.com]
>> Sent: Thursday, May 20, 2010 3:06 AM
>> To: Dan Wing (dwing); Ali C. Begen (abegen); avt@ietf.org
>> Cc: draft-begen-avt-rtp-cnames@tools.ietf.org
>> Subject: RE: [AVT] FW: New Version Notification fordraft-begen-avt- 
>> rtp-cnames-01
>>
>> Hi,
>>
>>>
>>> * Question: Are there any ideas on the table for generating a  
>>> unique identifier that wouldn't be useful for traffic analysis?  
>>> That is, a unique identifier that is generated on each call?  For  
>>> example, a BASE64-encoded SHA1-HMAC of one of the three pieces of  
>>> information currently suggested in the memo (IPv6 address, unique  
>>> FQDN, UUID), where the 'secret' is changed for every new RTP  
>>> session?  This seems it could eliminate traffic analysis concerns.
>>
>> RFC 3550 says that one of the usage of RTCP is for monitoring and  
>> "To facilitate third-party monitoring, the CNAME SHOULD be suitable  
>> for either a program or a person to locate the source."
>
> What does "locate the source" imply?
>
> We also saw this text the other day and actually I wanna understand  
> this a bit more. The concern Dan is raising is valid in my opinion.  
> The current 3 methods we have in the draft are sticky. If one uses  
> the same CNAME in totally irrelevant RTP sessions, a monitoring  
> agent can still infer that those users are the same person. For  
> several reasons, this is not a good thing. That's why I am inclined  
> to include Dan's suggestion (e.g., hashing) as the 4th method for  
> those who want to take that option. We will also mention this risk  
> in the sec. section.

Being able to infer that disparate RTP sessions involve the same end  
point can be useful for network management purposes. I understand the  
desire for opaque, per-session, unique identifiers as an option, but  
there are legitimate use-cases for persistent, identifiable, CNAMES.

>> Other comments
>>
>> 1. For the UUID I assume the proposal is to use the string  
>> representation of the UUID maybe as a URN.
>
> This is the second issue and let's have WG's input on this. Do we  
> need ascii CNAMEs or not? Does it everything need to be encoded in  
> base64?

It needs to be UTF-8 format text [RFC 3550, top of page 46].

>> 2. As for the structure of CNAME, section 6.5.1 of RFC 3550 has the  
>> cname composed of user and domain name. it also says that "The user  
>> name SHOULD be in a form that a program such as "finger" or "talk"  
>> could use, i.e., it typically is the login name rather than the  
>> personal name.  The host name is not necessarily identical to the  
>> one in the participant's electronic mail address. " Maybe this  
>> document should recommend how to create a unique host part of the  
>> CNAME and not the whole CNAME.
>
> If the host part is unique, why would we still need user@host?

Multi-user hosts still exist.

> Thanks for bringing these up. Let's reach an agreement and we will  
> submit a revision accordingly.
>
> -acbegen
>
>> Regards
>> Roni Even
>>
>>
>
> _______________________________________________
> Audio/Video Transport Working Group
> avt@ietf.org
> https://www.ietf.org/mailman/listinfo/avt



-- 
Colin Perkins
http://csperkins.org/

v2.23.0 | Report a Bug | By Email