IETF Logo Mail Archive

[MMUSIC] actpass redux

Eric Rescorla <ekr@rtfm.com> Fri, 02 June 2017 16:44 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AE87126CE8 for <mmusic@ietfa.amsl.com>; Fri, 2 Jun 2017 09:44:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yfMNo8EUSpeG for <mmusic@ietfa.amsl.com>; Fri, 2 Jun 2017 09:44:45 -0700 (PDT)
Received: from mail-yb0-x22f.google.com (mail-yb0-x22f.google.com [IPv6:2607:f8b0:4002:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30A09126C25 for <mmusic@ietf.org>; Fri, 2 Jun 2017 09:44:45 -0700 (PDT)
Received: by mail-yb0-x22f.google.com with SMTP id r66so19339896yba.2 for <mmusic@ietf.org>; Fri, 02 Jun 2017 09:44:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=ehpBBhgDTkZix/cr2VpJb94QdEZg3HQbqZYHxmq4FLk=; b=c9NNgTsQTaE4/WfABG5sG+ouI9NSD+XxchQFvM6Ag3XVaTE0lsf72bI+YaXax5kor9 OgoAopNS3HIANuuRy4q2bI7Iuk5jbsxZjB0x5omoVw1BkArsPO4vPTlYRR5TOJr6VF6a oMC5HEvGHE168xFQIZSHSzn1Lj22KVoENir99eu0fIJ4BtPr19GdKc5UP9y8Tw2Xhyz0 iqh66pJUrwspZ2LQLbvXDAV1ujy+7To5F8/DBrp4iCcMGVSVgtK5qQ3iKiOC7Sqf/Tbk he+tSUF3Xm00C/gL2+z3MMz9l+YSIPKvarS0ssw+8/5VZW9EGI2SK4S9j7AlUSq10YWQ Sd5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ehpBBhgDTkZix/cr2VpJb94QdEZg3HQbqZYHxmq4FLk=; b=e87p1Aw+IL+yvNnCJggTzOGSSFZCrfLjtFFAgzychbfOFLKiyKoXo6AyLbzJZHKBVf wADqjWpI/6Kikz0q0mLGxv1CZRApxKIOWge8M5yMAoz9Usb1YjRziFFMwwc3nF9l8P95 SmZnrTQvqH5xsMshc62EJSPCtRr43YB4U406hAJC2mADnfKELKqL3UvBGK3cyozKPzsq Fzg23rkGkCz21ECoN2hGMe0ksuRWrSu3xItxrvLcdSwY1n2jUWhR2e/ghwJgPXbxCFiY vOSryG7m3Fz0PObV2cUnVCtLGyzFsF+YJL3MXGD2uJmtNXfV7xqEzLnKwkf+qfK1Brfn MeoA==
X-Gm-Message-State: AODbwcCJ/NXriYc0r9mFAoPW8Zqi+cVUEACgtHZ/Iq805zjq6avhh2IT 0Gyjs0On/XwJ1VXIaxmQRlWRF1SILo+eA75wxw==
X-Received: by 10.37.30.135 with SMTP id e129mr611327ybe.71.1496421884216; Fri, 02 Jun 2017 09:44:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.106.137 with HTTP; Fri, 2 Jun 2017 09:44:03 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Fri, 02 Jun 2017 09:44:03 -0700
Message-ID: <CABcZeBMd2BZgyeFnqafTVyGga4FMoK0xJkPCv0y_wvmBWsg+xg@mail.gmail.com>
To: mmusic WG <mmusic@ietf.org>
Content-Type: multipart/alternative; boundary="001a1143f2f2d7fe570550fcde85"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/5vlM2Wj5QUBVZa8QMcRNwbFoIj8>
Subject: [MMUSIC] actpass redux
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Jun 2017 16:44:47 -0000

Hi folks,

RFC 5763 required (and JSEP imported) that all offers include

  a=setup:actpass

However, assuming I am reading:
  https://tools.ietf.org/html/draft-ietf-mmusic-dtls-sdp-24

correctly, S 4.2 allows the initial offer to contain anything,
though encourages actpass:

   When an offerer sends the initial offer, the offerer MUST insert an
   SDP 'setup' attribute according to the procedures in [RFC4145], and
   one or more SDP 'fingerprint' attributes according to the procedures
   in [RFC8122].  In addition, the offerer MUST insert in the offer an
   SDP 'tls-id' attribute with a unique value.

   If the offerer inserts the SDP 'setup' attribute with an 'actpass' or
   'passive' attribute value, the offerer MUST be prepared to receive a
   DTLS ClientHello message (if a new DTLS association is established by
   the answerer) from the answerer before the offerer receives the SDP
   answer.

For subequent offers, it also gives flexibility but points at 4145.


So...

1. Changing the behavior for initial offers seems like it presents
a serious interop risk, because previously you could depend on
the offer being actpass.

2. JSEP requires actpass for all offers, so at least it's stricter.


What was the rationale for these changes? Feel free to point me at the
mailing list discussion where that happened.

-Ekr
 Hi folks,

RFC 5763 required (and JSEP imported) that all offers include

  a=setup:actpass

However, assuming I am reading:
  https://tools.ietf.org/html/draft-ietf-mmusic-dtls-sdp-24

correctly, S 4.2 allows the initial offer to contain anything,
though encourages actpass:

   When an offerer sends the initial offer, the offerer MUST insert an
   SDP 'setup' attribute according to the procedures in [RFC4145], and
   one or more SDP 'fingerprint' attributes according to the procedures
   in [RFC8122].  In addition, the offerer MUST insert in the offer an
   SDP 'tls-id' attribute with a unique value.

   If the offerer inserts the SDP 'setup' attribute with an 'actpass' or
   'passive' attribute value, the offerer MUST be prepared to receive a
   DTLS ClientHello message (if a new DTLS association is established by
   the answerer) from the answerer before the offerer receives the SDP
   answer.

For subequent offers, it also gives flexibility but points at 4145.


So...

1. Changing the behavior for initial offers seems like it presents
a serious interop risk, because previously you could depend on
the offer being actpass.

2. JSEP requires actpass for all offers, so at least it's stricter.


What was the rationale for these changes? Feel free to point me at the
mailing list discussion where that happened.

-Ekr

v2.23.0 | Report a Bug | By Email