IETF Logo Mail Archive

Re: [Ice] Eric Rescorla's No Objection on draft-ietf-ice-trickle-18: (with COMMENT)

Peter Saint-Andre <stpeter@mozilla.com> Mon, 09 April 2018 17:58 UTC

Return-Path: <stpeter@mozilla.com>
X-Original-To: ice@ietfa.amsl.com
Delivered-To: ice@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 38ED11200FC for <ice@ietfa.amsl.com>; Mon, 9 Apr 2018 10:58:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.801
X-Spam-Level:
X-Spam-Status: No, score=-0.801 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HBseZFMvPA3h for <ice@ietfa.amsl.com>; Mon, 9 Apr 2018 10:58:56 -0700 (PDT)
Received: from mail-it0-x22f.google.com (mail-it0-x22f.google.com [IPv6:2607:f8b0:4001:c0b::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0585E12D94E for <ice@ietf.org>; Mon, 9 Apr 2018 10:58:50 -0700 (PDT)
Received: by mail-it0-x22f.google.com with SMTP id m134-v6so12238116itb.3 for <ice@ietf.org>; Mon, 09 Apr 2018 10:58:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; h=subject:to:cc:references:from:openpgp:autocrypt:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=hhtQH0gHpHldt7QdnPqQjGI15rqzOogXTJThXdEoCGQ=; b=gHu89lnIAqCSkM8Um/WNb4BE0GSMQTNu4VinOY3MJ1NX9ZasRZfQtpw5uAJJ4d8h9L EwZTB3GZ+o7ZiNbRXI44Y05jwIV4IwzC20YByS8a1smE1qsEu1TS+tqIvQ7g8C3FK5H7 VgEhv2b2qBNTLdr3d237jSb7vdHQlpTdOzE18=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=hhtQH0gHpHldt7QdnPqQjGI15rqzOogXTJThXdEoCGQ=; b=EdEple+ZCsEuY8VwXobiYi/JwEFnD5OGI9PsjRZLBl/NqA5dcIiduZ3gqfiUtjhdjP NJCtbrEMhZo4tRjGeGgmUOpUUHqsvkAsY21lkj8RoUabiwC5CVe4Ye5MdmBp5piPWlTJ CngSGMLUpNuqpIR2jXePhBOp8DfZnVHisjw1AvXUJCgMdffAIy77e4CEBpktaXON95Pu RS7NkOdjrOp+JSwjUcNlJ2SvgtBePDAEtwJJwtSHlchI4xU3Cjk471dajTB8AgLftc7Q lFxg04no8qFzpBSVKQJ1VsPq/qnuG2V8TtYRDnYbnu+4X7T2PIC/GGGh3Nhamhk8lODH poeA==
X-Gm-Message-State: ALQs6tDUs7rN+AyoKG8j8lnOCXnskHrcWBFoJDXPQ2Ck3SQ1BqyYyJLu Ci06MlDhc33s5GP0HYvRbkpELw==
X-Google-Smtp-Source: AIpwx48ymcYk89B5W8lqr/NdifxEZM87wyX4RGvW89aZh2LmAVcehcs7nWxZYyuxrio1+TaJcTr8rw==
X-Received: by 2002:a24:3647:: with SMTP id l68-v6mr1054269itl.77.1523296729220; Mon, 09 Apr 2018 10:58:49 -0700 (PDT)
Received: from dragon.local ([76.25.3.152]) by smtp.gmail.com with ESMTPSA id 134-v6sm672273itl.34.2018.04.09.10.58.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 09 Apr 2018 10:58:48 -0700 (PDT)
To: Christer Holmberg <christer.holmberg@ericsson.com>, Eric Rescorla <ekr@rtfm.com>, The IESG <iesg@ietf.org>
Cc: Nils Ohlmeier <nohlmeier@mozilla.com>, "ice-chairs@ietf.org" <ice-chairs@ietf.org>, "draft-ietf-ice-trickle@ietf.org" <draft-ietf-ice-trickle@ietf.org>, "ice@ietf.org" <ice@ietf.org>
References: <152270727955.17756.6220965046370005057.idtracker@ietfa.amsl.com> <aa3bcfc0-48c4-8c5c-4799-6a14afaf7548@mozilla.com> <a07736e5-af6b-4dd5-3afb-99e61e853284@mozilla.com> <7594FB04B1934943A5C02806D1A2204B72E4F88F@ESESSMB109.ericsson.se>
From: Peter Saint-Andre <stpeter@mozilla.com>
Openpgp: preference=signencrypt
Autocrypt: addr=stpeter@mozilla.com; prefer-encrypt=mutual; keydata= xsFNBFonEf4BEADvZ+RGsJoOyZaw2rKedB9pBb2nNXVGgymNS9+FAL/9SsfcrKaGYSiWEz7P Lvc97hWH3LACFAHvnzoktv+4IWHjItvhdi9kUQ3Gcbahe55OcdZuSXXH3w5cHF0rKz9aYRpN jENqXM5dA8x4zIymJraqYvHlFsuuPB8rcRIV9SKsvcy14w9iRqu770NjXfE/aIsyRwwmTPiU FQ0fOSDPA/x2DLjed/GYHem90C5vF4Er9InMqH5KAMLnjIYZ9DbPx5c5EME4zW/d648HOvPB bm+roZs4JTHBhjlrTtzDDpMcxHq1e8YPvSdDLPvgFXDcTD4+ztkdO5rvDkbc61QFcLlidU8H 3KBiOVMA/5Rgl4lcWZzGfJBnwvSrKVPsxzpuCYDg01Y/7TH4AuVkv5Na6jKymJegjxEuJUNw CBzAhxOb0H9dXROkvxnRdYS9f0slcNDBrq/9h9dIBOqLhoIvhu+Bhz6L/NP5VunQWsEleGaO 3gxGh9PP/LMyjweDjPz74+7pbyOW0b5VnIDFcvCTJKP0sBJjRU/uqmQ25ckozuYrml0kqVGp EfxhSKVqCFoAS4Q7ux99yT4re2X1kmlHh3xntzmOaRpcZsS8mJEnVyhJZBMOhqE280m80ZbS CYghd2K0EIuRbexd+lfdjZ+t8ROMMdW5L51CJVigF0anyYTcAwARAQABzSdQZXRlciBTYWlu dC1BbmRyZSA8c3RwZXRlckBtb3ppbGxhLmNvbT7CwZQEEwEIAD4WIQQ1VSPTuPTvyWCdvvRl YYwYf2gUqQUCWicR/gIbIwUJCWYBgAULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRBlYYwY f2gUqdaREAChG8qU1853mP0sv2Mersns8TLG1ztgoKHvMXFlMUpNz6Oi6CjjaMNFhP7eUY4T D43+yQs7f4qCkOAPWuuqO8FbNWQ+yUoVkqF8NUrrVkZUlZ1VZBMQHNlaEwwu1CGoHsLoRohP SiZ0hpmGTWB3V6cDDK4KN6nl610WJbzE9LeKY1AxtePdJi2KM281U0Fz8ntij1jWu0gF2xU4 Sez46JDogHLWKgd0srauhcCVzZjAhiWrXp1+ryzSWYaZO8Kh8SnF1f4o6jtYikMqkxUaI5nX wvD3kNX4AMSkCAZfG7Jcfj/SLDojTcREgO87g7B9bcOOsHN4lj3lHoFV0aXpgPmjfIvAjJHu fHkXZAQAH8w0u9bgJqRn703+A4NPfLopnjegyhlNi7fQ3cMQV1H7Oj7WrB/pCcprx+1u/6Uq oTtDwWh1U5uVthVAI0QojpNWR08zABDX19TlGtVoeygaQV3CAEolxTiYQtCfVavUzUplCZ/t 3v4YiRov+NylflJd+1akyOs1IAgARf444BnoH1fotkpfXNOpp9wUXXwsQcFRdP7vpMkSCkc0 sxPNTVX3ei0QImp4NsrFdaep7LV3zEb3wkAp6KE5Qno4hVVEypULbvB0G6twNZbeRfcs2Rjp jnPb2fofvg2WhAKB20dnRfIfK8OKTD/P+JDcauJANjmekM7BTQRaJxH+ARAApPwkbOTChAQu jMvteb/xcwuL5JZElmLxIqvJhqybV7JknM+3ATyN0CTYQFvPTgIrhpk4zSn0A6pEePdK8mKK 5/aHyd7pr7rLEi1sI/X3UE8ld/E83MExksKrYbs0UX1wSQwYXU6g64KicnuP2Abqg+8wrQ18 1nPcZci9jJI75XVPnTdUpZD5aaQWGp7IJ06NTbiOk30I50ORfulgKoe4m3UfsMALFxIx3pJk oy76xC2tjxYGf+4Uq1M0iK3Wy655GrcwXq/5ieODNUcAZzvK5hsUVRodBq0Lq3g1ivQF4ba7 RQayDzlW6XgoeU49xnCr9XdZYnTnj4iaPmr2NtY6AacBwRz+bJsyugeSyGgHsnVGyUSMk8YN wZHvUykMjH21LLzIUX5NFlcumLUXDOECELCJwewui4W81sI5Sq/WDJet+iJwwylUX22TSulG VwDS+j66TLZpk1hEwPanGLwFBSosafqSNBMDVWegKWvZZVyoNHIaaQbrTIoAwuAGvdVncSQz ttC6KkaFlAtlZt3+eUFWlMUOQ9jxQKTWymyliWKrx+S6O1cr4hwVRbg7RQkpfA8E2Loa13oO vRSQy/M2YBRZzRecTKY6nslJo6FWTftpGO7cNcvbmQ6I++5cBG1B1eNy2RFGJUzGh1vlYo51 pdfSg0U1oPHBPCHNvPYCJ7UAEQEAAcLBfAQYAQgAJhYhBDVVI9O49O/JYJ2+9GVhjBh/aBSp BQJaJxH+AhsMBQkJZgGAAAoJEGVhjBh/aBSpAw0P/1tEcEaZUO1uLenNtqysi3mQ6qAHYALR Df3p2z/RBKRVx0DJlzDfDvJ2R/GRwoo+vyCviecuG2RNKmJbf1vSm/QTtbQMUjwut9mx6KCY CyKwniqdhaMBmjCfV2DB2MxxZLYMtDfx/2mY7vzAci7AkjC+RkSUByMEOkyscUydKC/ETdf9 tvI8GhTY/8Q7JSylS3lQA5pMUHiIf+KpSmqKZeBPkGc7nSKM1w1UKUvFAsyyVsiG6A/hWrTr 7tTQAl7YfjtOGE8n4IKGktvrT99bbh9wdWKZ5FdHUN9hx2Q8VP8+0lR1CH2laVFbEwCOv1vM W4cgQDLxwwpo1iOTdHBVtQDxlQ9hPMKVlB1KP9KjchxuiLc24wLmCjP3pDMml4LQxOYB34Eq cgPZ3uHvJZG309sb2wTMTWaXobWNI++ZrsRD5GTmuzF3kkx3krtrq6HI5NSaemxK6MTDTjDN Rj/OwTl0yU35eJXuuryB20GFOSUsxiw00I2hMGQ1Cy9L/+IW6Dvotd8O3LmKh2tFArzXaKLx /rZyGNurS/Go5YjHp8wdJOs7Ka2p1U31js24PMWO6hf6hIiY2WRUsnE6xZNhvBTgKOY6u0KT V6hTevFqEw7OAZDCWUoE2Ob2/oHGZCCMW5SLAMgp7eihF0kGf2S2CmpIFYXGb61hAD8SqSY7 Fn7V
Message-ID: <1678fa72-5968-a95a-86fa-936d6f8c445d@mozilla.com>
Date: Mon, 09 Apr 2018 11:58:47 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B72E4F88F@ESESSMB109.ericsson.se>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ice/dJ95O1PIr-rq8_BjYe5nLWQORYE>
Subject: Re: [Ice] Eric Rescorla's No Objection on draft-ietf-ice-trickle-18: (with COMMENT)
X-BeenThere: ice@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Interactive Connectivity Establishment \(ICE\)" <ice.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ice>, <mailto:ice-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ice/>
List-Post: <mailto:ice@ietf.org>
List-Help: <mailto:ice-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ice>, <mailto:ice-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Apr 2018 17:58:58 -0000

On 4/8/18 1:58 PM, Christer Holmberg wrote:
> Hi,
> 
>>>> Important comments:
>>>>    agent SHOULD follow a policy of keeping the higher priority candidate
>>>>    unless it is peer reflexive.
>>>>
>>>> IMPORTANT: This section is confusing wrt how pruning works. AIUI, you 
>>>>> follow ordinary 5245 pruning procedures at the beginning of the 
>>>> connection for whatever candidates you have. Is that incorrect?
>>>
>>> Right, there's no reason to override normal pruning procedures.
>>>
>>>>> Also, why are you proposing prioritizing other candidates over prflx 
>>>> candidates? That's not the procedure in 5245.
>>>
>>> This text was in the spec when I joined the author team. I am not sure 
>>> of the rationale. The only difference with Trickle ICE is handling 
>>> candidate pairs that come in later. Section 13 notes that it's 
>>> possible for a server reflexive candidate to be perceived as peer 
>>> reflexive if the STUN connectivity check arrives before signaling of 
>>> the trickled candidate, however it also notes that this "does not 
>>> require any change in processing". See also below.
>>>
>>>>    maximum number of candidate pairs (100 by default as per
>>>>    [rfc5245bis]), the new pair is discarded.
>>>>
>>>> IMPORTANT: Why are you discarding before you check for redundancy?
>>>> This seems like it evicts the wrong pair.
>>>
>>> Hmm, it could. Checking the max-pair rule after the redundancy check 
>>> would indeed make more sense.
>>>
>>>>    new candidate to the priority of the pre-existing candidate and then
>>>>    re-sorting the check list.
>>>> IMPORTANT: This seems to slow down checks if the existing check is 
>>>> already running. What is the rationale for this?
>>>
>>> Good point. This is the same issue with prflx in another guise. I'm 
>>> not sure of the rationale. The only thing I can come up with is that 
>>> we're trying to work around the fact that some server reflexive 
>>> candidates could be perceived initially as peer reflexive. Throwing 
>>> out the earlier "peer reflexive" candidate in favor of the later 
>>> candidate (which might be server reflexive) might be a workaround.
>>>
>>> I'll ask Emil to clarify this for us.
>>
>> Emil and I synced up just now.
>>
>> Right after IETF 95, Taylor Brandstetter raised an issue about the handling of peer reflexive candidates 
>> during de-duplication, quoted here for convenience from the mail archive (see
>> https://www.ietf.org/mail-archive/web/ice/current/msg00304.html):
>>
>> ###
>>
>> It's possible for a remote peer reflexive candidate to be created simply because a binding request was received 
>> before the candidate was signaled. Then, according to this rule, the peer reflexive candidate would not be replaced 
>> by the server reflexive candidate when it's signaled, because the peer reflexive candidate is guaranteed to have a higher priority.
>>
>> As a result, the endpoints will prioritize the same candidate pair differently, because one endpoint sees the candidate 
>> as peer reflexive while the other sees it as something else. This means the endpoints could have different ideas of which 
>> candidate pair is the highest priority, which could result in sub-optimal selection of a candidate pair, or asymmetric selection 
>> if the controlling agent is an RFC 5245 endpoint that uses aggressive nomination.
>>
>> So, I suggest a minor modification to the rule: peer reflexive candidates are always replaced by other types of candidates, regardless of priority.
>>
>> ###
>>
>> Looking back at the text we recently removed in -19, I'm not convinced that we ever captured Taylor's feedback properly. I will 
>> look into it more carefully later today or over the weekend and propose a further text adjustment.
> 
> Not sure I follow. Is this a binding-request-was-received-before-the-candidate-was-signaled case specific to trickle? Are we talking about trickled candidates?

My reading of Taylor's original email is that this is about receiving
duplicate candidates through the trickling process:

   At IETF 95, the decision was made to choose the candidate with the
   higher priority if duplicate candidates are received (see:
   https://github.com/ice-wg/trickle/issues/6). However, I see a
   potential issue with this, specifically regarding peer reflexive
   candidates.

And specifically about receiving a binding request before receiving any
signaling of the candidate:

   It's possible for a remote peer reflexive candidate to be created
   simply because a binding request was received before the candidate
   was signaled. Then, according to this rule, the peer reflexive
   candidate would not be replaced by the server reflexive candidate
   when it's signaled, because the peer reflexive candidate is
   guaranteed to have a higher priority.

https://www.ietf.org/mail-archive/web/ice/current/msg00304.html

> If so, does it below to section 7? In another email I asked for clarification whether section 7 only applies to the initial check list (as section 8 seems to cover the case when candidates are later trickled).

Yes, I read all of your email messages. :-)

I agree that the exact roles of Section 7 and Section are slightly
murky, and will propose better text today.

Peter

v2.23.0 | Report a Bug | By Email