Re: [MMUSIC] SCTP-SDP: Virtual Connection impact
Roman Shpount <roman@telurix.com> Wed, 01 April 2015 21:21 UTC
Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60E131A1B1F for <mmusic@ietfa.amsl.com>; Wed, 1 Apr 2015 14:21:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yLYlLtP9LXIZ for <mmusic@ietfa.amsl.com>; Wed, 1 Apr 2015 14:21:45 -0700 (PDT)
Received: from mail-ig0-f178.google.com (mail-ig0-f178.google.com [209.85.213.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAF711A1AE8 for <mmusic@ietf.org>; Wed, 1 Apr 2015 14:21:43 -0700 (PDT)
Received: by igcxg11 with SMTP id xg11so58134548igc.0 for <mmusic@ietf.org>; Wed, 01 Apr 2015 14:21:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=dYa/NoTvMsdR/K3zabd8EY4A/1x9LpdyMJhaj5B1NH4=; b=bc/fOiHQCq+pqiOPn8MQDsn95GcwHP/ReTvQawNh8kHhAV6ku7TdwgIpE63/yA5RE7 zPTFerbD8EXwsloZiBEEID0OiX8AjUyMKtJKKQS01m6xrK30AK2UuSvLGefGJr2EEsIz Ylu+KSTxQue+2Fb5cmTz7nYHsBh92ioHU6UY/tda/eZh4MdRkxLPWRjxq16etjkHxwBs E9MHsNbOx5Q/sGo6eCxNNXtj1U+GPx9Rz4tTSMdtyORvBNSi1m7/yEJFpmF03URrG658 FCKR497tPH54ED+eg5zC0LOrtYR8qBYc3vH6uMhMMzYrdNr5MaqAiYmSYO+MRPzTRQ7q Artw==
X-Gm-Message-State: ALoCoQkjRXYum+EhardGAnqHROa7wfm3LJAX9WlwFWo7Tztk+DYk46BED2NYbm4H3waZ+j6z33jn
X-Received: by 10.50.35.195 with SMTP id k3mr15342505igj.11.1427923303075; Wed, 01 Apr 2015 14:21:43 -0700 (PDT)
Received: from mail-ie0-f169.google.com (mail-ie0-f169.google.com. [209.85.223.169]) by mx.google.com with ESMTPSA id t1sm13676011igs.0.2015.04.01.14.21.41 for <mmusic@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Apr 2015 14:21:41 -0700 (PDT)
Received: by iedm5 with SMTP id m5so54581439ied.3 for <mmusic@ietf.org>; Wed, 01 Apr 2015 14:21:40 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.42.91.142 with SMTP id p14mr1962087icm.24.1427923300641; Wed, 01 Apr 2015 14:21:40 -0700 (PDT)
Received: by 10.36.110.141 with HTTP; Wed, 1 Apr 2015 14:21:40 -0700 (PDT)
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1D788924@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1D78274F@ESESSMB209.ericsson.se> <CAD5OKxvGbJj_rRtLX7rjzkPZ6R8Wg92L2Y6gz1VtpV_etzaSiw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D78511C@ESESSMB209.ericsson.se> <CAD5OKxum9Dt3vAxwAfa9LWiprSGkYHA1MrLspAee_-T8U=Ccvw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D786CD9@ESESSMB209.ericsson.se> <CAD5OKxuj2TjgN2an9DywrQbBi38u38QSuuQb_eAoGU61DC8ENQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D787E27@ESESSMB209.ericsson.se> <CAD5OKxto0Cqmf9C1-Gg7O2+WQdaRwNGszKGQf4ccSUP7K9ZOEw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D788924@ESESSMB209.ericsson.se>
Date: Wed, 01 Apr 2015 17:21:40 -0400
Message-ID: <CAD5OKxt4VCJGVLrzSib6HL+S8S90apwZ7_uRFygUfNeNddesFA@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: multipart/alternative; boundary="90e6ba61500619f9fa0512b04def"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/IQ7jYj_17loAIuqJYDbtEhQ9IxM>
Cc: mmusic <mmusic@ietf.org>
Subject: Re: [MMUSIC] SCTP-SDP: Virtual Connection impact
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 21:21:48 -0000
Hi Christer, On Wed, Apr 1, 2015 at 3:42 PM, Christer Holmberg < christer.holmberg@ericsson.com> wrote: > > > >I have looked through the slides and I think they are misleading. To > me they seem to imply that DTLS >association is orthogonal to transport and > only gets re-established when fingerprint changes. > > > > That was more or less the approach people wanted to take, when this was > discussed in Dallas. > *If this is the approach, then the specification language will need to change. It says something different now where DTLS connection gets re-established every time underlying transport changes, not when fingerprint changes. In particular, the case when fingerprint stays the same but the transport changes is treated differently.* >In other words, even if the underlying transport changes, but > fingerprint stays the same, the slides imply that >existing DTLS > association continues to be used with the new transport. BTW, I think this > is what Chrome is >currently doing. This behavior is against the proposed > specification language ("If the underlying transport >protocol is modified, > the endpoints MUST establish a new DTLS connection"). This also presents a > serious >problem in the use case where third party call control is used to > move the call between the several end point >that use the same site-wide > certificate. All of those end points will present the same fingerprint, but > the DTLS >connection will need to be re-established since the media > connection is moved to a different device. This also >shows that > fingerprint alone cannot be used to determine that connection moved to the > new device. > > > > I think the assumption people had was that, if the device changes, the > fingerprint will also change. > > > > Now, if we cannot make that assumption, we need to re-visit it. > *Per the provided use case this assumption is incorrect. There needs to be a way to detect that device changed. Neither fingerprint no IP/port change in case of ICE provides the accurate indication of the device change.* > >I thought the logic that made sense was: > > >1. DTLS connection is re-established whenever underlying transport > changes (already in the specification). > > >2. Fingerprint and setup role MUST not change unless underlying transport > changes as well (already in the >specification). > > >3. Unless ICE is used, underlying transport is considered changed if > 5-tuple for connection changes (already >in the specification) > > > > Correct. > *Once again, if the logic from the slides is to be followed this will need to change.* > >4. In case of ICE, the underlying transport is considered changed if > ufrag and entire candidate list changed on >either side of the call > (missing from the current specification). > > > > We need to be clear what we mean by “entire candidate list”. Do you mean a > new SDP, which only contains candidates that have never been used before > during the session? > > > > Obviously, the IP address:port properties may still be the same, so I > guess the ufrag would have to be different – as you say. > > > > BUT, I think someone in Dallas had a comment on why ufrag can’t be used. > Justin? Ekr? > *Ufrag change can be due to iCE re-start (which means fingerprint cannot change) or due to device change (fingerprint can change). There is no easy way to distinguish the two.* > >In the proposed text, the issue that I have is with the phrase > "Implementations MUST treat all ICE candidate >pairs associated with a an > SCTP association on top of a DTLS connection as part of the same DTLS > >connection". I am not 100% sure what this means and even if this is > accurate. "All ICE candidate pairs >associated with a an SCTP association" > is unclear to me. Does this refer only to the candidate pairs for the > >current ICE session or to the candidate pairs for any future ICE sessions > associated with this SCTP >association? > > > > Current AND future. There are proposals about the possibility of > dynamically adding new candidates during the session, and they would be > part of the same DTLS connection. > *I was not talking about candidates here. I was talking about ICE sessions. Do you mean the current ICE session (and all the current and future candidates) or current and future ICE sessions?* >Original text from RFC 5763 ("Implementations MUST treat all ICE > candidate pairs associated with a single >component as part of the same > DTLS association") is more accurate but suffers from the fact that "single > >component" is not well defined and because of this runs into similar > issues. Does ICE re-start creates a new >component or is old component > considered to be re-used? If component is specific to ICE session (ufrag > pair), >can candidates from the previous session be re-used for negotiating > a new component? If they can, how do >you de-mux packets received between > old and new component if candidates were reused on both sides. > > > > People had issues with the usage of “component” too, but I’d need to > double check with the minutes/recording for the details. > > > > And, my intention was not to deviate from the 5763 text on purpose. I for > sure can use that text, if you think it is more accurate (assuming that > there are no issues with usage of “component”). > > *Neither text is ideal. I think we are dealing with fundamental problem here and this problem get sidestepped by using fuzzy terms. The problem is figuring out if the end point communicates with the new device or with the existing one in cases when ICE is used. Right now the mechanism for this is only defined for non-ICE case, with some guidelines for ICE, which are, from my point of view, are insufficient.* _____________ Roman Shpount
- [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Paul Kyzivat
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Simon Perreault
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Paul Kyzivat
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Paul Kyzivat
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Simon Perreault
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Paul Kyzivat
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Christer Holmberg
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Roman Shpount
- Re: [MMUSIC] SCTP-SDP: Virtual Connection impact Paul Kyzivat