Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4583bis-03
Tom Kristensen <tomkrist@cisco.com> Mon, 05 November 2012 07:32 UTC
Return-Path: <tomkrist@cisco.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7768A21F8994 for <bfcpbis@ietfa.amsl.com>; Sun, 4 Nov 2012 23:32:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.399
X-Spam-Level:
X-Spam-Status: No, score=-9.399 tagged_above=-999 required=5 tests=[AWL=-0.600, BAYES_00=-2.599, J_CHICKENPOX_17=0.6, J_CHICKENPOX_56=0.6, J_CHICKENPOX_57=0.6, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8zPvy1QWnWa9 for <bfcpbis@ietfa.amsl.com>; Sun, 4 Nov 2012 23:32:03 -0800 (PST)
Received: from ams-iport-3.cisco.com (ams-iport-3.cisco.com [144.254.224.146]) by ietfa.amsl.com (Postfix) with ESMTP id A905821F8987 for <bfcpbis@ietf.org>; Sun, 4 Nov 2012 23:32:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=8332; q=dns/txt; s=iport; t=1352100722; x=1353310322; h=message-id:date:from:mime-version:to:cc:subject: references:in-reply-to:content-transfer-encoding; bh=WBoKheyHELsCH6Vapfms34H+Bb1I01IUaAo8Rtq0zHw=; b=TVBJzCoUNlQrR7nh+JKxIh1foa+T8IIyCghXi3PrIio2SCebdeKk1Ur+ X9wqx6Apd8/UxbG6ZtqcivSy3OgsvSwSGSA5iq3UaxBrzuaxVq/U1Gd89 WMMRKEYaScl5V5ECABlyQOZnskGRGDdjdAJG1ENZxji09cxnA/WZlSqvo 4=;
X-IronPort-AV: E=Sophos;i="4.80,713,1344211200"; d="scan'208,223";a="9334334"
Received: from ams-core-4.cisco.com ([144.254.72.77]) by ams-iport-3.cisco.com with ESMTP; 05 Nov 2012 07:31:57 +0000
Received: from [10.54.86.33] (dhcp-10-54-86-33.cisco.com [10.54.86.33]) by ams-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id qA57VvQe029544; Mon, 5 Nov 2012 07:31:57 GMT
Message-ID: <50976B6C.5030407@cisco.com>
Date: Mon, 05 Nov 2012 08:31:56 +0100
From: Tom Kristensen <tomkrist@cisco.com>
Organization: Cisco
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.15) Gecko/20101027 Fedora/3.0.10-1.fc12 Lightning/1.0b2pre Thunderbird/3.0.10
MIME-Version: 1.0
To: "Charles Eckel (eckelcu)" <eckelcu@cisco.com>
References: <5087FAE4.5010900@ericsson.com> <508FA129.1090802@cisco.com> <508FBF31.8000906@ericsson.com> <508FC5C1.4040702@cisco.com> <50968F26.9080403@ericsson.com> <92B7E61ADAC1BB4F941F943788C0882810742E@xmb-aln-x08.cisco.com>
In-Reply-To: <92B7E61ADAC1BB4F941F943788C0882810742E@xmb-aln-x08.cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: "bfcpbis@ietf.org" <bfcpbis@ietf.org>, Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>
Subject: Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4583bis-03
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bfcpbis>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Nov 2012 07:32:04 -0000
From Charles' explanation and recap, I now see that we may add to rfc4583bis text describing the mandated use of setup:actpass in offers and recommended use of setup:active in answers. -- Tom On 11/05/2012 12:44 AM, Charles Eckel (eckelcu) wrote: > Hi Gonzalo, > > We discussed this at IETF 82. I remember because I presented a slide on it :) > > RFC 4582 states the following with regard to TLS: > > Which party, the client or the floor control server, acts as the TLS > server depends on how the underlying TCP connection is established. > For example, when the TCP connection is established using an SDP > offer/answer exchange [7], the answerer (which may be the client or > the floor control server) always acts as the TLS server. > > For DTLS, we considered the following alternatives: > > 1.The answerer always acts as the TLS/DTLS server, per RFC 4583 (as currently defined) > 2.The BFCP server always acts as the TLS/DTLS server > 3.The offerer always offers setup:actpass and the answerer answers either setup:active or setup:passive, where setup:active is RECOMMENDED (per RFC 5763) > > The consensus was that (3) was the preferred option, because it adheres to RFC 5763, does not overload offer/answer semantics, and it works for offerless INVITE with B2BUAs. > > Additional details are available in the alias archive: > http://www.ietf.org/mail-archive/web/bfcpbis/current/msg00007.html > and also in the meeting minutes: > http://tools.ietf.org/wg/bfcpbis/minutes?item=minutes82.html > > At the time of this decision, we did not consider changing the existing guidance in RFC 4582 regarding TLS connection establishment. Doing so would introduce a backward compatibility concern. > > Cheers, > Charles > > > >> -----Original Message----- >> From: bfcpbis-bounces@ietf.org [mailto:bfcpbis-bounces@ietf.org] On >> Behalf Of Gonzalo Camarillo >> Sent: Sunday, November 04, 2012 10:52 AM >> To: Tom Kristensen (tomkrist) >> Cc: bfcpbis@ietf.org >> Subject: Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4583bis-03 >> >> Hi Tom, >> >> the way it is defined right now, how to determine which endpoint is the >> TLS or DTLS server is different in TLS (the answerer) and in DTLS >> (depends on the setup attribute). Why do you think we should not be >> consistent across both transports? >> >> Thanks, >> >> Gonzalo >> >> >> On 30/10/2012 8:19 AM, Tom Kristensen wrote: >> >>> Gonzalo, >>> >>> I'll add a definition of "BFCP connection" in rfc4582bis to avoid >>> confusion. >>> >>> Regarding the setup attr. I merely reflected in rfc4583bis what has been >>> part of rfc4582 for a while. >>> - Cf. http://tools.ietf.org/html/draft-ietf-bfcpbis-rfc4582bis-06#section-7 >>> - Note that the setup attr. is also used in DTLS-SRTP, cf. RFC 5763. >>> >>> -- Tom >>> >>> On 10/30/2012 12:51 PM, Gonzalo Camarillo wrote: >>> >>>> Hi Tom, >>>> >>>> thanks for your answers. >>>> >>>> With respect to the term BFCP connection, in addition to making a >>>> consistent use of it across both documents, make sure it is defined >>>> somewhere so that implementers are clear on what it means. >>>> >>>> Regarding UDP, we cannot really use the setup attribute for that. That >>>> attribute is defined for connection oriented protocols. Additionally, we >>>> need to be consistent regarding DTLS and TLS server determination. >>>> Section 8 explains how to determine the endpoint acting as the TLS >>>> server (i.e., the answerer). We cannot determine which endpoint acts as >>>> the DTLS server in a different way. >>>> >>>> Cheers, >>>> >>>> Gonzalo >>>> >>>> >>>> On 30/10/2012 11:43 AM, Tom Kristensen wrote: >>>> >>>> >>>>> On 10/24/2012 04:27 PM, Gonzalo Camarillo wrote: >>>>> >>>>> >>>>>> Folks, >>>>>> >>>>>> >>>>>> >>>>> [...] >>>>> >>>>> >>>>>> Comments on draft-ietf-bfcpbis-rfc4583bis-03 >>>>>> >>>>>> Section 3 includes a discussion about how to set the port field. That >>>>>> discussion is only relevant to TCP. The new draft needs to explain that >>>>>> and add a discussion about port handling in UDP. >>>>>> >>>>>> >>>>>> >>>>> Good catch. Reorganizing the text and adding this for UDP: >>>>> >>>>> "When UDP is used as transport, the port field contains the >>>>> port to which the remote endpoint will direct BFCP messages >>>>> regardless of the value of the 'setup' attribute." >>>>> >>>>> >>>>> >>>>>> Also, the document needs to discuss what is the equivalent of >>>>>> establishing a TCP connection (i.e., it allows endpoints to start >>>>>> exchanging BFCP messages) in UDP. >>>>>> >>>>>> >>>>>> >>>>> The term "BFCP connection" is used in rfc4582bis/rfc4583bis >>>>> >> independent >> >>>>> of underlying transport. >>>>> >>>>> (For rfc4582bis: I propose we keep this common term regardless of >>>>> underlying transport and change the three occurrences of "BFCP >>>>> association" in Section 6.2 and 8.31 to "BFCP connection" as well.) >>>>> >>>>> However, we do indeed need to specify the counterpart of Section 7 >>>>> >> "TCP >> >>>>> Connection Management" for UDP as transport. Will add a sentence or >>>>> >> two, >> >>>>> since using UDP as transport is quite straight forward. Will also need >>>>> to add a UDP description to Section 8, i.e. mandate using the 'setup' >>>>> attribute when DTLS is used. >>>>> >>>>> Added to start of Section 7, now renamed to "BFCP Connection >>>>> Management": >>>>> "BFCP connections may use TCP or UDP as underlying transport. BFCP >>>>> entities exchanging BFCP messages over UDP will direct the BFCP >>>>> messages to the peer side connection address and port provided in >>>>> the SDP 'm' line. TCP connection management is more complicated >>>>> and is described below." >>>>> And the subsection named "TCP Connection Management" follows. >>>>> >>>>> Added this sentence at the end of Section 8: >>>>> "Endpoints that use the offer/answer model to establish a DTLS >>>>> association MUST >>>>> support the 'setup' attribute, as defined in RFC 4145. When >>>>> DTLS is used with UDP, the 'setup' attribute indicates which of the >>>>> endpoints >>>>> (client or floor control server) initiates the DTLS association >>>>> setup." >>>>> >>>>> >>>>> >>>>>> Section 6 contains the following new paragraph: >>>>>> >>>>>> " Note: In [15] 'm-stream' was erroneously used in Section 9. Although >>>>>> the example was non-normative, it is implemented by some >>>>>> >> vendors. >> >>>>>> Therefore, it is RECOMMENDED to support parsing and interpreting >>>>>> 'm-stream' the same way as 'mstrm' when receiving." >>>>>> >>>>>> The text should clarify (or be more explicit about) whether existing >>>>>> implementations are floor control server implementations or client >>>>>> implementations. The idea is that new implementers know clearly >>>>>> >> what >> >>>>>> exactly they need to support in order to be backwards compatible with >>>>>> those legacy implementations (whose implementers did not read RFCs >>>>>> >> but >> >>>>>> only the examples :-) ). >>>>>> >>>>>> >>>>>> >>>>> Yeah, what kind of developers do this kind of things? :-P >>>>> >>>>> Usage of a=floorid (and mstrm/m-stream) applies to endpoints willing >>>>> >> to >> >>>>> act as server, will add this to the second sentence in the note: >>>>> "[...] some vendors and occurs in cases where the endpoint is willing >>>>> to act as an server." >>>>> >>>>> >>>>> >>>>>> The last paragraph of Section 8 discusses which entity behaves as the >>>>>> TLS server. Do we need a similar discussion for DTLS? >>>>>> >>>>>> >>>>>> >>>>> Indeed. Handled above. >>>>> >>>>> -- Tom >>>>> >>>>> >>>>> >>>> >>> >> _______________________________________________ >> bfcpbis mailing list >> bfcpbis@ietf.org >> https://www.ietf.org/mailman/listinfo/bfcpbis >>
- Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4… Gonzalo Camarillo
- [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4583b… Gonzalo Camarillo
- Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4… Tom Kristensen
- Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4… Tom Kristensen
- Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4… Gonzalo Camarillo
- Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4… Charles Eckel (eckelcu)
- Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4… Tom Kristensen
- Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4… Gonzalo Camarillo
- Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4… Charles Eckel (eckelcu)
- Re: [bfcpbis] Comments on draft-ietf-bfcpbis-rfc4… Tom Kristensen