IETF Logo Mail Archive

Re: [bfcpbis] Eric Rescorla's Discuss on draft-ietf-bfcpbis-rfc4583bis-26: (with DISCUSS and COMMENT)

Roman Shpount <roman@telurix.com> Wed, 24 October 2018 19:50 UTC

Return-Path: <roman@telurix.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7611A124C04 for <bfcpbis@ietfa.amsl.com>; Wed, 24 Oct 2018 12:50:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TBZrAdvMqQHX for <bfcpbis@ietfa.amsl.com>; Wed, 24 Oct 2018 12:50:24 -0700 (PDT)
Received: from mail-pl1-x634.google.com (mail-pl1-x634.google.com [IPv6:2607:f8b0:4864:20::634]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7E1C129619 for <bfcpbis@ietf.org>; Wed, 24 Oct 2018 12:50:22 -0700 (PDT)
Received: by mail-pl1-x634.google.com with SMTP id p5-v6so2715109plq.8 for <bfcpbis@ietf.org>; Wed, 24 Oct 2018 12:50:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HY9ubgReXGhzpPoxfwRzZMf69NBshbLBpAvvHWtWGKw=; b=zRFf5yl9YGHdU/zFVYbNP++kknimXxNTgZOVeZML5lqLDGTeRDaMrLBEL5EeuINFp8 rvAw4IEjTWgPMkDmalo57lqf3xcJw+gPdKFGO4qRMM6uLqV15PjGak8na1qwHAvnqiwD NPjR/3lChPKDOcb33J8NHm3kF5uMComVD3ZGRVikO9pq5aQkOLbfRruIpyWFoEX3tXMf +borwWDEyhObIJqlrk25qCSGW4V3OqbffCKnmSMrntXPmto46zx/HfLOzNi8cEy7NSgD g5w8dWK2wMN72frJS2FUzF9J0kunVo7vDvFHpda3DCezv9miiyd4iles1NYbUQBUOKDf dsKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HY9ubgReXGhzpPoxfwRzZMf69NBshbLBpAvvHWtWGKw=; b=Z0pzgWLQ6oTWJMjRcvfvp1aDnOY7XmSMDLsmLtmR7rkLj/Nqxfgqfkb6E7yYjp6uwO +NHVVR7NCeqlg+grsVTOrtEkfncQqg6+VryyHR+YcW6CNTYST+yabQYfkLaC3lrxEUow IKeUWgI1p5Y0gOL1Z5QUEZ2E3FtVAWbFauqIaPbLoa/ADAyVjjgk1689xEg6Rn5ASVdY FLBMw6eBlKYWseNH0LpICLF0+q+JPCV3KxPrf2dcaoJPtI99XWPYpRVI341hvI2HR+nS uNgmoM0DajEg086CmYgkkkhgK6TipfcY2UH9V/lTx8LsEA6GqAefyCJ8pFccfjA5Aglk vnRA==
X-Gm-Message-State: AGRZ1gIDNedxhJAN6nMNvRMoj983n3otGe1kHemiEv2Oyg5XLPqPy+mh sdBvsXupBmLorLlogWhGjGPhhg==
X-Google-Smtp-Source: AJdET5cOy9/FfZQIhWmf8rJnyr7KFEOuFFMq3OZN+dVK1FL7jC27RXVbXl9Ny2xgaqCYglrBBqdlmw==
X-Received: by 2002:a17:902:4e25:: with SMTP id f34-v6mr3628783ple.43.1540410622383; Wed, 24 Oct 2018 12:50:22 -0700 (PDT)
Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com. [209.85.210.171]) by smtp.gmail.com with ESMTPSA id i184-v6sm9790452pfg.88.2018.10.24.12.50.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Oct 2018 12:50:21 -0700 (PDT)
Received: by mail-pf1-f171.google.com with SMTP id t10-v6so1518436pfh.12; Wed, 24 Oct 2018 12:50:21 -0700 (PDT)
X-Received: by 2002:a63:1a41:: with SMTP id a1-v6mr3843738pgm.9.1540410621397; Wed, 24 Oct 2018 12:50:21 -0700 (PDT)
MIME-Version: 1.0
References: <154040901414.6834.17243795717657341259.idtracker@ietfa.amsl.com>
In-Reply-To: <154040901414.6834.17243795717657341259.idtracker@ietfa.amsl.com>
From: Roman Shpount <roman@telurix.com>
Date: Wed, 24 Oct 2018 15:50:10 -0400
X-Gmail-Original-Message-ID: <CAD5OKxtDT=20hX880j1h365TBSLyg=RfqrBF8d9YNidNyjutkA@mail.gmail.com>
Message-ID: <CAD5OKxtDT=20hX880j1h365TBSLyg=RfqrBF8d9YNidNyjutkA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: IESG <iesg@ietf.org>, bfcpbis@ietf.org, Mary Barnes <mary.ietf.barnes@gmail.com>, draft-ietf-bfcpbis-rfc4583bis@ietf.org, bfcpbis-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e5919c0578fecbbd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/-1oVWCafRaTMdI-ZqfavudS8sTs>
Subject: Re: [bfcpbis] Eric Rescorla's Discuss on draft-ietf-bfcpbis-rfc4583bis-26: (with DISCUSS and COMMENT)
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Oct 2018 19:50:27 -0000

Hi Eric,

Since I have helped with ICE related sections of this draft, I can provide
answers to some of your comments:

On Wed, Oct 24, 2018 at 3:23 PM Eric Rescorla <ekr@rtfm.com> wrote:

> S 9.
> >      transport is used for the default candidate, then the 'm' line proto
> >      value MUST be 'UDP/TLS/BFCP'.  If TCP transport is used for the
> >      default candidate, the 'm' line proto value MUST be 'TCP/DTLS/BFCP'.
> >
> >         Note: Usage of ICE with protocols other than UDP/TLS/BFCP and
> >         TCP/DTLS/BFCP is outside of scope for this specification.
>
> this is very different from any other use of ICE, and I'm not sure
> it's interoperable, unless you require that only TCP or only UDP
> candidates be offered (which you do not seem to). The reason is that
> with ICE you can flip between different candidates as part of the
> negotiation. So what happens if I initially get a UDP candidate and
> then via aggressive nomination settle on TCP (or vice versa). DTLS and
> TLS aren't really interoperable in that way. It would be far better to
> do what WebRTC does and when you do ICE, always do DTLS even if it's
> over TCP.
>
>
When ICE is used, DTLS is always used exactly for the reasons you mention.
End points only allowed to use 'UDP/TLS/BFCP', which is DTLS over UDP, or
'TCP/DTLS/BFCP', which is DTLS over TCP. DTLS over UDP is only named
'UDP/TLS/BFCP' instead of  'UDP/DTLS/BFCP' for legacy interop reasons,
since some implementations apparently already added support for this.
Please note that naming of BFCP over DTLS over UDP  as 'UDP/TLS/BFCP'  is
similar to naming RTP over DTLS over UDP as "UDP/RTP/TLS/SAVP".


> S 5.5.
> >      'bfcpver' attribute in offers and answers.  The attribute value, if
> >      present, MUST be in accordance with the definition of the Version
> >      field in [I-D.ietf-bfcpbis-rfc4582bis].  If the attribute is not
> >      present, endpoints MUST assume a default value in accordance with
> >      [I-D.ietf-bfcpbis-rfc4582bis]: when used over a reliable transport
> >      the default attribute value is "1", and when used over an unreliable
>
> Just for clarity: UDP over TURN-TCP is an unreliable transport, right?
>
>
UDP/BFCP, UDP/TLS/BFCP, and TCP/DTLS/BFCP are all unreliable transports,
even if TURN-TCP or TURN-TLS is used. Only TCP/BFCP and TCP/TLS/BFCP
transports are considered reliable. Do you think it should be explicitly
spelled out?

Regards,
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email