Re: [MMUSIC] Adam Roach's Discuss on draft-ietf-mmusic-dtls-sdp-28: (with DISCUSS and COMMENT)
Adam Roach <adam@nostrum.com> Thu, 17 August 2017 22:51 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55A83132659; Thu, 17 Aug 2017 15:51:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.878
X-Spam-Level:
X-Spam-Status: No, score=-1.878 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8SC165PpEW0v; Thu, 17 Aug 2017 15:51:24 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 998EE132395; Thu, 17 Aug 2017 15:51:24 -0700 (PDT)
Received: from Svantevit.roach.at (cpe-70-122-154-80.tx.res.rr.com [70.122.154.80]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id v7HMpJhp099785 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 17 Aug 2017 17:51:20 -0500 (CDT) (envelope-from adam@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-70-122-154-80.tx.res.rr.com [70.122.154.80] claimed to be Svantevit.roach.at
To: Roman Shpount <roman@telurix.com>
Cc: draft-ietf-mmusic-dtls-sdp@ietf.org, mmusic-chairs@ietf.org, lemming Andreasen <fandreas@cisco.com>, The IESG <iesg@ietf.org>, "mmusic@ietf.org" <mmusic@ietf.org>
References: <150292479151.11986.12302184246173787021.idtracker@ietfa.amsl.com> <CAD5OKxv2XXr-VTUs8X1CwtvR4U42w+3YSD2WUVmMowF803DLcQ@mail.gmail.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <d25d54c9-3a95-79d8-1715-f0abddde6868@nostrum.com>
Date: Thu, 17 Aug 2017 17:51:18 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CAD5OKxv2XXr-VTUs8X1CwtvR4U42w+3YSD2WUVmMowF803DLcQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------36744851602A55792755D7D7"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/2rRGB-76-43KwgavdS9Olft8oPU>
Subject: Re: [MMUSIC] Adam Roach's Discuss on draft-ietf-mmusic-dtls-sdp-28: (with DISCUSS and COMMENT)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 22:51:26 -0000
On 8/17/17 3:54 PM, Roman Shpount wrote: > On Wed, Aug 16, 2017 at 7:06 PM, Adam Roach <adam@nostrum.com > <mailto:adam@nostrum.com>> wrote: > > Section 5.4 says: > > NOTE: A new DTLS association can be established based on changes in > either an SDP offer or answer. When communicating with legacy > endpoints, an offerer can receive an answer that includes the same > fingerprint set and setup role. A new DTLS association MUST > still be > established if such an answer was received as a response to an > offer > which requested the establishment of a new DTLS association. > > Unless I've misunderstood something important, this isn't going to > work with > legacy implementations, unless you also specify that an "offer > which requested > the establishment of a new DTLS association" must also change > something else > that the legacy answerer will recognize as requiring a new DTLS > association. > For example, if I send a re-offer with a changed tls-id but the same > fingerprint, setup, and transport, the far end will have no reason > to think it > needs to establish a new DTLS association. So I'll sit there > waiting for a new > association to be established, and the remote side will never send > one. > > This doesn't seem backwards-compatible. At the very least, more > text needs to > be added explaining how this is intended to work. > > > The intention was to specify that an offering party sends an offer > with new value of tls-id, it can get back an answer without tls-id, > unchanged remote fingerprint values and setup role . In this case new > DTLS association MUST be established. > > As you have correctly mentioned, tls-id can be changed with no changes > in fingerprints, but current specification requires changing the > transport parameters whenever tls-id is changed. The transport > parameter change should cause new DTLS association to be established, > even if remote is a legacy end point. In this case, even if remote > legacy end point responds with existing fingerprints, transport > parameters and setup role, it is safer to assume that new DTLS > association should be established. Ah, okay. This makes sense. Perhaps add a bit of text to that effect (e.g., "A new DTLS will still be established if such an answer was received as a response to an offer which requested the establishment of a new DTLS association, as the transport parameters will have been changed in the offer.") Clearing my DISCUSS. > JSEP needs to be adjusted in this case. Specification does not work if > tls-id is reflected in the answer. Different tls-id in the answer are > used to disambiguate multiple DTLS associations in case of forking. That was my assumption too. /a
- [MMUSIC] Adam Roach's Discuss on draft-ietf-mmusi… Adam Roach
- Re: [MMUSIC] Adam Roach's Discuss on draft-ietf-m… Roman Shpount
- Re: [MMUSIC] Adam Roach's Discuss on draft-ietf-m… Adam Roach