IETF Logo Mail Archive

Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt

Christer Holmberg <christer.holmberg@ericsson.com> Wed, 24 February 2016 09:04 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FDBB1B48A4 for <mmusic@ietfa.amsl.com>; Wed, 24 Feb 2016 01:04:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VhAYf1khV1C1 for <mmusic@ietfa.amsl.com>; Wed, 24 Feb 2016 01:04:08 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E9EB1B489F for <mmusic@ietf.org>; Wed, 24 Feb 2016 01:04:07 -0800 (PST)
X-AuditID: c1b4fb2d-f794c6d000006f31-8a-56cd7206ccd1
Received: from ESESSHC018.ericsson.se (Unknown_Domain [153.88.183.72]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 8B.3F.28465.6027DC65; Wed, 24 Feb 2016 10:04:06 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.73]) by ESESSHC018.ericsson.se ([153.88.183.72]) with mapi id 14.03.0248.002; Wed, 24 Feb 2016 10:04:05 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Paul Kyzivat <pkyzivat@alum.mit.edu>, IETF MMUSIC WG <mmusic@ietf.org>
Thread-Topic: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt
Thread-Index: AQHRYDJWlchfH5W0vky7ZrpRmrhLnJ83E66AgAJUQ1CAALVrAIAA3K9A
Date: Wed, 24 Feb 2016 09:04:05 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B37E3E3AB@ESESSMB209.ericsson.se>
References: <56B4CDCF.4080100@cisco.com> <56CA320D.9050306@cisco.com> <7594FB04B1934943A5C02806D1A2204B37E389BF@ESESSMB209.ericsson.se> <56CCBE6A.7090709@alum.mit.edu>
In-Reply-To: <56CCBE6A.7090709@alum.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.148]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrFLMWRmVeSWpSXmKPExsUyM2K7hy5b0dkwg60PRC2mLn/MYrFiwwFW ByaPv+8/MHksWfKTKYApissmJTUnsyy1SN8ugStj13XfggnqFRNn7WFtYDwj18XIySEhYCLx 8uQUZghbTOLCvfVsXYxcHEIChxklVm/7zgqSEBJYzCix6BqQzcHBJmAh0f1PGyQsIuAlceLv aTYQW1jAXuLf/Q9sEHEHiU03rjFC2G4Sr85dZAGxWQRUJSZum8gGMoZXwFei4ZU8xKrVjBJL l04Gq+cU0JE4e+8v2BxGoHu+n1rDBGIzC4hL3HoynwniTgGJJXvOQ90sKvHy8T9WCFtJonHJ E1aIeh2JBbs/sUHY2hLLFr4Gq+cVEJQ4OfMJywRG0VlIxs5C0jILScssJC0LGFlWMYoWpxYX 56YbGeulFmUmFxfn5+nlpZZsYgTGyMEtv3V3MK5+7XiIUYCDUYmHt+DJmTAh1sSy4srcQ4wS HMxKIrx2aWfDhHhTEiurUovy44tKc1KLDzFKc7AoifOucV4fJiSQnliSmp2aWpBaBJNl4uCU amCMdtH4VNPJ/mXG8izplD8l4VxbeQ59nVZodWafgkSTQfaF91q9Qb90l+54cMRa+WVxw+0L EYpKSeusF/F92VQeJzfFuLpWnpuD75inbEHGat479f7Jf+cujtxkvX9dvt5hmUlcn6188q9z SF6f6b1/QRhv77pXh1cz/1yYOOHDkzdG2rMeWbQosRRnJBpqMRcVJwIAz8JKC40CAAA=
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/33vBOjYlD3S-sryU-uzclrH4mi8>
Subject: Re: [MMUSIC] WGLC on draft-ietf-mmusic-dtls-sdp-06.txt
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2016 09:04:10 -0000

Hi Paul,

Once again, thank you for a good review. See inline.

>I went through the full draft (-08) again, not just the diffs. I found a few things:
>
>* Intro:
>
> Reading the intro I would jump to the conclusion that the primary reason for this draft is to define the way for 
> explicitly signaling a new association. While this is important, I don't think it is *the* reason. 
> Rather, IIUC, the reason is to centralize DTLS negotiation procedures for many protocols that require it.

We tried to cover that in the first paragraph of the Introduction, but I guess some additional text could be added. E.g.:

   "[RFC5763] defines SDP Offer/Answer procedures for SRTP-DTLS.  [RFC7345]
   defines SDP Offer/Answer procedures for UDPTL-DTLS. This specification
   defines general Offer/Answer procedures for DTLS. Other specifications,
   defining specific DTLS usages, can then reference this specification, in order
   to ensure that the DTLS aspects are common among all usages. Having
   common procedures is essential when multiple usages share the same
   DTLS association [referene-to-BUNDLE]."

--------------------

> * Section 3.1:
>
> The third bullet is:
>
>    o  The establishment of a new DTLS association is explicitly
>       signaled;
>
> ISTM that this isn't quite right. I think it should say:
>
>    o  The desire/intent to establish of a new DTLS association is
>       explicitly signaled;

I'll look into that, but your suggestion seems ok.

--------------------

>* Section 4:
>
>    A 'dtls-connection' attribute value of 'new' indicates that a new
>    DTLS association MUST be established.  A 'dtls-connection' attribute
>    value of 'existing' indicates that a new DTLS association MUST NOT be
>    established.
>
> The 2nd sentence above isn't entirely true. It is contradicted by section 5.3:
>
>    ... or if the answerer receives
>    an offer that contains an 'dtls-connection' attribute with an
>    'existing' value and the answerer determines (based on the criteria
>    for establishing a new DTLS association) that a new DTLS association
>    is to be established, the answerer MUST insert a 'new' value in the
>    associated answer.
>
> IMO 5.3 must prevail here, because the answerer may not agree that there is an existing connection to reuse. So the working in section 4 should change. How about:
>
>    ... A 'dtls-connection' attribute
>    value of 'existing' indicates a preference to reuse an existing
>    association.

I'll look into that, but your suggestion seems ok.

--------------------

>* Section 5.1:
>
>    The certificate received during the DTLS handshake MUST match the
>    fingerprint received in the SDP "fingerprint" attribute.  If the
>    fingerprint does not match the hashed certificate, then the endpoint
>    MUST tear down the media session immediately.  ...
>
> This talks about *the* fingerprint. But, IIUC, multiple fingerprints may be supplied. What is the required processing in that case?

We try to clarify that in section 3.4, which says:

   "It is possible to associate multiple SDP fingerprint attribute values
   to an 'm-' line.  If any of the attribute values associated with an
   'm-' line are removed, or if any new attribute values are added, it
   is considered a fingerprint value change."

--------------------

>* Section 5.3:
>
>If the offer specified 'existing' but the answerer changes to 'new', should the setup attribute settings remain as they had been? (Which then determines which end sends the ClientHello message.)

Not sure I understand. If a new DTLS association is to be established, shouldn't it be allowed to re-negotiate the roles (read: change the value of the 'setup' attribute)?

>What should be done if the offer doesn't contain a setup attribute?

We assume the default value, which is "active" (RFC 4145).

The text says that the setup value is included "according to the procedures in [RFC4145]", but we could always include a note saying what the default value is.

--------------------

> * Section 9.2 (NEW TEXT)
>
>    The far endpoint (answerer) may now establish a DTLS association with
>    the offerer.  Alternately, it can indicate in its answer that the
>    offerer is to initiate the TLS association.  ...
>
> Why does this first say DTLS and then use TLS? IIUC they should both be DTLS.

Correct.

--------------------

NEW COMMMENT:

In addition, I noticed that the document uses "DTLS connection" terminology in a few places, while the intention is to use "DTLS association" (which is also used in the RFCs we update).

The question is whether the name of the SDP attribute should still be "dtls-connection", or whether we should change it to "dtls-association". My personal preference would be to keep the "dtls-connection" name, but I can live with both.


Regards,

Christer

v2.23.0 | Report a Bug | By Email