Re: [MMUSIC] DTLS-SDP and JSEP Conflicts
Roman Shpount <roman@telurix.com> Tue, 05 September 2017 03:48 UTC
Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA4001321EB for <mmusic@ietfa.amsl.com>; Mon, 4 Sep 2017 20:48:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.888
X-Spam-Level:
X-Spam-Status: No, score=-1.888 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BA_Uc3wIxDKG for <mmusic@ietfa.amsl.com>; Mon, 4 Sep 2017 20:48:58 -0700 (PDT)
Received: from mail-pg0-x234.google.com (mail-pg0-x234.google.com [IPv6:2607:f8b0:400e:c05::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE8781321D5 for <mmusic@ietf.org>; Mon, 4 Sep 2017 20:48:57 -0700 (PDT)
Received: by mail-pg0-x234.google.com with SMTP id v66so6010446pgb.5 for <mmusic@ietf.org>; Mon, 04 Sep 2017 20:48:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=nXc6N0EUPZS4swtB8eDTHo6qBocDsXHOaQeG6QOZpU8=; b=sCecWyx6uSQntu5tZ/8lquCn5qTkYSFEudjkD5OA2NpQOkQgT3twyXe96xThSesqpI X/cnHOqc5sPh+09Ma/oXrC+oMqYRpyWZsJrg4E73TzqBCCFjBfzmQZyopUbTEcUmErqQ 8IGkD81i4fCGs8olup5Y+kVP5dI1FKVd/YaJzKbADmkzTjcAPypZKUW2iqWfBzBR5MLY lFWGUykCNSeiz0DKbNSygqT5vvp7jNhgMndxtvY93lO9QaYQ/zjm8ToRKiQMAe5zSEGm j6m/2lujamqWhWRLnTxS+cg7K6DLOXr8256vnWjFB50pWA7vS9Rdw+6euEUOH79bdVAt sKgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=nXc6N0EUPZS4swtB8eDTHo6qBocDsXHOaQeG6QOZpU8=; b=pnWegNzrEpPLjkgeSXH3olgFTMNwMgRT9OTw5wz8gUL8eMl7tbE3rzhCIRRnHzWpF7 GhPo0HOne3eMjYreq9WlfPa3I4kmtENP45pc0QZchIudqESyQOkoAj6dfIhC7jpgmp8E KY7F2hdc6/v9SIpqR2CeMoB37cvPAJKNedDcO33+tdR/ul0kL5+9D4Tr1eIqXrFnL2bi ftYniJXg8qaQGcixdffyCBO3ezccacZCWokpQppH6ENBkX4n02v/zjXo0vBVgY3pnS+l 7s1TPpz0ZYEOXkSjwUMKg/IEUJqUeMbP0oPq32KRvwl/qycv+dA6ZkfD4PazJvS+YdgI Y/xA==
X-Gm-Message-State: AHPjjUjoBM1ZukO6lWQctL/WvMpHPgVFHf1kvi/MTXBtx9T8SPzwT7/s NSSe1R7lTO7JMY8BZdk=
X-Received: by 10.98.1.69 with SMTP id 66mr2378889pfb.177.1504583337246; Mon, 04 Sep 2017 20:48:57 -0700 (PDT)
Received: from mail-pg0-f53.google.com (mail-pg0-f53.google.com. [74.125.83.53]) by smtp.gmail.com with ESMTPSA id p1sm11653337pfe.129.2017.09.04.20.48.55 for <mmusic@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Sep 2017 20:48:56 -0700 (PDT)
Received: by mail-pg0-f53.google.com with SMTP id t3so6161237pgt.0 for <mmusic@ietf.org>; Mon, 04 Sep 2017 20:48:55 -0700 (PDT)
X-Google-Smtp-Source: ADKCNb4j/HlemXTt4O3cQxNm0e1C/OPxizgDtPnbbRetLufhwdrZ4VrK18gaV64htIpaYDbtnUlc1ut5K8kJFE2L0jY=
X-Received: by 10.99.97.148 with SMTP id v142mr2630787pgb.413.1504583335387; Mon, 04 Sep 2017 20:48:55 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.191.8 with HTTP; Mon, 4 Sep 2017 20:48:54 -0700 (PDT)
In-Reply-To: <CABcZeBM3m6Sdou5-VE6hjtdQpzC8sEpeSH1fUzauW68NqoSiog@mail.gmail.com>
References: <f353ad39-4ee5-4661-8e99-7fab6e394e91@nostrum.com> <CAOW+2dtv8r7qTyNxWY8NacfEh+Ojk5ObVAXEur3D4GyMw89YaQ@mail.gmail.com> <CABcZeBOJgyva5e-ykH-RkKN=BJPrXVYLu8vZbbNBv0xscv6bOA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B562818F7@ESESSMB109.ericsson.se> <CABcZeBNv4fdFTJ+tXeBkMDqbMCEw916Txt8owFY-X7ijX0-FcA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B56282B43@ESESSMB109.ericsson.se> <CABcZeBNh9ep+tq4_wWHT6uqXZz=OS8VngrmtspPz5nJ=pZS0ow@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B562869A2@ESESSMB109.ericsson.se> <CABcZeBPj6e=rtYHr4nyqeaB58TDBEjyB0xYeJJ+P63rO0DSw+A@mail.gmail.com> <D5D30222.20F35%christer.holmberg@ericsson.com> <b5a72f26-8bae-7eb8-4d54-93dc38b0f16a@alum.mit.edu> <CABcZeBM3m6Sdou5-VE6hjtdQpzC8sEpeSH1fUzauW68NqoSiog@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Mon, 04 Sep 2017 23:48:54 -0400
X-Gmail-Original-Message-ID: <CAD5OKxviYzVHYwXzk0DDiMQ64nWYq1WnB1hYbNR0xUCwT33JiA@mail.gmail.com>
Message-ID: <CAD5OKxviYzVHYwXzk0DDiMQ64nWYq1WnB1hYbNR0xUCwT33JiA@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Paul Kyzivat <pkyzivat@alum.mit.edu>, mmusic WG <mmusic@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0cc4843daa9f0558691b55"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/CjYczoxKJJ1ff9k0hi_E10UnfR8>
Subject: Re: [MMUSIC] DTLS-SDP and JSEP Conflicts
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Sep 2017 03:49:00 -0000
On Mon, Sep 4, 2017 at 10:41 AM, Eric Rescorla <ekr@rtfm.com> wrote: > > > On Mon, Sep 4, 2017 at 7:37 AM, Paul Kyzivat <pkyzivat@alum.mit.edu> > wrote: > >> On 9/4/17 6:14 AM, Christer Holmberg wrote: >> >> Now, based on your suggestion, if the offerer doesn¹t know whether the >>>>> answerer supports tls-id, does that mean that the only way >>>>> for the offerer to ensure that the re-offer will trigger a new DTLS >>>>> association is by modifying the fingerprint set in the offer? >>>>> >>>> >>>> That's true in any case, because we have implementations which behave >>>> that way and we can't change them. >>>> >>> >>> On GitHub you also suggested >>> (https://github.com/cdh4u/draft-dtls-sdp/issues/37) that the answerer, >>> even if it supports tls-id, shall not be able to trigger a new DTLS >>> association (read: change the tls-id value). I assume that means the >>> answerer would not be able to change its fingerprint set either, or do >>> anything else that would trigger a new DTLS association? >>> >> >> Why would you want to *prevent* the answerer from triggering a new DTLS >> association??? >> > > As noted previously, it's confusing and it's only possible at all in the > edge case where the offerer offers an ICE restart but not a new DTLS > association. > > The main reason new DTLS association can started by the answering party is third party call control. The new DTLS association will be required if as a result of the offer/answer exchange two new end points ends up being connected with each other by a third party call control agent. This is a fairly common scenario. If it is not supported interoperability with existing implementations will be seriously affected. Please note that in existing specification new DTLS association can already be started by the answerer changing fingerprints, transport parameters, or setup role. As far as possible implementation options are concerned there are two possible solutions: a. Always require a new DTLS association whenever an offer is generated in the response to a request for a new offer (INVITE with no SDP in case of SIP). This will match ICE behavior where new ICE restart is required in such case. This is workable, but is excessive and will generate new DTLS association establishment when it is not required. This is why we preferred the currently described solution. b. Allow answering party to force a new DTLS association by changing dtls-id. This is something that will address third party call control case, since new end point will generate a new tls-id. This also removes unneeded DTLS associations if third party call control ends up connecting to the same end point (which happens more often then expected due to 3pcc agents doing connectivity checks). This is why I would strongly prefer to leave current specification as it is. Regards, _____________ Roman Shpount
- [MMUSIC] DTLS-SDP and JSEP Conflicts Adam Roach
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Roman Shpount
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Adam Roach
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Roman Shpount
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Adam Roach
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Taylor Brandstetter
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Christer Holmberg
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Christer Holmberg
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Christer Holmberg
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Adam Roach
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Christer Holmberg
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Bernard Aboba
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Eric Rescorla
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Christer Holmberg
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Eric Rescorla
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Christer Holmberg
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Eric Rescorla
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Christer Holmberg
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Eric Rescorla
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Christer Holmberg
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Eric Rescorla
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Paul Kyzivat
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Eric Rescorla
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Roman Shpount
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Eric Rescorla
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Roman Shpount
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Eric Rescorla
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Roman Shpount
- Re: [MMUSIC] DTLS-SDP and JSEP Conflicts Christer Holmberg