Re: [BEHAVE] AD comments on draft-ietf-behave-turn-tcp-05
Magnus Westerlund <magnus.westerlund@ericsson.com> Wed, 03 February 2010 12:53 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4AAFC3A684E for <behave@core3.amsl.com>; Wed, 3 Feb 2010 04:53:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.819
X-Spam-Level:
X-Spam-Status: No, score=-3.819 tagged_above=-999 required=5 tests=[AWL=-1.220, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HpZqPjdKI5x7 for <behave@core3.amsl.com>; Wed, 3 Feb 2010 04:53:04 -0800 (PST)
Received: from mailgw10.se.ericsson.net (mailgw10.se.ericsson.net [193.180.251.61]) by core3.amsl.com (Postfix) with ESMTP id 0272D3A683A for <behave@ietf.org>; Wed, 3 Feb 2010 04:53:03 -0800 (PST)
X-AuditID: c1b4fb3d-b7b85ae00000097d-25-4b6971c9a5f5
Received: from esealmw128.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw10.se.ericsson.net (Symantec Brightmail Gateway) with SMTP id E0.5F.02429.9C1796B4; Wed, 3 Feb 2010 13:53:29 +0100 (CET)
Received: from esealmw126.eemea.ericsson.se ([153.88.254.170]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Wed, 3 Feb 2010 13:52:12 +0100
Received: from [147.214.183.147] ([147.214.183.147]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Wed, 3 Feb 2010 13:52:11 +0100
Message-ID: <4B69717B.1040001@ericsson.com>
Date: Wed, 03 Feb 2010 13:52:11 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
MIME-Version: 1.0
To: Simon Perreault <simon.perreault@viagenie.ca>
References: <4B59CC9C.9030508@ericsson.com> <4B5D1146.1040302@viagenie.ca>
In-Reply-To: <4B5D1146.1040302@viagenie.ca>
X-Enigmail-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-OriginalArrivalTime: 03 Feb 2010 12:52:11.0954 (UTC) FILETIME=[B40EE120:01CAA4CF]
X-Brightmail-Tracker: AAAAAA==
Cc: draft-ietf-behave-turn-tcp@tools.ietf.org, Behave WG <behave@ietf.org>
Subject: Re: [BEHAVE] AD comments on draft-ietf-behave-turn-tcp-05
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Feb 2010 12:53:05 -0000
Hi Simon, Sorry for being tardy in the response. I will be on vacation next week, so a quick turn around on this is appreciated. Simon Perreault skrev 2010-01-25 04:34: > Magnus Westerlund wrote, on 23/01/10 01:04 AM: >> 1. Section 3.4 and 5.2, if the Turn server takes time to complete the >> Connect request, can additional connect or other TURN requests be issued >> with one connect request outstanding? > > Yes. As with any other STUN/TURN request, processing multiple requests in > parallel is allowed. The Connect request is special in that its processing > involves reaching across the Internet, but this is orthogonal. > > Do you think it need to be mentioned explicitly? Maybe, I think there is some point to say yes, but attempting to limit the number of simultanous ones. That might be easiest accomplished by pointing to some existing text around this issue. I can't remember if that is in STUN, TURN or ICE. > >> 2. Section 5.2: Any consideration for timeout for the TCP connection >> attempt from the server? Is that purely a server implementation choice? >> Some minimal value the client can expect? Maybe a option to specify a >> timeout for the client would be appropriate here? > > Good thinking, thanks. > > However, there are many other timeouts involved in the TCP state machine. I > don't expect the client to have control over all of them. Is the connection > timeout important enough to give control over it to the client? > > I don't think client control over TCP timeouts is important given the expected > use cases for TURN. > > The upper limit of the connection timeout can already be controlled by clients. > They can just close their connection to the server when it starts taking too > long. (Does this need to be mentioned explicitly?) > > For the lower limit, how about mentioning that servers MUST ensure at least 10 > seconds before connection timeout? No, I don't think client control of the timeout is important either. However, I think there is a point in specifying a minimal timeout the server may use. And I think that should be larger than 10 seconds, more like 30s. I know that is an eternity for some real-time applications. However 10s is not that long if there is need for some end-point synchronization or other. The expectation here is that the client will kill the connection attempt if it is no longer needed. Until that the server should continue to try. But not for ever due to the possibility to use the TURN server as attack tool in that case. > >> 3. Section 5.2: Why is the initial data buffered? Isn't it better to not >> read from the socket until its peer TCP connection is available. That >> way the stream will not advance until the data can be forwarded. > > Whether data is buffered in kernel or user space is irrelevant from the point of > view of the protocol. It's an implementation detail. My point is the question on what assumptions the client can make ones the data has been acked. Especially in cases where the application adapts the content based on what it manage to send through. Thus having the document indicate that the server shall buffer, especially the initial data seems wrong to me. > >> 4. Section 5.3, shouldn't the connection attempt be checked against the >> permissions before being accepted? > > Yes and no. > > The server needs to check permissions. This is an omission in section 5.3. It is > a big error that needs to be fixed. Thanks for noticing it. > > However, the permission check needs to happen after the connection is accepted > but before the ConnectionAttempt indication is sent to the client. This is so > because a user-space implementation cannot know the identity of the peer before > calling accept(). So we accept the connection, then drop it if it fails the > permission check. > > (I recall explaining this on behave@ietf.org, so I wonder why this text isn't > already in the draft...) Ok, please get some text in there. Cheers Magnus Westerlund IETF Transport Area Director ---------------------------------------------------------------------- Multimedia Technologies, Ericsson Research EAB/TVM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [BEHAVE] AD comments on draft-ietf-behave-turn-tc… Magnus Westerlund
- Re: [BEHAVE] AD comments on draft-ietf-behave-tur… Simon Perreault
- Re: [BEHAVE] AD comments on draft-ietf-behave-tur… Magnus Westerlund
- Re: [BEHAVE] AD comments on draft-ietf-behave-tur… Simon Perreault
- Re: [BEHAVE] AD comments on draft-ietf-behave-tur… Magnus Westerlund