Re: [BEHAVE] AD comments on draft-ietf-behave-turn-tcp-05
Simon Perreault <simon.perreault@viagenie.ca> Mon, 25 January 2010 03:34 UTC
Return-Path: <simon.perreault@viagenie.ca>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8FF833A6910 for <behave@core3.amsl.com>; Sun, 24 Jan 2010 19:34:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7JjYtWR8MYJA for <behave@core3.amsl.com>; Sun, 24 Jan 2010 19:34:32 -0800 (PST)
Received: from jazz.viagenie.ca (jazz.viagenie.ca [206.123.31.2]) by core3.amsl.com (Postfix) with ESMTP id 738913A62C1 for <behave@ietf.org>; Sun, 24 Jan 2010 19:34:32 -0800 (PST)
Received: from banana.viagenie.ca (unknown [IPv6:2001:200:182:2000:92e6:baff:fe57:8a72]) by jazz.viagenie.ca (Postfix) with ESMTPSA id 5552920E30; Sun, 24 Jan 2010 22:34:34 -0500 (EST)
Message-ID: <4B5D1146.1040302@viagenie.ca>
Date: Mon, 25 Jan 2010 12:34:30 +0900
From: Simon Perreault <simon.perreault@viagenie.ca>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Thunderbird/3.0
MIME-Version: 1.0
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
References: <4B59CC9C.9030508@ericsson.com>
In-Reply-To: <4B59CC9C.9030508@ericsson.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: draft-ietf-behave-turn-tcp@tools.ietf.org, Behave WG <behave@ietf.org>
Subject: Re: [BEHAVE] AD comments on draft-ietf-behave-turn-tcp-05
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Jan 2010 03:34:33 -0000
Magnus Westerlund wrote, on 23/01/10 01:04 AM: > 1. Section 3.4 and 5.2, if the Turn server takes time to complete the > Connect request, can additional connect or other TURN requests be issued > with one connect request outstanding? Yes. As with any other STUN/TURN request, processing multiple requests in parallel is allowed. The Connect request is special in that its processing involves reaching across the Internet, but this is orthogonal. Do you think it need to be mentioned explicitly? > 2. Section 5.2: Any consideration for timeout for the TCP connection > attempt from the server? Is that purely a server implementation choice? > Some minimal value the client can expect? Maybe a option to specify a > timeout for the client would be appropriate here? Good thinking, thanks. However, there are many other timeouts involved in the TCP state machine. I don't expect the client to have control over all of them. Is the connection timeout important enough to give control over it to the client? I don't think client control over TCP timeouts is important given the expected use cases for TURN. The upper limit of the connection timeout can already be controlled by clients. They can just close their connection to the server when it starts taking too long. (Does this need to be mentioned explicitly?) For the lower limit, how about mentioning that servers MUST ensure at least 10 seconds before connection timeout? > 3. Section 5.2: Why is the initial data buffered? Isn't it better to not > read from the socket until its peer TCP connection is available. That > way the stream will not advance until the data can be forwarded. Whether data is buffered in kernel or user space is irrelevant from the point of view of the protocol. It's an implementation detail. > 4. Section 5.3, shouldn't the connection attempt be checked against the > permissions before being accepted? Yes and no. The server needs to check permissions. This is an omission in section 5.3. It is a big error that needs to be fixed. Thanks for noticing it. However, the permission check needs to happen after the connection is accepted but before the ConnectionAttempt indication is sent to the client. This is so because a user-space implementation cannot know the identity of the peer before calling accept(). So we accept the connection, then drop it if it fails the permission check. (I recall explaining this on behave@ietf.org, so I wonder why this text isn't already in the draft...) > 5. Section 5.5, what about data sent to the server? I assume that the > peer expects that data is sent prior to closing the server to client > connection. Yes. In all three cases in section 5.5, the server needs to ensure that the connection it is about to close is flushed. I will add text to this effect. Thanks for noticing this. > 6. Section 6.4 and 6.5 I expect to be section 7 and 8. Yes. > I will expect a revised ID. I will produce one based on the output of this discussion. Thanks, Simon -- DNS64 open-source --> http://ecdysis.viagenie.ca STUN/TURN server --> http://numb.viagenie.ca vCard 4.0 --> http://www.vcarddav.org
- [BEHAVE] AD comments on draft-ietf-behave-turn-tc… Magnus Westerlund
- Re: [BEHAVE] AD comments on draft-ietf-behave-tur… Simon Perreault
- Re: [BEHAVE] AD comments on draft-ietf-behave-tur… Magnus Westerlund
- Re: [BEHAVE] AD comments on draft-ietf-behave-tur… Simon Perreault
- Re: [BEHAVE] AD comments on draft-ietf-behave-tur… Magnus Westerlund