Re: [MMUSIC] [rtcweb] What goes into c= line address when FQDN is used for the default candidate?

Roman Shpount <roman@telurix.com> Fri, 01 February 2019 20:22 UTC

Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D25A7130E6A for <mmusic@ietfa.amsl.com>; Fri, 1 Feb 2019 12:22:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.03
X-Spam-Level:
X-Spam-Status: No, score=-2.03 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.142, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dEgHr42nHdsX for <mmusic@ietfa.amsl.com>; Fri, 1 Feb 2019 12:22:27 -0800 (PST)
Received: from mail-pg1-x52d.google.com (mail-pg1-x52d.google.com [IPv6:2607:f8b0:4864:20::52d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8A48128B01 for <mmusic@ietf.org>; Fri, 1 Feb 2019 12:22:27 -0800 (PST)
Received: by mail-pg1-x52d.google.com with SMTP id z11so3458637pgu.0 for <mmusic@ietf.org>; Fri, 01 Feb 2019 12:22:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZxiszQvP8ZFDDvqn+Bf1lIlGwm+vjhJUim4CvEgEaHQ=; b=P6UXgvFmxnhUSbYRiOimooOaR7ScKbVThYvHTEQ8rvCzm2DbLVxg7Wkjda9Mtxnoqp oTjCBJcnBEBqCQNl3IdzICTyJk3Dvk3Cqrg42O4BRrgxD00dQb9iFS7xZmgT7ZwqCDRr 2Ron1C0Smmx0aoeUWRH1sVsPh4xrRlSf2VlnbMyzHGSXmyr5J8ah6EqyyiVmhDoB39CT v4v6y5+CGogOOHG69VD4qwwRGkC6Uy7vQSw4u+k3/i/dn3dcXWpNwWFPfPDQuLjQM9QX xP+B6sgC6DQbYNQtq+S/PJVOSUZLXWamRqTqkEGcROf4QvgUptDceiQgH7xrcCTxolxI NTJQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZxiszQvP8ZFDDvqn+Bf1lIlGwm+vjhJUim4CvEgEaHQ=; b=aXaox2lTJvHzXgmxGp/UBI3r6fIZANv0hDJvlYTgUEr+SfHszT7zUTFpwo0UAewuVR LFilsKmlQwzTfjfiA1WhN4Hz/hVaToOOXuOL+fHLGF4RFdEwQ7dEHcw+NVXK/ep2mBJb 7HZ9h23/7ldLcE2AVku5gdF4jE44WU1kjMJi58zzRqtCZXph00b3Gv/tXmH/n1NKkseY VQMaNwC863Ra1PPaD5UZnHz8+Rj9cIerOGj1qc+qrg38/YFq2YgVEsTwgZ2mlrF/eY7u /I/YKPgszoqob2EtSOZ7m3EznKMujzQF+s/IjYXgY+7DBtRYmJpOnp8BathGk9YvME8k T/Ew==
X-Gm-Message-State: AJcUukfqQViBwmxxeQSAIKGmVFgi9h5oRdn2r8qT+rL58aWTedAqF64H L4/raDa9gKF+ZoL8pV49jEiuCg==
X-Google-Smtp-Source: ALg8bN5hpoGCwNe0h9Fsle3nr2V7nrqY64s6o6KVRM23P0HC7lRWDSPpQjfvf+bZ2kMIaetHnK6hsQ==
X-Received: by 2002:a63:1f1c:: with SMTP id f28mr37082470pgf.193.1549052547104; Fri, 01 Feb 2019 12:22:27 -0800 (PST)
Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com. [209.85.215.172]) by smtp.gmail.com with ESMTPSA id c13sm10673219pfo.121.2019.02.01.12.22.26 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Feb 2019 12:22:26 -0800 (PST)
Received: by mail-pg1-f172.google.com with SMTP id z11so3458617pgu.0; Fri, 01 Feb 2019 12:22:26 -0800 (PST)
X-Received: by 2002:a63:b4c:: with SMTP id a12mr3678195pgl.131.1549052545848; Fri, 01 Feb 2019 12:22:25 -0800 (PST)
MIME-Version: 1.0
References: <CAD5OKxuGEPccJUJ1E0bSmz9RW6CWhhSqW+Dke1Cywrjp-dvaoA@mail.gmail.com> <874l9ousuk.fsf@hobgoblin.ariadne.com> <CAD5OKxut+Y8NnL2FbFQkubU-8up4eu6F9hOxs-8oBOJoCnTQwg@mail.gmail.com> <CAOJ7v-2GC2UWBaqSccZh1MKg6E93NrNKQJagzMCOfuE6SxuptA@mail.gmail.com> <CAOJ7v-2ZWxDFAtfoXTB4OsfJBAaFFqZ1jt0SSCCm4Qi3Qqfj6g@mail.gmail.com> <CAD5OKxuAUaCcO8X+ESoekHMq2Ba5-hviZ08G1Vyg_qSh4mR73Q@mail.gmail.com> <CAOJ7v-0T8gbNtr22MiZzVSsAX8+4ZP-pVueKFVOuSSJLBmv8RA@mail.gmail.com> <CAD5OKxtqxcqrQGCWc_2L1np9ftk_Q=prU3MMXk7Y+wbLCq0rYA@mail.gmail.com> <CAOJ7v-1MXjLtBKJ8gN4nVm-Z9m0HB=ye9E6Wcm5zeOx5y2zkSw@mail.gmail.com> <CAD5OKxuZPX3DbDEEVXbVamHynazJkv5G6CDMqMPmdMwiW4SNdg@mail.gmail.com> <CAOJ7v-2c7baQ9UUzxxuA41jbNqeOD8SdqJgCTDAUPXwOZ7r_4Q@mail.gmail.com>
In-Reply-To: <CAOJ7v-2c7baQ9UUzxxuA41jbNqeOD8SdqJgCTDAUPXwOZ7r_4Q@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Fri, 1 Feb 2019 15:22:15 -0500
X-Gmail-Original-Message-ID: <CAD5OKxsc4F4DOW6=u3XU5N3NJ4jPx35Q-8WNF_0MGZziy7=b=g@mail.gmail.com>
Message-ID: <CAD5OKxsc4F4DOW6=u3XU5N3NJ4jPx35Q-8WNF_0MGZziy7=b=g@mail.gmail.com>
To: Justin Uberti <juberti@google.com>
Cc: "Dale R. Worley" <worley@ariadne.com>, RTCWeb IETF <rtcweb@ietf.org>, mmusic WG <mmusic@ietf.org>, Simon Perreault <sperreault@jive.com>
Content-Type: multipart/alternative; boundary="000000000000bbdaa90580dae688"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/4_rhQXpbve9aibxOq1OdltBkgH8>
Subject: Re: [MMUSIC] [rtcweb] What goes into c= line address when FQDN is used for the default candidate?
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Feb 2019 20:22:31 -0000

On Fri, Feb 1, 2019 at 2:39 PM Justin Uberti <juberti@google.com> wrote:

> This has all been discussed at length in rtcweb and I don't think any
> significant changes are needed, although I tend to think that we should
> restore the removed FQDN text from mmusic-ice-sip-sdp, which is the only
> thing not in alignment at this point in time.
>

I agree that FQDN should be put back into connection-address definition,
but  the portion which talks about handling it is completely broken.

Quoting 5245 <https://tools.ietf.org/html/rfc5245#section-15.1>:

   <connection-address>:  is taken from RFC 4566
<https://tools.ietf.org/html/rfc4566> [RFC4566
<https://tools.ietf.org/html/rfc4566>].  It is the
      IP address of the candidate, allowing for IPv4 addresses, IPv6
      addresses, and *fully qualified domain names (FQDNs).*  When parsing
      this field, an agent can differentiate an IPv4 address and an IPv6

      address by presence of a colon in its value - the presence of a
      colon indicates IPv6.  An agent MUST ignore candidate lines that
      include candidates with IP address versions that are not supported
      or recognized.  An IP address SHOULD be used, but an FQDN MAY be
      used in place of an IP address.  In that case, when receiving an
      offer or answer containing an FQDN in an a=candidate attribute,
      the FQDN is looked up in the DNS first using an AAAA record
      (assuming the agent supports IPv6), and if no result is found or
      the agent only supports IPv4, using an A.  If the DNS query
      returns more than one IP address, one is chosen, and then used for
      the remainder of ICE processing.


I think it was discussed in quite a detail why using a random DNS
resolution result is not going to work here.

The only options we have here are:

a. Fix FQDN connection address handling. Probably the most logical way of
dealing with this would be to specify that candidate with FQDN should be
converted as a result of DNS resolution into multiple candidates, with each
candidate corresponding to A or AAAA record in DNS query result. We will
also need to specify how FQDN candidate gets applied to c= line address.
Something that says IN IP4 FQDN, if any A records exist for this DNS name
and IN IP6 FQDN if only AAAA records exist. Once candidate is nominated,
address family in c= line should match address family used for
communications. This will definitely require a lot more work and discussion.

b. Specify that FQDN connection addresses should be ignored until their
handling is defined in a future specification. This seems easy and only
requires a sentence or two to fix.

Regards,
_____________
Roman Shpount

>