Re: [Insipid] draft-ietf-insipid-session-id-10: comments
"Paul E. Jones" <paulej@packetizer.com> Mon, 09 February 2015 22:43 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: insipid@ietfa.amsl.com
Delivered-To: insipid@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF5031A8A59 for <insipid@ietfa.amsl.com>; Mon, 9 Feb 2015 14:43:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.612
X-Spam-Level:
X-Spam-Status: No, score=-0.612 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wm1a4J8M8XXc for <insipid@ietfa.amsl.com>; Mon, 9 Feb 2015 14:43:22 -0800 (PST)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 733571A8A63 for <insipid@ietf.org>; Mon, 9 Feb 2015 14:43:22 -0800 (PST)
Received: from [10.1.211.243] ([62.192.18.162]) (authenticated bits=0) by dublin.packetizer.com (8.14.9/8.14.9) with ESMTP id t19MhIiv024534 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 9 Feb 2015 17:43:20 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1423521800; bh=VDw5efg8Nas+7xrCzo27IgVlKGu6NqL0FlbBkLQDyfc=; h=From:To:Subject:Date:In-Reply-To:Reply-To; b=P7adfmsp4F0gDw3bdxQO+uhJ90qnuo7Otv07xj/43J+sXknM0oBKZh29CsAnrn+Eg Je7fGJyHUH6MQvM8NqAL5lNtWBg7jqAXQov6j8D5PFDPqfw/RPVfUCIztTebOWZMZv qF+QAoRdLpGNPoitMfAfvRdOR6KiBVp2NThO/L/U=
From: "Paul E. Jones" <paulej@packetizer.com>
To: Brett Tate <brett@broadsoft.com>, draft-ietf-insipid-session-id@tools.ietf.org, insipid@ietf.org
Date: Mon, 09 Feb 2015 22:43:20 +0000
Message-Id: <em27215242-e45e-4ee5-bbca-62c35f65d8f2@helsinki>
In-Reply-To: <c94a9cdb7c4a7846b0034588caa386a8@mail.gmail.com>
User-Agent: eM_Client/6.0.21372.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/insipid/Z-b3Puwz5opAnvfaWOzofMP9S_o>
Subject: Re: [Insipid] draft-ietf-insipid-session-id-10: comments
X-BeenThere: insipid@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
List-Id: SIP Session-ID discussion list <insipid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/insipid>, <mailto:insipid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/insipid/>
List-Post: <mailto:insipid@ietf.org>
List-Help: <mailto:insipid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/insipid>, <mailto:insipid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Feb 2015 22:43:25 -0000
Brett, >> >A B2BUA can generate requests and responses on behalf of >> >both sides. In my opinion, section 7 covers some individual >> >situations; however, it appears to be missing the general >> >case of tracking remote/local UUIDs and then using the UUIDs >> >when generating (instead of relaying) subsequent requests >> >and responses associated with the "session". >> >> This is largely purposeful. We do not want intermediaries >> really getting involved in the exchange of UUID values. > >Sounds great to me. If that is really true, add something like the >following paragraph to section 7. > >"Intermediaries MAY track the Session Identifier values associated with >a >transaction and dialog. However since it is NOT REQUIRED (and because >of >other reasons), they MAY provide inaccurate Session-ID values when >generating related requests and responses." OK, how about these as the first two paragraphs? ===== The Call-ID often reveals personal, device, domain or other sensitive information associated with a user, which is why intermediaries, such as session border controllers, sometimes alter the Call-ID. In order to ensure the integrity of the end-to-end Session Identifier, it is constructed in a way which does not reveal such information, removing the need for intermediaries to alter it. Intermediaries MAY track the Session Identifier values associated with a transaction and dialog. However, since it is generally NOT REQUIRED (and because of other reasons), they might provide inaccurate Session-ID values when generating related requests and responses. As such, intermediaries MUST NOT alter the UUID values found in the Session-ID header, except as described in this section. ===== Note I changed a MAY in your document to "might". I don't want to suggest that it's permissible, but noting that it might happen is acceptable. And the rest of the whole section is really intended to very tightly limit the times wherein an intermediary might manipulate the values. > >> If an intermediary is responding on behalf of an endpoint, >> then what the text currently says that "if it knows" the >> UUID value of the opposite endpoint, includes it. Otherwise, >> it either uses the NULL value or fabricates a value. > >What section and paragraph says that? That's in Section 7. Just to avoid mismatch in paragraph count, the text is: ==== When an intermediary transmits a provisional response or a response to a CANCEL request, the “remote-uuid” field will contain the UUID value of the UA that sent the message that prompted the transmission of the response. When the UUID of the destination UA for the message that prompted the transmission of the response is known, the intermediary MUST insert the UUID of the destination UA in the “local-uuid” field of the response. Otherwise, the intermediary MAY set the “local-uuid” field of the response to a locally generated UUID value or the null UUID value. ==== Note that the bit about CANCEL is new and added per our discussion. The word "provisional" was removed from the original text, also, to account for the CANCEL response. > >> In what way would you like to see the text re-worded, keeping >> in mind that we want B2BUAs to take a hands-off approach as >> much as possible. > >Sounds great to me. If the draft is clear about that (such as by adding >the >mentioned paragraph), I'll quit being concerned about the race >conditions, >CANCEL, et cetera which will make it impossible (when mid-dialog >Session-ID >changes occur) for intermediaries to know the correct Session-ID values >for >use when subsequently generating (instead of relaying) requests and >responses. Endpoints have the ambiguity issue; however at least one of >the >UUIDs would be accurate. The section in intermediaries started out by limiting when they were allowed to touch messages. The intent was to strictly reduce opportunity to do damage, while being mindful that some will. The one piece of text that is missing is a statement that says something like this as a final paragraph in section 7: ==== Having said the foregoing, intermediaries that manipulate messages containing Session-ID header values should be aware of what values were last received by an endpoint and, following any kind of service interaction initiated or affected by the intermediary, of what values the receiving endpoint should have knowledge to ensure that both endpoints in the session have the correct and same values. If an intermediary can determine that an endpoint might not have received a current, correct Session-ID header value, the Intermediary SHOULD attempt to provide the correct Session-ID header value to the endpoint such as by sending a re-INVITE message. ==== How does that sound? Paul
- [Insipid] draft-ietf-insipid-session-id-10: comme… Brett Tate
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Brett Tate
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Brett Tate
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Brett Tate
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Brett Tate
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Brett Tate
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Brett Tate
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Brett Tate
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul Kyzivat
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Brett Tate
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Brett Tate
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul Kyzivat
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Brett Tate
- Re: [Insipid] draft-ietf-insipid-session-id-10: c… Paul E. Jones