IETF Logo Mail Archive

Re: [bfcpbis] WGLC for draft-ietf-bfcpbis-rfc4583bis

Roman Shpount <rshpount@turbobridge.com> Mon, 25 September 2017 20:45 UTC

Return-Path: <rshpount@turbobridge.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9661326F6 for <bfcpbis@ietfa.amsl.com>; Mon, 25 Sep 2017 13:45:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=turbobridge.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HKf5opr1WU1f for <bfcpbis@ietfa.amsl.com>; Mon, 25 Sep 2017 13:45:29 -0700 (PDT)
Received: from mail-pg0-x234.google.com (mail-pg0-x234.google.com [IPv6:2607:f8b0:400e:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFE00132055 for <bfcpbis@ietf.org>; Mon, 25 Sep 2017 13:45:28 -0700 (PDT)
Received: by mail-pg0-x234.google.com with SMTP id m30so4671570pgn.6 for <bfcpbis@ietf.org>; Mon, 25 Sep 2017 13:45:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=turbobridge.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=SwA6SeMzpI1gnSa3mGVmH6QWFyRWVvNtDUbRkE5UVek=; b=sFbSH8UetFrG3yDKBMQR1YaJWyP7iJq4Snd9cPTAE8ZlgxnAUgGf3HJRNPUw6NJJN6 RhPwCsO03GIjT4tpJ+NgkEsSvyiQUYjWZEqhkO8mvXSwdy7DpcoXL2NXVBPkrnygdEW1 imrNa+v7jqbbsTEOs3TphFgTyjgevjvOWVhAA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=SwA6SeMzpI1gnSa3mGVmH6QWFyRWVvNtDUbRkE5UVek=; b=Ca9ZEfUiurD7Bpl/axr2pV3AbyJsPwa4nYsWaG3DIMi6FlbDu/2N0uK7SF2NSokRcR pBRYuUHu3c8EdpBlWjPmqr3sJGL63Kp0FLN0TmtZPa+XDToaU/NC4tQmaox1mDDWqaGe woHgjpe6fIvfn1+bwUlqbVm8Nq3mA6N4FK+NNUi9aVYi8glTNCxIEmNjYwlDn42ivGt0 cHXITYR7veUNwm81GGaZZ6zf993gHogRSsjJ9NGX1KIzTZmDPVJ0ciDFk04+H60kVaYx G4j7iYS9ENEPp82rKh0k6te6xKpoh1zcaT4PyjelIQKb59ZQNVUd0Ehe9mnVzLkRrgev Bshg==
X-Gm-Message-State: AHPjjUjGzVLtIDros5jR9Bmbj8gPv+VBPn4yIs5WU9uIbSbKuFFlJW/O eBqnWeMyx4vgyUeuB3Dcd3+l71j3
X-Received: by 10.99.164.18 with SMTP id c18mr8606154pgf.359.1506372328452; Mon, 25 Sep 2017 13:45:28 -0700 (PDT)
Received: from mail-pg0-f54.google.com (mail-pg0-f54.google.com. [74.125.83.54]) by smtp.gmail.com with ESMTPSA id o5sm12589578pfh.67.2017.09.25.13.45.27 for <bfcpbis@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 25 Sep 2017 13:45:27 -0700 (PDT)
Received: by mail-pg0-f54.google.com with SMTP id d8so4672989pgt.4 for <bfcpbis@ietf.org>; Mon, 25 Sep 2017 13:45:27 -0700 (PDT)
X-Google-Smtp-Source: AOwi7QDrldIJUGBmsuy8+h8syIoZKx6IYUQwyEKan4sPTyKKxpGTlN2XkRrHP1A4IDw0H2rddiy1nRf7bEeY4yVElu8=
X-Received: by 10.84.238.135 with SMTP id v7mr8791630plk.276.1506372327597; Mon, 25 Sep 2017 13:45:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.189.2 with HTTP; Mon, 25 Sep 2017 13:45:27 -0700 (PDT)
In-Reply-To: <8B51BC6F-6DC1-4B13-A51D-5F5BA57165FC@cisco.com>
References: <33AC90F8-1963-4F79-ACB2-0DB2873D5E34@cisco.com> <CAD5OKxswNRuYFt_XQZ=caDB5WQDXS27KbH3M-AxhKL9Pq0WwPA@mail.gmail.com> <CAFHv=r_AnaVtYr8PGR_E7CZarVNp_JHv-=Pv2PGRhfbR=w-YVQ@mail.gmail.com> <8B51BC6F-6DC1-4B13-A51D-5F5BA57165FC@cisco.com>
From: Roman Shpount <rshpount@turbobridge.com>
Date: Mon, 25 Sep 2017 16:45:27 -0400
X-Gmail-Original-Message-ID: <CAD5OKxuqffkEWeMgKj8k4OA_v4yebjJCY9V-ZpQmw7A7EGL5nw@mail.gmail.com>
Message-ID: <CAD5OKxuqffkEWeMgKj8k4OA_v4yebjJCY9V-ZpQmw7A7EGL5nw@mail.gmail.com>
To: "Charles Eckel (eckelcu)" <eckelcu@cisco.com>
Cc: Tom Kristensen <2mkristensen@gmail.com>, "Tom Kristensen (tomkrist)" <tomkrist@cisco.com>, Alan Ford <alan.ford@gmail.com>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>, Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>, Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: multipart/alternative; boundary="f403045fdf887c6e0d055a09a3ad"
Archived-At: <https://mailarchive.ietf.org/arch/msg/bfcpbis/eug3OnH_FNjZ5xIvtTAonCp8BP4>
Subject: Re: [bfcpbis] WGLC for draft-ietf-bfcpbis-rfc4583bis
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Sep 2017 20:45:33 -0000

On Mon, Sep 25, 2017 at 4:30 PM, Charles Eckel (eckelcu) <eckelcu@cisco.com>
wrote:

> This section specifies that "This implies that unless a 'fingerprint'
> attribute is included in the session description, the certificate provided
> at the TLS-/DTLS-level MUST either be directly signed by one of the other
> party's trust anchors or be validated using a certification path that
> terminates at one of the other party's trust anchors [5]". I thought
> "fingerprint" attribute are required and certificate signature by trust
> anchor is irrelevant.
>
>
>
> Not sure what "When using UDP, the procedure above was preferred since it
> adheres to [16] as used for DTLS-SRTP" means, especially since [16} is not
> specific to SRTP-DTLS, but specifies generic rules for all DTLS based
> protocols. The whole logic is circular since it proposes to follow
> procedures from [16] since they are compliant with procedures from [16].
>
>
>
> TK: I'm currently trying to remember the background for this text, it was
> altered and added in one of the many rounds earlier on. I agree that this
> is not clear and a bit confusing.
>
> [cue] After consulting the archives, it seems this was introduced in
> version -04 of the draft as a result of an issue raised by Gonzalo.
>
> https://mailarchive.ietf.org/arch/msg/bfcpbis/
> emDvYolUyI4VjEiVuBqNoWMgz40/?qid=0e356a8b7a948f87669c6d992f6214db
>
>
>

The current text read like this "When DTLS is used with UDP, the
requirements specified in Section 5 of [16] MUST be followed". In
the following paragraph this is explained saying "When using UDP, the
procedure above was preferred since it adheres to [16] as used for
DTLS-SRTP, it does not overload offer/answer semantics, and it works for
offerless INVITE in scenarios with B2BUAs". I am not sure why this
explanation is needed, since it essentially says that procedure from
DTLS-SDP draft is used since it is compatible with procedure from DTLS-SDP
draft.

I think the second sentence can be rewritten to say: "When using UDP,
procedure defined in [16] was selected in order to be compatible with other
DTLS based protocol implementations, such as DTLS-SRTP. Furthermore,
procedure defined in [16] does not overload offer/answer semantics and
works for offerless SIP INVITE in scenarios with B2BUAs.

Regards.
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email