Re: [MMUSIC] Draft new version: draft-ietf-mmusic-dtls-sdp-02
Martin Thomson <martin.thomson@gmail.com> Thu, 17 December 2015 22:00 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 653D81B30D1 for <mmusic@ietfa.amsl.com>; Thu, 17 Dec 2015 14:00:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.4
X-Spam-Level:
X-Spam-Status: No, score=-1.4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, J_CHICKENPOX_15=0.6, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cgUMxKvwE1kP for <mmusic@ietfa.amsl.com>; Thu, 17 Dec 2015 13:59:59 -0800 (PST)
Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 665CC1A89A0 for <mmusic@ietf.org>; Thu, 17 Dec 2015 13:59:59 -0800 (PST)
Received: by mail-io0-x22e.google.com with SMTP id o67so70147923iof.3 for <mmusic@ietf.org>; Thu, 17 Dec 2015 13:59:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=dGWX6CKzbK0+H+MwYnL41UNRa4F32VgoldB1Ya3SE1k=; b=OKjgg/tHSstENsOBjdPp/MBXmJ5A3RNxWs9ajxdkBEKhb1Q6rGc92Zkvh6iJrhbz5v r3d4Qjp5VFxB/w5j72wYjBBgO18cKQbsHXSZeUXiAY8lF5cuncpCHHlmp6ORAtirnGnS JXKgFqViyDMhHAy+Pp+uT7IF2uumk1bQ5UMScM3VHkTD6zZEXe2mae8eGet5WW07Y0Jv IZy2haQVllE8UhO8DZ18gVC6KEYYJwMPL99aEI5qkNAAmoIcWRyrpFGoAl9dMlz4DU+7 7wi+wI7zL19WrxZCFbw9oEgIt4VIulfwH3INkaY7aNOsCT9uFw4GTcJNtUUai4vw6n79 cDWQ==
MIME-Version: 1.0
X-Received: by 10.107.169.29 with SMTP id s29mr798739ioe.190.1450389598742; Thu, 17 Dec 2015 13:59:58 -0800 (PST)
Received: by 10.36.149.130 with HTTP; Thu, 17 Dec 2015 13:59:58 -0800 (PST)
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B37C8B1E5@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B37C8B1E5@ESESSMB209.ericsson.se>
Date: Fri, 18 Dec 2015 08:59:58 +1100
Message-ID: <CABkgnnVUy+FiRps1KWAkmhbTvS0UsYy70t4XRmWWE9x1Gp11Cw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/1YSQ6iI6xEv-Gif6KuLVgBEjFpI>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] Draft new version: draft-ietf-mmusic-dtls-sdp-02
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Dec 2015 22:00:01 -0000
The conditions for " modification requires a new DTLS association" might need to be more clearly spelled out. I think that this is based on some sort of local constraint, but you should say as much. Section 2 can be removed. I think that the definition of fingerprint change is problematic. I think that you should require that a partial change to the set of fingerprints is also accompanied by signaling rather than mandating a new DTLS connection. If - for example - a fingerprint that is not in use is removed, then I think that some existing implementations will expect to continue. I don't like the cipher suite requirements. They don't match those for WebRTC for starters. I'd prefer to see them excised. I'd be OK with a recommendation to prefer forward secrecy or even to require it. I don't mind the fingerprint requirements (SHA-256 and the must match rule). I'm not sure how others feel about restating 5763 requirements, though I think that this is OK. "It is considered an error case if the answer contains a 'dtls-connection' attribute with an 'existing' value, and a DTLS association does not exist." -- What do you expect someone to do in this case? You missed the most important consideration: when running a second DTLS association over the same transport, it is difficult to distinguish between the first and second association because DTLS packets don't identify themselves externally [4]. This point is important enough to include in the intro in my opinion, though I would also add a sub-section to Section 4 explaining this in more detail. I'm not sure about 8.1. I think that a key insight here is that the connection-oriented transport might not be end-to-end. That suggests that multiple DTLS associations can be established. Based on that, you might suggest that connection-oriented transports are no different to any other transport. I found Section 10 basically impossible to parse: patches like this are very hard to read and it's half the document! I'd rather have a short statement identifying the nature of the changes. I think that the 5245 change is incorrect though because it loses some important details. Nits: In 6.3: "and determines (based on the criteria for establishing a new DTLS association)" needs a reference. In 6.4: "if the offerer becomes DTLS client, the offerer MUST establish a DTLS association." Might be worth mentioning that this is based on a=setup. [4] Unless you are lucky enough to have different epochs, but don't do that. Ever. On 8 December 2015 at 18:48, Christer Holmberg <christer.holmberg@ericsson.com> wrote: > Hi, > > > > A new version (-02) of draft-ietf-mmusic-dtls-sdp-02 has been submitted. > > > > Note that this version now suggests updates to RFC 5763 (SRTP-DTLS) and RFC > 7341 (UDPTL-DTLS), so I encourage people to take a look. > > > > In addition, there is some new text about re-using connection-oriented > (read: acknowledged packet delivery) for establishing a new DTLS > association. > > > > You can also find the document on github: > https://github.com/cdh4u/draft-dtls-sdp > > > > (NOTE: This is my personal repo, as I am not aware of any “official” MMUSIC > repo) > > > > Regards, > > > > Christer > > > _______________________________________________ > mmusic mailing list > mmusic@ietf.org > https://www.ietf.org/mailman/listinfo/mmusic >
- [MMUSIC] Draft new version: draft-ietf-mmusic-dtl… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Paul Kyzivat
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Bo Burman
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Charles Eckel (eckelcu)
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Gonzalo Salgueiro (gsalguei)
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Martin Thomson
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Roman Shpount
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Paul Kyzivat
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Roman Shpount
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Paul Kyzivat
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Martin Thomson
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Martin Thomson