Re: [MMUSIC] Draft new version: draft-ietf-mmusic-dtls-sdp-02
Christer Holmberg <christer.holmberg@ericsson.com> Fri, 18 December 2015 08:11 UTC
Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDFB31B2AED for <mmusic@ietfa.amsl.com>; Fri, 18 Dec 2015 00:11:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.6
X-Spam-Level:
X-Spam-Status: No, score=-3.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_15=0.6, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hsvi4rq0t9Hi for <mmusic@ietfa.amsl.com>; Fri, 18 Dec 2015 00:11:40 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F41D1B2AB4 for <mmusic@ietf.org>; Fri, 18 Dec 2015 00:11:39 -0800 (PST)
X-AuditID: c1b4fb2d-f79456d000001332-3f-5673bfb91977
Received: from ESESSHC006.ericsson.se (Unknown_Domain [153.88.183.36]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 96.B7.04914.9BFB3765; Fri, 18 Dec 2015 09:11:37 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.76]) by ESESSHC006.ericsson.se ([153.88.183.36]) with mapi id 14.03.0248.002; Fri, 18 Dec 2015 09:11:37 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: [MMUSIC] Draft new version: draft-ietf-mmusic-dtls-sdp-02
Thread-Index: AdExjA3IyAWMhHx8TcSQrk715+uNGQHgdVwAABXwN3A=
Date: Fri, 18 Dec 2015 08:11:35 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B37CED885@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B37C8B1E5@ESESSMB209.ericsson.se> <CABkgnnVUy+FiRps1KWAkmhbTvS0UsYy70t4XRmWWE9x1Gp11Cw@mail.gmail.com>
In-Reply-To: <CABkgnnVUy+FiRps1KWAkmhbTvS0UsYy70t4XRmWWE9x1Gp11Cw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.146]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpmkeLIzCtJLcpLzFFi42KZGbFdRXfn/uIwg3UXFCyunfnHaDF1+WMW ByaPnbPusnssWfKTKYApissmJTUnsyy1SN8ugSvjxqNfTAUXjCrWT9doYFxh2MXIwSEhYCJx t1W5i5ETyBSTuHBvPVsXIxeHkMBhRolfaxcxQTiLGSWuTjjACtLAJmAh0f1PG6RBREBXYtHZ B+wgYWYBdYmri4NAwsICbhLnP/YzQZS4S1z4fowZwraSWNT/kB3EZhFQlTh+9RxYK6+Ar8SC OxoQm6YwSmxYfACsnlMgUKKzaykriM0IdNv3U2vAZjILiEvcejKfCeJmAYkle84zQ9iiEi8f /2OFsJUkfmy4xAJxmqbE+l36EK2KElO6IU7gFRCUODnzCcsERrFZSKbOQuiYhaRjFpKOBYws qxhFi1OLi3PTjYz1Uosyk4uL8/P08lJLNjECo+bglt+6OxhXv3Y8xCjAwajEw2vAVhwmxJpY VlyZe4hRgoNZSYR3w0SgEG9KYmVValF+fFFpTmrxIUZpDhYlcd4WpgehQgLpiSWp2ampBalF MFkmDk6pBkbj8ICzMxdx+1R/efLj/4nsrr8d3aWif/9dDtdwcbi+YEnpg4iHS1ZIW6aZzmja FPL39ETetTeWzs7kfZb5z6N3zgyevWekk+efltI3EQm6Lb/3mcXtvMNlnnteV6h8b+TRmfpY YD/XvEk2E+MVvtnnTDX6oyLIL3Qs/0NvWdjhd1uORDFHmLApsRRnJBpqMRcVJwIAKSiuV5YC AAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/2tWb8SNGOqbi7QoeNBQMTZYB0n8>
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] Draft new version: draft-ietf-mmusic-dtls-sdp-02
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2015 08:11:42 -0000
Hi Martin, Thanks for your comments! See inline. >The conditions for " modification requires a new DTLS association" >might need to be more clearly spelled out. I think that this is based on some sort of local constraint, but you should say as much. Ok, we'll think of something. ----------------- >Section 2 can be removed. Unless we put some content (other than "TBD") there, it will be removed. ----------------- > I think that the definition of fingerprint change is problematic. I think that you should require that a partial change to the set of fingerprints is also accompanied > by signaling rather than mandating a new DTLS connection. If - for example - a fingerprint that is not in use is removed, then I think that some existing implementations > will expect to continue. My assumption is that all changes that mandate a new DTLS connection are accompanied by signalling. But, I agree that it needs to be more clear. ----------------- >I don't like the cipher suite requirements. They don't match those for WebRTC for starters. I'd prefer to see them excised. I'd be OK with a recommendation to prefer forward secrecy or even to require it. > >I don't mind the fingerprint requirements (SHA-256 and the must match rule). I'm not sure how others feel about restating 5763 requirements, though I think that this is OK. The requirements are taken from RFC 7345. We were asked by the security folks to include them. I can remove it, but there is a risk it will come up again during the IESG/security review... ----------------- >"It is considered an error case if the answer contains a 'dtls-connection' attribute with an 'existing' value, and a DTLS association does not exist." -- What do you expect someone to do in this case? Normally the action in cases like this is "based on local policy". I guess we can say that the offerer MUST NOT assume that a DTLS association has been created. ----------------- >You missed the most important consideration: when running a second DTLS association over the same transport, it is difficult to distinguish between the first > and second association because DTLS packets don't identify themselves externally [4]. This point is important enough to include in the intro in my opinion, though > I would also add a sub-section to Section 4 explaining this in more detail. We were going to add text about that, but it seems like we forgot. ----------------- > I'm not sure about 8.1. I think that a key insight here is that the connection-oriented transport might not be end-to-end. That suggests that multiple DTLS associations > can be established. Based on that, you might suggest that connection-oriented transports are no different to any other transport. I'll let Roman reply to this one. ----------------- > I found Section 10 basically impossible to parse: patches like this are very hard to read and it's half the document! I'd rather have a short statement identifying > the nature of the changes. My suggestion is to keep the current changes, but to add some text describing the changes. > I think that the 5245 change is incorrect though because it loses some important details. Do you mean some other RFC? The draft does not update RFC 5245. Or, do you mean that some reference to RFC 5245 is incorrect? ----------------- >Nits: >In 6.3: "and determines (based on the criteria for establishing a new DTLS association)" needs a reference. Will be fixed. >In 6.4: "if the offerer becomes DTLS client, the offerer MUST establish a DTLS association." Might be worth mentioning that this is based on a=setup. Will be fixed. Thanks! Regards, Christer [4] Unless you are lucky enough to have different epochs, but don't do that. Ever. On 8 December 2015 at 18:48, Christer Holmberg <christer.holmberg@ericsson.com> wrote: > Hi, > > > > A new version (-02) of draft-ietf-mmusic-dtls-sdp-02 has been submitted. > > > > Note that this version now suggests updates to RFC 5763 (SRTP-DTLS) > and RFC > 7341 (UDPTL-DTLS), so I encourage people to take a look. > > > > In addition, there is some new text about re-using connection-oriented > (read: acknowledged packet delivery) for establishing a new DTLS > association. > > > > You can also find the document on github: > https://github.com/cdh4u/draft-dtls-sdp > > > > (NOTE: This is my personal repo, as I am not aware of any “official” > MMUSIC > repo) > > > > Regards, > > > > Christer > > > _______________________________________________ > mmusic mailing list > mmusic@ietf.org > https://www.ietf.org/mailman/listinfo/mmusic >
- [MMUSIC] Draft new version: draft-ietf-mmusic-dtl… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Paul Kyzivat
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Bo Burman
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Charles Eckel (eckelcu)
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Gonzalo Salgueiro (gsalguei)
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Martin Thomson
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Roman Shpount
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Paul Kyzivat
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Roman Shpount
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Paul Kyzivat
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Martin Thomson
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Christer Holmberg
- Re: [MMUSIC] Draft new version: draft-ietf-mmusic… Martin Thomson