Re: [Insipid] draft-ietf-insipid-session-id-14: comments and questions

Brett Tate <> Tue, 05 January 2016 17:51 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 4FF061B2A59 for <>; Tue, 5 Jan 2016 09:51:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.421
X-Spam-Level: *
X-Spam-Status: No, score=1.421 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id w31Qj9JC008U for <>; Tue, 5 Jan 2016 09:51:49 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EE9051B2A4C for <>; Tue, 5 Jan 2016 09:51:41 -0800 (PST)
Received: by with SMTP id f206so32228275wmf.0 for <>; Tue, 05 Jan 2016 09:51:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=from:mime-version:thread-index:date:message-id:subject:to :content-type:content-transfer-encoding; bh=ORqL1pwLFhULCCRb2QEtsWVxyAx18VXwCufSiytYP6I=; b=a3o5Dt/grTDWGzXTtMIYNXoExXzsqyqi1auPdylw6Tn3u2RNZdBohH1xIEk+5WyahW 2wVsZoVz4k7Y7ygKauHvnm2WwCIW9yD1S6in45u/H4kR5cJCKGWuKP0fZPohkvtr+4Tp 2Mb8gkSiyt7T+o6S+VZef4jArNlj3RcSGmtKMHaYUuMahZSW0Z58m/8wP/nOPqjKtBq3 4NclD/fqJqvwxkaNmO0cdYMQjfHYhXj6bh2X+uVir6Lkbb+DaQC73efQ/CLQKXuuJ6Nj ogSafPDyiAi/QaKoHaQCLubcpRusR/VfqZm1tWRdXUHo0qIrQR7OegAuE6Lee11d+kGp iwCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20130820; h=x-gm-message-state:from:mime-version:thread-index:date:message-id :subject:to:content-type:content-transfer-encoding; bh=ORqL1pwLFhULCCRb2QEtsWVxyAx18VXwCufSiytYP6I=; b=NaZt3Zs1XV2CH7AoqMHuuhUd5ko+5CiAXw41RuZzY3AtgYGAsrw5qeyLv2A1pb2Z9V AF+SdJVJ73JDyEzllLoaDHC0jwWH/cMMFo5J4MYqbApxyxrXYeT5Fsr2No4YJiiGlVwd /lRHfX8P854ULuBzz5wosxqPPxQTBG9nYUv9HvY9X20JfYtW6OXyL+kFtItz7gvY/6Ze FEFtQ/JyMwDASu4wYL8mbGra5gxW6+zICQ1ZlxfdVoPOG60uMwNs6cN9vYLRRfKEzDnb hYWDy6piiSCetKvjLRG0m7AuX1FNGxeLdYNjTyHjUVYG7iEITdndsd7KI2lDAWbwmmLq aE1Q==
X-Gm-Message-State: ALoCoQlnma6606/jP9WrkWN98ayYLXHq8QDTqTZjXWmhdpikwgGKEsKyhHQj4HzuoRQKknB5tvFea//stALaK8chDudfk9WPeIzEkPCPXVYVAnNrt2VdnSI=
X-Received: by with SMTP id 76mr5790410wma.27.1452016300383; Tue, 05 Jan 2016 09:51:40 -0800 (PST)
From: Brett Tate <>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AdFH4a6/NsdUhMmHTreHxlK6Kbew9g==
Date: Tue, 05 Jan 2016 12:51:39 -0500
Message-ID: <>
To: "Paul Giralt (pgiralt)" <>,
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [Insipid] draft-ietf-insipid-session-id-14: comments and questions
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: SIP Session-ID discussion list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 05 Jan 2016 17:51:51 -0000

Hi Paul,

Thanks for the response and welcome to the discussion.  Reply is inline.

> I propose a simpler solution that should address your
> concerns and make it easy for implementers to understand
> what should be done in these scenarios. This would
> require a slight modification to the draft as it stands
> today. I am therefore seeking your and the working group’s
> approval to move forward with this change. If we can all
> agree on this in concept, I will put together some
> concrete text for inclusion in the draft.

To get more feedback, you might need to raise the topic in a new thread.

> In a nutshell, I propose that we make a minor change to
> the text to explicitly call out the conditions under
> which a UUID should be stored by endpoints and
> intermediaries. I propose that an endpoint or intermediary
> only store an updated remote UUID under the following
> conditions:
> When receiving a request (other than ACK) that is accepted
> (results in a 1XX or 2XX response), the received UUID must
> be retained. If the request results in any other kind of
> response, it should not be retained. This can, of course,
> lead to conditions where a request is received, a
> provisional response is sent (and therefore the UUID is
> retained) and then for whatever reason, an error
> (4XX/5XX/6XX) or redirect (3XX) response is sent. In such
> a case, we will never “roll back” the Session ID.

Concerning the mentioned "1xx", you might want to exclude 100 since 100
isn't end-to-end (even if using proxies instead of B2BUAs).  For instance if
100 is only sent between two of the intermediaries, a resulting 500 response
doesn't mean that everyone agrees that the uuid actually changed.  However,
I guess that the same could be said for all non-reliable 1xx since a 18x
sent by endpoint could be dropped (or received after 500).

You might want to distinguish between a ACK-for-2xx versus ACK-for-non-2xx.
Some within the SIP working groups prefer to allow ACK-for-2xx to update
things.  For instance, see draft-ietf-insipid-session-id-16 section 9.7; the
3pcc sends the updated uuid within the ACK.

The proposal currently appears to violate (or alter) RFC 3261 section 8.2:
"If it is rejected, all state changes MUST NOT be performed".  Similarly it
also appears to impact the following RFC 6141 section 3.3 SHOULD: "If any of
the changes requested in a re-INVITE or in any transaction within it have
already been executed, the UAS SHOULD return a 2xx response".

You might want to exclude CANCEL and its 2xx response from the algorithm
(although decision might be influenced by decision concerning 100 response).
CANCEL and related 2xx response are not end-to-end (even if using proxies
instead of B2BUAs).

> The only additional rule for stateful intermediaries is
> that if they accept a request and then forward that request
> to another destination (therefore there was no error found
> with the message), this will also trigger the intermediary
> to update the retained UUID.

The proposal means that not all of the devices will necessarily agree if a
uuid changed during failure situation.

Concerning "therefore there was no error found" statement, be aware that
forwarding a request does not necessarily mean that no error was found (i.e.
device can be lenient) or that the request won't eventually be rejected
(with 400 or other failure response).

> The remote UUID in all responses must match the UUID
> received in the request if the SIP stack is able to process
> the Session-ID header. This applies even if the UUID is not
> going to be retained. If a re-INVITE {C,B} contains an
> error but the Session-ID is successfully extracted from the
> re-INVITE, the 4XX response should contain {B,C} (assuming
> the receiving endpoint is still using B as the local UUID.
> Otherwise B should be replaced with the correct Local UUID).
> To deal with issues where a response with a Session ID
> different than what is being retained is sent in an error
> response and the ACK for that response contains the new
> Session ID which we chose not to retain because it was as
> a result of an error, the document will state that a
> Session ID received in an ACK must never update the
> retained value. This should never be an issue because the
> Session ID in the ACK should always match that of the
> matching request, so if the endpoint receiving the request
> updated the Session ID on the request, it does not need to
> do so again for the ACK.

Concerning "Session ID in the ACK should always match that of the matching
request", it isn't always true.  For instance, see
draft-ietf-insipid-session-id-16 section 9.7; the 3pcc sends the updated
uuid within the ACK.

You might want to distinguish between a ACK-for-2xx versus ACK-for-non-2xx.
Some within the SIP working groups prefer to allow ACK-for-2xx to update

> Endpoints and intermediaries always update their Remote
> Session ID based on any responses received regardless of
> the type of response (provided the response is
> syntactically valid and can be processed, of course).

Sending a non-reliable response (1xx-6xx) is not necessarily the best way to
update something because of race conditions and similar ambiguities.
However, the proposal is basically the same as the draft.

> There will always be feature interactions that result in
> temporarily mismatched Session IDs when intermediaries are
> involved, but I don’t think the above proposal makes this
> any worse of a problem in real-world applications.

I'm currently not sure if the proposal is better or worse than draft version

>From the rejecting device perspective, the proposal appears to be better.
The proposal currently appears to leave partial changes up to rejecting
device (i.e. intermediaries allowed change but rejecting device did not)
without any indication to modifier to know if change was successful at the
remote endpoint.  This is about the same as changing some of the MUST to
SHOULD (or MAY) within the current draft which would allow the rejecting
device to make the decision concerning which is better for the situation.

> Please see my responses inline to address your concerns….

I'll respond separately if I have any comments different from those within
this reply.