Re: [Insipid] draft-ietf-insipid-session-id-18: comments and questions

Brett Tate <brett@broadsoft.com> Wed, 30 March 2016 14:16 UTC

Return-Path: <brett@broadsoft.com>
X-Original-To: insipid@ietfa.amsl.com
Delivered-To: insipid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DE5F12D0F3 for <insipid@ietfa.amsl.com>; Wed, 30 Mar 2016 07:16:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=broadsoft-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S1Gu6ikQmdCO for <insipid@ietfa.amsl.com>; Wed, 30 Mar 2016 07:16:37 -0700 (PDT)
Received: from mail-ig0-x22b.google.com (mail-ig0-x22b.google.com [IPv6:2607:f8b0:4001:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 05B1812D577 for <insipid@ietf.org>; Wed, 30 Mar 2016 07:16:36 -0700 (PDT)
Received: by mail-ig0-x22b.google.com with SMTP id ui10so33625387igc.1 for <insipid@ietf.org>; Wed, 30 Mar 2016 07:16:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadsoft-com.20150623.gappssmtp.com; s=20150623; h=from:mime-version:thread-index:date:message-id:subject:to :content-transfer-encoding; bh=gXnPz8g6UBkZJoUUWGu7YzvFtBUc0s7TcKOp0VvYOnU=; b=jHZ7xMDuOPaP8hSUkPsBKxCJ1yV5JctMtwI8NpRIfAISyjTY0faOO4mkoYYY8PVIPi bzIjuJIZoOwe+GRUKpSMuHkLIuDPl5FhHUbNsFU6+lqycx92tIjZWUpyvsz0AYKXZ7Zd imwuwecOKEPikIoEoO+zxRv7fHMQ99fk3/pL/dzbCcxzHajrEVXK5eg3z2fD6xHbylfV gudtsKB6zf1aml2WVOe0ygN3Uw92X9JItwd4Q/nwhdo8aJmkA1VNj/H6WLSnTtWdE1/0 eO+KtkSAtL/QR6p9+oybXTHLJ6Y+6anqzvIhPVyH5wvRHMLABkWBEXxdeo2HyyF1uWkG nEjw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:mime-version:thread-index:date:message-id :subject:to:content-transfer-encoding; bh=gXnPz8g6UBkZJoUUWGu7YzvFtBUc0s7TcKOp0VvYOnU=; b=a9LPUlN61C0wsRLLx7qs+FZ9vzk6UJVHq5nlX2DgKR2O0ZVobBiZelAJaoJk8yTNGs G5ttrtuaMwoVGlKWwrigOGoNcKQWE7QBmYHWxglr4RvAncxKC/B4Fw9Z/1ngzS2kdRQg aTJ1mrGiRKAmSGnY+s+Ep3yghqJ9bQ0aS4qY4EdOoC1rxC9P1q2FMBamkeJi0oj5XgxV vjDBFHu+MLzWAlJK/0DMnSkyhbj1heEH3P7sbed705r5KuC/2hcOKDN4/EXBkamlN6yw K+rA4HXtWPSFb6lLJKoEqvBJus8ztvFt03PKwoX/IvtOAVx01IricCBmhCyy3fTuzs4Z MtDg==
X-Gm-Message-State: AD7BkJJS/pr7BU4vSXCsREAPxo2fDNWV6NnMlF6f6txwZw2oXvsggSCpNBTxJfIfm4k8y4eZ96MK3HIXBWygPrim
X-Received: by 10.50.111.8 with SMTP id ie8mr23554831igb.46.1459347396279; Wed, 30 Mar 2016 07:16:36 -0700 (PDT)
From: Brett Tate <brett@broadsoft.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdGKjoY1cNJ5jXYgSYmyGC49bFEmrA==
Date: Wed, 30 Mar 2016 10:16:35 -0400
Message-ID: <7fe4e490ec6b9eb7b87b288748456e09@mail.gmail.com>
To: insipid@ietf.org, "Paul Giralt (pgiralt)" <pgiralt@cisco.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/insipid/7F3ir9rm5XNhYiwxGtTCRssw7Wc>
Subject: Re: [Insipid] draft-ietf-insipid-session-id-18: comments and questions
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Mar 2016 14:16:41 -0000

Hi,

Thanks for the response; reply is inline.

> > 8) Section 8

<snip>

> Totally agree and I avoided using the word “guarantee” for
> the specific reason you outline, but I guess “ensure” might
> be too strong as well. How’s this?

<snip>

Looks okay to me.


> I’m not sure what the best approach here is, but I’m inclined
> to say that the intermediary MUST fix the remote UUID when
> relaying a request / response although I’d be okay with a
> SHOULD. Do you have any opinion?

I don't have a strong preference.  The SHOULD would allow intermediaries to
defer to prior hop within situation or deployment model where intermediary
might be less confident about the accuracy of the stored value.


> > 12) Section 8 bullet 3: Clarify the last sentence since
> > unsure what "latest UUID value" means: stored UUID or
> > request's UUID.
>
> It means the request’s UUID. Fixed.

If not intentional, the proposed new bullet for CANCEL appears to cause the
remote UUID of CANCEL's 200/481 to contain the stored value.  However, I'm
not positive since unsure if another bullet applies at the same time
concerning how to build the CANCEL responses.

Also concerning the new bullet for CANCEL, the "not passed not end-to-end"
appears to have an extra "not".


> > 14) Section 8 bullet 5: Allowing failure responses to
> > update the cached UUID is a little odd (although it
> > provides a value for ACK).  It can potentially cause
> > a disagreement concerning session identifier.
>
> I think the value changing in a failure response is in
> itself an unlikely scenario to begin with and this
> scenario is not likely to occur.

The most likely causes of a change within failure response would be because
of race conditions and not following a SHOULD.


> As you mentioned, without updating the UUID on a failure
> response, we don’t have a value for ACK. Having the value
> in the ACK outweighs any potential out of sync that may
> occur in a rare scenario where the UUID changes on a
> failure response. I’m inclined to leave as-is.

I don't have a strong opinion on the topic.  However the ACK for non-2xx
could be a special situation where it can contain failure response's local
UUID without needing to allow it to update the stored value.  This would be
similar to INVITE failure response (or 3xx) during call setup causing a
resubmit with higher cseq (without remote UUID); however excluding 3xx, I
didn't really notice any text concerning the topic.


> > If there were multiple failure responses causing resubmit
> > with higher cseq, the last change is cached on
> > intermediary.  If session identifier is subsequently
> > missing from 2xx response (or other final response), the
> > intermediary will have a cached UUID which does not get
> > relayed to the endpoint (except maybe when section 7
> > paragraph 12 is applicable).
>
> I’m not understanding why the 2xx would suddenly be
> missing the session identifier in this case.

Among other potential reasons, an intermediary that doesn't support this
draft generated the 2xx response and none of the other intermediaries added
the header.


> I already addressed this case above to ensure that a
> missing session identifier when one was present in
> previous messages does not overwrite. Does this address
> your concern here?

Yes; it allows the intermediary the option to follow section 7 next to last
paragraph.


> When multiple locations are attempted, wouldn’t they be
> attempted in series?

Yes; however similar to the Happy Eyeballs stuff being discussed within
sipcore, the advancement might be quick and the responses may (or may not)
be processed as though requests sent simultaneously.


> I would think that the 503 would actually come back
> before the request that leads to the 2xx if the session
> establishment really does succeed.

That would be nice since it avoids a compliant intermediary (depending upon
interpretation) from doing something which is obviously not preferred.  If
the draft defers to the intermediary/endpoint (explicitly or implicitly),
they can do what they think is best.


> To answer your specific questions - if it really did play
> out the way you outlined above and the 503 does include a
> session identifier (and it happens to be different than
> the one in the 2xx), then yes, the 503 should cause an
> update and the remote UUID in the ACK for the 503 would
> reflect the 503’s value (which would also now be the stored
> value because we accept stored values from the 503). Not
> ideal, but this scenario does not seem realistic to me.
> Please correct me if I’m missing something.

The RFC 3263 advancing of mid-dialog requests based upon short time
intervals occurs.  Devices that do it currently pick a winning
branch/response for updating local data and relaying as needed (selecting
"best" response is discussed within RFC 5057 section 5.1 note 9).

The thing that you might be missing is that the draft (depending upon
interpretation) is asking devices that RFC 3263 advance mid-dialog requests
based upon time (and/or 503) to allow every responding branch to update the
stored value even though 1 or none where selected as the winning response
when selecting how to respond.

However as I mentioned above, I don't have a strong opinion on the topic.