Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis
"Charles Eckel (eckelcu)" <eckelcu@cisco.com> Tue, 08 September 2015 17:48 UTC
Return-Path: <eckelcu@cisco.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F25021B2D18 for <bfcpbis@ietfa.amsl.com>; Tue, 8 Sep 2015 10:48:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u_mtOMFO2OfD for <bfcpbis@ietfa.amsl.com>; Tue, 8 Sep 2015 10:48:48 -0700 (PDT)
Received: from rcdn-iport-6.cisco.com (rcdn-iport-6.cisco.com [173.37.86.77]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 827431B2BBF for <bfcpbis@ietf.org>; Tue, 8 Sep 2015 10:48:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=31994; q=dns/txt; s=iport; t=1441734528; x=1442944128; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=dOqitXw7HL76A70fEMhEbnDamu9WPiRJhaW0nt6Z8nk=; b=S+GXLRernh4e5Hp1klraKxLcBn4qikDX/bV8ldfQ1em6MK6wYDFDnI67 UOC30/eG/wmV0el2pqtyUTSxOpjHLU+ixznyLhH0x0PPGUbI/PFFnhA6i 9W3oLyaGzK7SArVfXAXWKPiV+ByE0gtQ6lEOl9WZi6AWvy8+Q5UOMa074 g=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0C+AgApHu9V/5ldJa1dgyNUaQaDHroGAQmBbQqFL0oCHIEdOBQBAQEBAQEBgQqEIwEBAQQBAQEXCREzAQYLDAQCAQYCEQMBAQEBAgIRAREDAgICJQsUAQgIAgQBDQUJiCUNmg6dHZQSAQEBAQEBAQEBAQEBAQEBAQEBAQEBF4EiiUeBBYQ6AQEFCQ8YGwcGBAkMgkqBQwWHMY4kAYUJgiiFSIFMhDODH4kkhEmDawEmghAcgVRxAYcCBxcjgQUBAQE
X-IronPort-AV: E=Sophos;i="5.17,491,1437436800"; d="scan'208";a="27187607"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-6.cisco.com with ESMTP; 08 Sep 2015 17:48:46 +0000
Received: from XCH-RCD-016.cisco.com (xch-rcd-016.cisco.com [173.37.102.26]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id t88Hmk1N031472 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Tue, 8 Sep 2015 17:48:46 GMT
Received: from xch-aln-018.cisco.com (173.36.7.28) by XCH-RCD-016.cisco.com (173.37.102.26) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 8 Sep 2015 12:48:44 -0500
Received: from xch-aln-018.cisco.com ([173.36.7.28]) by XCH-ALN-018.cisco.com ([173.36.7.28]) with mapi id 15.00.1104.000; Tue, 8 Sep 2015 12:48:44 -0500
From: "Charles Eckel (eckelcu)" <eckelcu@cisco.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>, Alissa Cooper <alissa@cooperw.in>
Thread-Topic: draft-ietf-bfcpbis-rfc4583bis
Thread-Index: AQHQ6l6bwgPU9BeoOEeQtD0knfJV4A==
Date: Tue, 08 Sep 2015 17:48:44 +0000
Message-ID: <D1FB937A.55AE4%eckelcu@cisco.com>
References: <CC0C9FBD-75D7-4767-9873-CFF6212B9B2D@cooperw.in> <BD0F4637-1FC5-467A-939D-E8BEFF731579@cooperw.in> <tnf3xk3w8p88iwpoxg7973m4.1424020394665@email.android.com> <C011E430-72D1-4AE1-B546-B65658BADE8F@cooperw.in> <54EDAA70.5060600@ericsson.com> <0DCBEFF7-771F-4F62-83CE-1E98D18ACBFF@cooperw.in> <D1134285.3E7A2%eckelcu@cisco.com> <282A6C48-E88B-495F-A343-591A9C8BF5B5@cooperw.in> <D14980E3.455F6%eckelcu@cisco.com> <82BD9835-8304-439C-9FB9-AB1B14F466D1@cooperw.in> <7594FB04B1934943A5C02806D1A2204B1D799F48@ESESSMB209.ericsson.se> <D156C697.46550%eckelcu@cisco.com> <7594FB04B1934943A5C02806D1A2204B1D7B046D@ESESSMB209.ericsson.se> <D15A7A69.466B7%eckelcu@cisco.com>
In-Reply-To: <D15A7A69.466B7%eckelcu@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.4.150722
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.24.196.218]
Content-Type: text/plain; charset="utf-8"
Content-ID: <39951FFE4FF5434F9A349F72E1BCC530@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/bfcpbis/vfg1adgx0d4oS02T7uMptGblhu4>
Cc: Ben Campbell <ben@nostrum.com>, "bfcpbis@ietf.org" <bfcpbis@ietf.org>, "draft-ietf-bfcpbis-rfc4582bis@tools.ietf.org" <draft-ietf-bfcpbis-rfc4582bis@tools.ietf.org>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "Tom Kristensen (tomkrist)" <tomkrist@cisco.com>
Subject: Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2015 17:48:53 -0000
Picking up on this old thread regarding draft-ietf-bfcpbis-rfc4583bis. I think this is the only outstanding item with respect to the current version of the draft. Unless anyone has an issue with the proposed resolution, I request we update the draft accordingly and then use it as the basis for Mary, the document shepherd, to provide a proto writeup. Cheers, Charles On 4/20/15, 10:39 AM, "Charles Eckel (eckelcu)" <eckelcu@cisco.com> wrote: >Hi Christer, > >I reread the current draft and went through the following MMUSIC thread on >this subject: >http://www.ietf.org/mail-archive/web/mmusic/current/msg14631.html > >As a result, I better understand the issue you are addressing. I suggest >the following changes to be consistent with what is being proposed in >MMUSIC: > >------------ >Section 9: > >OLD: >Endpoints that use the offer/answer model to establish a DTLS > association MUST support the 'setup' attribute, as defined in [7]. >When DTLS is used with UDP, the 'setup' attribute indicates which of >the endpoints (client or floor control server) initiates the DTLS >association setup. The requirements for the offer/answer exchange >specified in [13], Section 5 of [13] MUST be followed when using DTLS. >Offer/answer considerations are described in Section 10.5. > >NEW: >When DTLS is used with UDP, the requirements specified in Section 5 >of [13] MUST be followed. > > >Section 10.5 > >OLD > If the transport parameters or the key fingerprints change, the > endpoints MUST establish a new DTLS connection. In such case the > 'active/passive' status of the endpoints will again be determined > following the procedures in [7], and the new status will be used to > determine the TLS roles associated with the new DTLS connection. > > Informational note: The procedure above is identical to the one > defined for DTLS-SRTP in [13]. > > Note: A new DTLS connection needs to be established if the > transport parameters or the key fingerprints change. > > > >NEW: >The conditions under which endpoints MUST establish a new DTLS >connection are as the same defined for DTLS-SRTP in [13]. >———————— > >This way we avoid any potential conflicts with the intent of RFC 5763, and >when clarifications to RFC 5763 are made, they will be picked up by the >BFCP spec. > >Cheers, >Charles > > > > >On 4/18/15, 2:01 PM, "Christer Holmberg" <christer.holmberg@ericsson.com> >wrote: > >>Hi Charles, >> >>> [adding bfcppbis list] >>> >>> Hi Christer, >>> >>> Thanks for your review and comments. In the BFCP usage, the DTLS >>>connection is dedicated to the BFCP >>> stream it contains. As I understand it, the complications around DTLS >>>re-establishement discussed in MMUSIC >>> result from use of a single DTLS connection for multiple RTP and/or >>>SCTP streams. Those complications do >>> not exist with the BFCP usage, so I think it is sufficient to continue >>>to reference RFC 5763 and not use the >>> SDP connection attribute. >> >>The complications do not result from use of a single DTLS connection for >>multiple streams - it mainly results from the usage of ICE. And, as far >>as I know, ICE can be used also for BFCP. >> >>And, even without ICE we intend to add text saying that a DTLS connection >>is only re-established if the underlying transport changes. >> >>Regards, >> >>Christer >> >> >> >>>Hi, >>> >>>First, I want to apologize for not providing my review earlier. >>> >>>As far as the BFCP specifics are concerned, I am ok with the latest >>>version of the draft. >>> >>>However, there is an issue regarding the DTLS considerations (section >>>10.5). >>> >>>The text says: >>> >>> "Once a DTLS connection has been established, if the 'active/passive' >>> status of the endpoints change during a session, a new DTLS >>> connection MUST be established." >>> >>>There is currently an ongoing discussion in MMUSIC about when a DTLS >>>connection is to be re-established. >>> >>>The discussion is still ongoing, but the outcome will most likely NOT >>>be aligned with the text above. >>> >>>For example, there has been a suggestion (by myself) to use the SDP >>>connection attribute to explicitly indicate that a new DTLS connection >>>needs to be established. >>> >>> >>>The draft also says: >>> >>> "If the transport parameters or the key fingerprints change, the >>> endpoints MUST establish a new DTLS connection." >>> >>>This is related to the earlier issue. There is the discussion about ICE >>>"virtual connections", and that a single DTLS connection would apply to >>>all ICE candidates associated with an m- line. So, even if a candidate >>>changes (read: transport parameter changes), it would not automatically >>>trigger a new DTLS connection. >>> >>> >>>The issues above are also holding up the SCTP-SDP draft, so it doesn't >>>only affect BFCPbis :) >>> >>> >>>Regards, >>> >>>Christer >>> >>> >>>-----Original Message----- >>>From: Alissa Cooper [mailto:alissa@cooperw.in] >>>Sent: 8. huhtikuuta 2015 3:07 >>>To: Charles Eckel (eckelcu) >>>Cc: Gonzalo Camarillo; Tom Kristensen (tomkrist); >>>draft-ietf-bfcpbis-rfc4582bis@tools.ietf.org; Ben Campbell; Christer >>>Holmberg >>>Subject: Re: draft-ietf-bfcpbis-rfc4583bis >>> >>>Adding Christer to this thread. >>> >>>On Apr 7, 2015, at 12:44 PM, Charles Eckel (eckelcu) >>><eckelcu@cisco.com> >>>wrote: >>> >>>> Christer (cc’d) and I discussed some of the changes offlist in >>>> Dallas, and he is to come back to the list with comments after Dallas >>>> - which is now :) >>>> >>>> Cheers, >>>> Charles >>>> >>>> On 4/7/15, 10:26 AM, "Alissa Cooper" <alissa@cooperw.in> wrote: >>>> >>>>> Checking in on this — has Christer been prompted to review the >>>>> latest rev of draft-ietf-bfcpbis-rfc4583bis? >>>>> >>>>> Thanks, >>>>> Alissa >>>>> >>>>> On Feb 25, 2015, at 9:14 AM, Charles Eckel (eckelcu) >>>>> <eckelcu@cisco.com> >>>>> wrote: >>>>> >>>>>> Most of the changes I this recent update to rfc4583bis were >>>>>> inspired by comments and suggested text provided by Christer. He is >>>>>> in the process of reviewing. If all goes well with that, we are >>>>>> ready to proceed with proto writeup (Mary) and AD review. >>>>>> >>>>>> Cheers, >>>>>> Charles >>>>>> >>>>>> On 2/25/15, 7:01 AM, "Alissa Cooper" <alissa@cooperw.in> wrote: >>>>>> >>>>>>> rfc4583 has not had an AD review yet. Richard can hopefully take >>>>>>> care of that while I¹m on leave (starting today, actually). >>>>>>> >>>>>>> On Feb 25, 2015, at 2:56 AM, Gonzalo Camarillo >>>>>>> <gonzalo.camarillo@ericsson.com> wrote: >>>>>>> >>>>>>>> Hi Alissa, >>>>>>>> >>>>>>>> I have noted that while rfc4582bis in on the agenda of the March >>>>>>>> 5th telechat (thanks for handling that!), rfc4583bis isn't. Tom >>>>>>>> revised rfc4583bis on February 20th. Should rfc4583bis be on the >>>>>>>> agenda of the telechat as well or there is still something left >>>>>>>> for Tom to take care of? >>>>>>>> >>>>>>>> Thanks, >>>>>>>> >>>>>>>> Gonzalo >>>>>>>> >>>>>>>> On 18/02/2015 9:28 PM, Alissa Cooper wrote: >>>>>>>>> Pinging on this. >>>>>>>>> >>>>>>>>> March 5 will likely be my last telechat before going on leave, >>>>>>>>>so it would be great to get this scheduled on that one. To do >>>>>>>>>that, the rev needs to be posted today. The updates are pretty >>>>>>>>>minimal and are all basically written up in Charles¹ response to >>>>>>>>>my AD review. >>>>>>>>> >>>>>>>>> Alissa >>>>>>>>> >>>>>>>>> On Feb 15, 2015, at 9:13 AM, Gonzalo Camarillo >>>>>>>>> <gonzalo.camarillo@ericsson.com >>>>>>>>> <mailto:gonzalo.camarillo@ericsson.com>> >>>>>>>>> wrote: >>>>>>>>> >>>>>>>>>> I have talked offline with the other authors and Tom is holding >>>>>>>>>> the pen. Tom, do you think you can meet the time frame below? >>>>>>>>>> >>>>>>>>>> Cheers, >>>>>>>>>> >>>>>>>>>> Gonzalo >>>>>>>>>> >>>>>>>>>> Sent from my mobile >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> ---- Alissa Cooper wrote ---- >>>>>>>>>> >>>>>>>>>> Just wanted to see if this rev might get done in the next >>>>>>>>>>couple of days. If so, we could get it on the next telechat >>>>>>>>>>agenda (March 5). >>>>>>>>>> >>>>>>>>>> Alissa >>>>>>>>>> >>>>>>>>>> Begin forwarded message: >>>>>>>>>> >>>>>>>>>>> *From: *Alissa Cooper <alissa@cooperw.in >>>>>>>>>>> <mailto:alissa@cooperw.in>> >>>>>>>>>>> *Subject: **Re: [bfcpbis] AD evaluation: >>>>>>>>>>> draft-ietf-bfcpbis-rfc4582bis-12* >>>>>>>>>>> *Date: *February 9, 2015 at 3:58:52 PM PST >>>>>>>>>>> *To: *"Charles Eckel (eckelcu)" <eckelcu@cisco.com >>>>>>>>>>> <mailto:eckelcu@cisco.com>> >>>>>>>>>>> *Cc: *"bfcpbis@ietf.org <mailto:bfcpbis@ietf.org>" >>>>>>>>>>> <bfcpbis@ietf.org >>>>>>>>>>> <mailto:bfcpbis@ietf.org>> >>>>>>>>>>> >>>>>>>>>>> Hi Charles, >>>>>>>>>>> >>>>>>>>>>> Thanks, some responses inline. >>>>>>>>>>> >>>>>>>>>>> On Feb 4, 2015, at 10:40 AM, Charles Eckel (eckelcu) >>>>>>>>>>> <eckelcu@cisco.com <mailto:eckelcu@cisco.com>> wrote: >>>>>>>>>>> >>>>>>>>>>>> HI Alissa, >>>>>>>>>>>> >>>>>>>>>>>> Thank you for the review. Please see my thoughts on your >>>>>>>>>>>> comments and questions inline. >>>>>>>>>>>> >>>>>>>>>>>> From: Alissa Cooper <alissa@cooperw.in >>>>>>>>>>>> <mailto:alissa@cooperw.in>> >>>>>>>>>>>> Date: Thursday, January 29, 2015 at 10:19 PM >>>>>>>>>>>> To: "bfcpbis@ietf.org <mailto:bfcpbis@ietf.org>" >>>>>>>>>>>> <bfcpbis@ietf.org <mailto:bfcpbis@ietf.org>> >>>>>>>>>>>> Subject: [bfcpbis] AD evaluation: >>>>>>>>>>>> draft-ietf-bfcpbis-rfc4582bis-12 >>>>>>>>>>>> >>>>>>>>>>>>> I have reviewed this draft in preparation for IETF LC. >>>>>>>>>>>>> Overall the document appears in good shape. I have a few >>>>>>>>>>>>> questions and comments I¹d like to discuss before issuing >>>>>>>>>>>>> the IETF last call. I¹ve also included some editorial nits >>>>>>>>>>>>> that should be addressed together with any last call >>>>>>>>>>>>>comments. >>>>>>>>>>>>> >>>>>>>>>>>>> Comments and questions: >>>>>>>>>>>>> >>>>>>>>>>>>> = Section 5.1 = >>>>>>>>>>>>> "If an endpoint receives a message with an unsupported >>>>>>>>>>>>> version field value, the receiving server MUST send an >>>>>>>>>>>>> Error message with parameter value 12 (Unsupported Version) >>>>>>>>>>>>> to indicate this.² >>>>>>>>>>>>> >>>>>>>>>>>>> This seems a little misleading since RFC 4582 didn¹t specify >>>>>>>>>>>>>what to do upon receipt of a message with a version other >>>>>>>>>>>>>than 1. >>>>>>>>>>>>> Implementations that do not get upgraded to be compliant >>>>>>>>>>>>>with 4582bis (which could certainly account for some of >>>>>>>>>>>>>those that will not support version 2) will therefore never >>>>>>>>>>>>>send the error specified here. This seems like it should at >>>>>>>>>>>>>least be noted given the MUST-level requirement. The same >>>>>>>>>>>>>applies in Section 13.7. >>>>>>>>>>>> >>>>>>>>>>>> Good point. I believe we made this a MUST because we were >>>>>>>>>>>>thinking in terms of implementations compliant with this bis >>>>>>>>>>>>version. >>>>>>>>>>>> Adding >>>>>>>>>>>> your suggested note about rfc 4582 implementations here and >>>>>>>>>>>>in section 13.7 seems useful to me. >>>>>>>>>>> >>>>>>>>>>> Ok >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> = Section 7 = >>>>>>>>>>>>> "BFCP entities MUST support, at a minimum, the >>>>>>>>>>>>> TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite [6].² >>>>>>>>>>>>> >>>>>>>>>>>>> I realize this requirement comes from RFC 4582, but I¹d like >>>>>>>>>>>>> to understand why it has not been updated to be consistent >>>>>>>>>>>>> with more current guidance on cipher suite selection (e.g., >>>>>>>>>>>>> >>>>>>>>>>>>>https://tools.ietf.org/html/draft-ietf-uta-tls-bcp-08#section >>>>>>>>>>>>>-4) >>>>>>>>>>>>>. >>>>>>>>>>>> >>>>>>>>>>>> How about we keep this minimum requirement, and add a >>>>>>>>>>>>reference to draft-ietf-uta-tls-bcp along with a >>>>>>>>>>>>recommendation to adhere to the best practices it outlines in >>>>>>>>>>>>section 4? >>>>>>>>>>> >>>>>>>>>>> I think MUST support TLS_RSA_WITH_AES_128_CBC_SHA for >>>>>>>>>>> backwards compatibility and SHOULD support the ones listed in >>>>>>>>>>> the UTA drafts would be ok. >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> = Sections 8, 8.1, 8.2 = >>>>>>>>>>>>> It seems like the transaction ID requirements regarding >>>>>>>>>>>>> non-reuse/monotonically increasing IDs are re-stated >>>>>>>>>>>>> multiple times across these three sections, in slightly >>>>>>>>>>>>> different ways, to the point where it¹s not clear exactly >>>>>>>>>>>>> what they are. It seems like they are: >>>>>>>>>>>>> >>>>>>>>>>>>> (1) Reliable transport, server-initiated transaction: ID is >>>>>>>>>>>>> 0 >>>>>>>>>>>>> (2) Unreliable transport, server-initiated transaction: ID >>>>>>>>>>>>> MUST be monotonically increasing (except for wrap-around) >>>>>>>>>>>>> (3) Reliable transport, client-initiated transaction: ID >>>>>>>>>>>>> MUST NOT be 0 and MUST NOT be reused in another message from >>>>>>>>>>>>> the client until a response from the server is received for >>>>>>>>>>>>> the transaction, but need not be monotonically increasing >>>>>>>>>>>>> (e.g., a lower, recently used ID could be re-used once a >>>>>>>>>>>>> response is >>>>>>>>>>>>> received) >>>>>>>>>>>>> (4) Unreliable transport, client-initiated transaction: ID >>>>>>>>>>>>> MUST be monotonically increasing (except for wrap-around) >>>>>>>>>>>>> >>>>>>>>>>>>> Is (3) the correct interpretation of the text in 8.1? If so, >>>>>>>>>>>>> why not just require IDs in all client-initiated >>>>>>>>>>>>> transactions to be monotonically increasing? >>>>>>>>>>>> >>>>>>>>>>>> Agree we can and should simplify this. Sections 8.1 and 8.2 >>>>>>>>>>>> cover the client behavior and server behavior in detail. As >>>>>>>>>>>> such, the transaction ID related information at the start of >>>>>>>>>>>> Section 8 is superfluous. I recommend reducing the text in >>>>>>>>>>>> Section 8 to the >>>>>>>>>>>> follow: >>>>>>>>>>>> >>>>>>>>>>>> 8. Protocol Transactions >>>>>>>>>>>> >>>>>>>>>>>> In BFCP, there are two types of transactions: >>>>>>>>>>>> client-initiated transactions and server-initiated >>>>>>>>>>>>transactions. >>>>>>>>>>>> >>>>>>>>>>>> Client-initiated transactions consist of a request from a >>>>>>>>>>>> client to a floor control server and a response from the >>>>>>>>>>>> floor control server to the client. >>>>>>>>>>>> >>>>>>>>>>>> Server-initiated transactions have different behavior >>>>>>>>>>>> depending on underlying transport: >>>>>>>>>>>> >>>>>>>>>>>> When using a reliable transport, server-initiated >>>>>>>>>>>>transactions >>>>>>>>>>>> consist of a single message from a floor control server to >>>>>>>>>>>>a >>>>>>>>>>>> client (notifications). They do not trigger any response. >>>>>>>>>>>> >>>>>>>>>>>> When using an unreliable transport, server-initiated >>>>>>>>>>>> transactions >>>>>>>>>>>> consist of a request from a floor control server to a >>>>>>>>>>>> client and a >>>>>>>>>>>> response from the client to the floor control server. >>>>>>>>>>>> >>>>>>>>>>>> When using BFCP over an unreliable transport, retransmission >>>>>>>>>>>> timer T1 (see Section 8.3) MUST be used for all requests >>>>>>>>>>>> until the transaction is completed. >>>>>>>>>>>> >>>>>>>>>>>> Then in section 8.1, we add the important details removed >>>>>>>>>>>> from section 8. >>>>>>>>>>>> >>>>>>>>>>>> 8.1.1 Client Behavior >>>>>>>>>>>> >>>>>>>>>>>> A client starting a client-initiated transaction MUST set the >>>>>>>>>>>> Conference ID in the common header of the message to the >>>>>>>>>>>> Conference ID for the conference that the client obtained >>>>>>>>>>>> previously. >>>>>>>>>>>> >>>>>>>>>>>> The client MUST set the Transaction ID value in the common >>>>>>>>>>>> header to a number that is different from 0 and that MUST NOT >>>>>>>>>>>> be reused in another message from the client until a response >>>>>>>>>>>> from the server is received for the transaction. The client >>>>>>>>>>>> uses the Transaction ID value to match this message with the >>>>>>>>>>>> response from the floor control server. When using BFCP over >>>>>>>>>>>> an unreliable transport, it is important to choose a >>>>>>>>>>>> Transaction ID value that lets the receiver distinguish the >>>>>>>>>>>> reception of the next message in a sequence of BFCP messages >>>>>>>>>>>> from a retransmission of a previous message. Therefore, BFCP >>>>>>>>>>>> entities using an unreliable transport MUST use monotonically >>>>>>>>>>>> increasing Transaction ID values (except for wrap-around). >>>>>>>>>>>> >>>>>>>>>>>> A client receiving a server-initiated transaction over an >>>>>>>>>>>> unreliable transport MUST copy the Transaction ID from the >>>>>>>>>>>> request received from the server into the response. >>>>>>>>>>>> [Question: is there a need to copy the Conference ID and User >>>>>>>>>>>> ID, if present?] >>>>>>>>>>>> >>>>>>>>>>>> 8.2. Server Behavior >>>>>>>>>>>> >>>>>>>>>>>> A floor control server sending a response within a >>>>>>>>>>>> client-initiated transaction MUST copy the Conference ID, the >>>>>>>>>>>> Transaction ID, and the User ID from the request received >>>>>>>>>>>> from the client into the response. >>>>>>>>>>>> >>>>>>>>>>>> Server-initiated transactions MUST contain a Transaction ID >>>>>>>>>>>> equal to >>>>>>>>>>>> 0 when BFCP is used over a reliable transport. Over an >>>>>>>>>>>> unreliable transport, the Transaction ID shall have the same >>>>>>>>>>>> properties as for client-initiated transactions. The server >>>>>>>>>>>> uses the Transaction ID value to match this message with the >>>>>>>>>>>> response from the floor participant or floor chair. >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Thanks, this is better. >>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> = Section 9 (impacts Section 14 as well) = "BFCP clients >>>>>>>>>>>>> SHOULD authenticate the floor control server before sending >>>>>>>>>>>>> any BFCP message to it or accepting any BFCP message from it. >>>>>>>>>>>>> Similarly, floor control servers SHOULD authenticate a >>>>>>>>>>>>> client before accepting any BFCP message from it or sending >>>>>>>>>>>>> any BFCP message to it. >>>>>>>>>>>>> >>>>>>>>>>>>> BFCP supports TLS/DTLS mutual authentication between clients >>>>>>>>>>>>> and floor control servers, as specified in Section 9.1. >>>>>>>>>>>>> This is the RECOMMENDED authentication mechanism in BFCP.² >>>>>>>>>>>>> >>>>>>>>>>>>> What are the cases where clients and servers do not need to >>>>>>>>>>>>> be authenticating each other? I know this requirement and >>>>>>>>>>>>> the other SHOULD-level requirements around use of TLS/DTLS >>>>>>>>>>>>> are carried over from RFC 4582, but I¹m concerned that they >>>>>>>>>>>>> aren¹t as strong as they should be. For a conference where >>>>>>>>>>>>> the signaling traffic is authenticated and confidentiality >>>>>>>>>>>>> and integrity protected, why is it ok for the floor control >>>>>>>>>>>>> traffic not to be? Could these requirements be adjusted to >>>>>>>>>>>>> require use of TLS/DTLS at least in cases where the >>>>>>>>>>>>> signaling is also protected? >>>>>>>>>>>> >>>>>>>>>>>> Yes, but again, this would be at the expense of adding a non >>>>>>>>>>>> backward compatible change from rfc 4582. How about saying >>>>>>>>>>>> TLS/DTLS MUST be used for BFCP in such cases, while pointing >>>>>>>>>>>> out the rfc >>>>>>>>>>>> 4582 >>>>>>>>>>>> based implementations may not comply (similar to what we did >>>>>>>>>>>> with the version field). >>>>>>>>>>> >>>>>>>>>>> Works for me. >>>>>>>>>>> >>>>>>>>>>> Feel free to make all of these changes and submit a rev and >>>>>>>>>>> I¹ll issue the IETF LC. >>>>>>>>>>> >>>>>>>>>>> Thanks, >>>>>>>>>>> Alissa >>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> = Section 14 = >>>>>>>>>>>>> See the point above about ciphersuites. ³Non-null >>>>>>>>>>>>> encryption² is not a sufficient minimum baseline, and if the >>>>>>>>>>>>> requirements change in Section 7 they should be reflected >>>>>>>>>>>>>here as well. >>>>>>>>>>>> >>>>>>>>>>>> Yep. >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Editorial nits to be resolved with LC comments: >>>>>>>>>>>>> >>>>>>>>>>>>> = Section 5.1 = >>>>>>>>>>>>> ³The version field MUST be set to 1 when using BFCP over a >>>>>>>>>>>>> reliable transport, i.e. as in [2].² >>>>>>>>>>>>> >>>>>>>>>>>>> I find it a little odd to reference the spec you¹re >>>>>>>>>>>>> obsoleting in this sentence, especially since BFCP over a >>>>>>>>>>>>> reliable transport is completely specified in this bis >>>>>>>>>>>>> document. I would suggest dropping the i.e. clause. >>>>>>>>>>>> >>>>>>>>>>>> Good catch. This is a carry over from before this draft was >>>>>>>>>>>> adopted as a bis version of rfc4582. >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> "The version field MUST be set to 2 when using BFCP over an >>>>>>>>>>>>> unreliable transport with the extensions specified in this >>>>>>>>>>>>> document.² >>>>>>>>>>>>> >>>>>>>>>>>>> The bit about ³with the extensions specified in this >>>>>>>>>>>>> document² is extraneous and should be removed. >>>>>>>>>>>>> >>>>>>>>>>>>> "If an endpoint receives a message with an unsupported >>>>>>>>>>>>> version field value, the receiving server MUST send an Error >>>>>>>>>>>>> message with parameter value 12 (Unsupported Version) to >>>>>>>>>>>>> indicate this.² >>>>>>>>>>>>> >>>>>>>>>>>>> Use of the word ³server² here makes it sound as if only >>>>>>>>>>>>> servers could receive headers with unsupported versions. >>>>>>>>>>>>> Should this be ³the receiving endpoint²? >>>>>>>>>>>>> >>>>>>>>>>>>> = Section 6.2.4 = >>>>>>>>>>>>> "[23], Section 6.7 provides useful recommendations Š² >>>>>>>>>>>>> >>>>>>>>>>>>> The links in the references are not quite right. >>>>>>>>>>>>> >>>>>>>>>>>>> = Section 8.3.2 = >>>>>>>>>>>>> s/when fires/when fired/ >>>>>>>>>>>>> >>>>>>>>>>>>> = Section 14 = >>>>>>>>>>>>> s/high-jack/hijack/ >>>>>>>>>>>>> >>>>>>>>>>>>> = Section B.1 = >>>>>>>>>>>>> "situation where multiple different and non-interoperable >>>>>>>>>>>>> would >>>>>>>>>>>>> co- >>>>>>>>>>>>> exist in the market.² >>>>>>>>>>>>> >>>>>>>>>>>>> There is a word missing after ³non-interoperable." >>>>>>>>>>>> >>>>>>>>>>>> This should read ³non-interoperable implementations². Earlier >>>>>>>>>>>> in that same sentence, ³BFCP over UDP were already used² >>>>>>>>>>>> should read ³BFCP over UDP is already being used². >>>>>>>>>>>> >>>>>>>>>>>> Cheers, >>>>>>>>>>>> Charles >>>>>>>>>>> >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> bfcpbis mailing list >>>>>>>>>>> bfcpbis@ietf.org <mailto:bfcpbis@ietf.org> >>>>>>>>>>> https://www.ietf.org/mailman/listinfo/bfcpbis >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >>
- [bfcpbis] AD evaluation: draft-ietf-bfcpbis-rfc45… Alissa Cooper
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Charles Eckel (eckelcu)
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Alissa Cooper
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Tom Kristensen
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Charles Eckel (eckelcu)
- Re: [bfcpbis] AD evaluation: draft-ietf-bfcpbis-r… Tom Kristensen
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Tom Kristensen
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Tom Kristensen
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Charles Eckel (eckelcu)
- Re: [bfcpbis] draft-ietf-bfcpbis-rfc4583bis Christer Holmberg