Re: [MMUSIC] Adam Roach's Discuss on draft-ietf-mmusic-dtls-sdp-28: (with DISCUSS and COMMENT)
Roman Shpount <roman@telurix.com> Thu, 17 August 2017 20:55 UTC
Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6610A13263E for <mmusic@ietfa.amsl.com>; Thu, 17 Aug 2017 13:55:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_SPAM=0.5, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wa5-e30PuqOG for <mmusic@ietfa.amsl.com>; Thu, 17 Aug 2017 13:55:01 -0700 (PDT)
Received: from mail-pg0-x22c.google.com (mail-pg0-x22c.google.com [IPv6:2607:f8b0:400e:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3C664126B6E for <mmusic@ietf.org>; Thu, 17 Aug 2017 13:55:00 -0700 (PDT)
Received: by mail-pg0-x22c.google.com with SMTP id i12so50309820pgr.3 for <mmusic@ietf.org>; Thu, 17 Aug 2017 13:55:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=A47IUfqz7mv2Zu/VS1Ylga6PlnjjPx0uib1qHfzyl+E=; b=XmGCPPrcmHhMtJ38EbnmVOUy68j89+TjyAC7qXhwmLuxMXj1nCAZDHTESGAKKkaxwr g06F9f8pp2EO2CkdcyTu8mqSFy9r0WL+Dcx/03vzEmkXiRf0v9uj/p06iU6aeucx6uyq Olw/IhLTSnHaJYBkipTCNNedvNnT6EzkR7LLYFGCD/x/hZV/X2WfTw44Y/wDszrf6sL8 KLfHBeQ5Y5frrjE32vMMOFF5zi1JDI+Bpqa3JGKkDTFyrHiGfi3z3nKgNX5eI3rH1DV8 Q0RrFbs5iKvXEfD0sOA0oMxWuhc51CnPZFD0DvehqhKSpr7Q9MHlMtjtARZ0s09HsEss fkRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=A47IUfqz7mv2Zu/VS1Ylga6PlnjjPx0uib1qHfzyl+E=; b=nqTRWkQLw2vzlGI3EpOpwp4fplTqXBxLetLp4ROvGdpFhSOVfiIOsvxf9tbZWHeQa7 X5mzJ1N0J3JAV0kyuwEggp31tzrVBrPLcMEATBtVYjSWG8SGAvvLCO6HfNDeHgsFOWWR e7NCjNYdBFN+vNnDNueTLSMZV5EjA7nBb9i6pFqVbIlVrp4KFoXWRTSHuPhBz8fhFjZy DzCPcXDAo3rpS7ad9fFZHUXWCvJsiRfzWRB3utelaocAYml25KXK7ifOf6M3C5qLFu16 l1lzaX93RsB1LecYrKS0hJ3FcQXD6EOWM5VOHK+V14jyV7R8N6BaNMpDWUyY1eQ/YOEs VlXg==
X-Gm-Message-State: AHYfb5i+i8ehIdZia00mV4MFyz71m3RcI4cMFn9Dwrl8RYFbsigvW7Os gUwHvhWS+a102g62
X-Received: by 10.98.211.73 with SMTP id q70mr6407649pfg.285.1503003299644; Thu, 17 Aug 2017 13:54:59 -0700 (PDT)
Received: from mail-pg0-f41.google.com (mail-pg0-f41.google.com. [74.125.83.41]) by smtp.gmail.com with ESMTPSA id a22sm4907754pfj.94.2017.08.17.13.54.59 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 17 Aug 2017 13:54:59 -0700 (PDT)
Received: by mail-pg0-f41.google.com with SMTP id t80so22684370pgb.5; Thu, 17 Aug 2017 13:54:59 -0700 (PDT)
X-Received: by 10.84.231.193 with SMTP id g1mr7081689pln.213.1503003298847; Thu, 17 Aug 2017 13:54:58 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.191.8 with HTTP; Thu, 17 Aug 2017 13:54:58 -0700 (PDT)
In-Reply-To: <150292479151.11986.12302184246173787021.idtracker@ietfa.amsl.com>
References: <150292479151.11986.12302184246173787021.idtracker@ietfa.amsl.com>
From: Roman Shpount <roman@telurix.com>
Date: Thu, 17 Aug 2017 16:54:58 -0400
X-Gmail-Original-Message-ID: <CAD5OKxv2XXr-VTUs8X1CwtvR4U42w+3YSD2WUVmMowF803DLcQ@mail.gmail.com>
Message-ID: <CAD5OKxv2XXr-VTUs8X1CwtvR4U42w+3YSD2WUVmMowF803DLcQ@mail.gmail.com>
To: Adam Roach <adam@nostrum.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-mmusic-dtls-sdp@ietf.org, mmusic-chairs@ietf.org, lemming Andreasen <fandreas@cisco.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Content-Type: multipart/alternative; boundary="f403045fdd96b963a60556f9397b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/JKa4sZN6fJeScY0OTwEfHMP74R4>
Subject: Re: [MMUSIC] Adam Roach's Discuss on draft-ietf-mmusic-dtls-sdp-28: (with DISCUSS and COMMENT)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Aug 2017 20:55:03 -0000
On Wed, Aug 16, 2017 at 7:06 PM, Adam Roach <adam@nostrum.com> wrote: > Section 5.4 says: > > NOTE: A new DTLS association can be established based on changes in > either an SDP offer or answer. When communicating with legacy > endpoints, an offerer can receive an answer that includes the same > fingerprint set and setup role. A new DTLS association MUST still be > established if such an answer was received as a response to an offer > which requested the establishment of a new DTLS association. > > Unless I've misunderstood something important, this isn't going to work > with > legacy implementations, unless you also specify that an "offer which > requested > the establishment of a new DTLS association" must also change something > else > that the legacy answerer will recognize as requiring a new DTLS > association. > For example, if I send a re-offer with a changed tls-id but the same > fingerprint, setup, and transport, the far end will have no reason to > think it > needs to establish a new DTLS association. So I'll sit there waiting for a > new > association to be established, and the remote side will never send one. > > This doesn't seem backwards-compatible. At the very least, more text needs > to > be added explaining how this is intended to work. > The intention was to specify that an offering party sends an offer with new value of tls-id, it can get back an answer without tls-id, unchanged remote fingerprint values and setup role . In this case new DTLS association MUST be established. As you have correctly mentioned, tls-id can be changed with no changes in fingerprints, but current specification requires changing the transport parameters whenever tls-id is changed. The transport parameter change should cause new DTLS association to be established, even if remote is a legacy end point. In this case, even if remote legacy end point responds with existing fingerprints, transport parameters and setup role, it is safer to assume that new DTLS association should be established. > I agree with the core assertion of EKR's DISCUSS: this document needs to be > aligned with JSEP. I think we're going to need a little additional work > figuring out which document needs to change where they disagree. In > addition to > those areas he highlights in his DISCUSS, the following text is also in > conflict: > > DTLS-SDP: "the offerer and answerer generate their own local 'tls-id' > attribute > values, and the combination of both values identify the DTLS association." > > JSEP: "If this is an answer, the tls-id value, if present, MUST be the > same as > in the offer." > JSEP needs to be adjusted in this case. Specification does not work if tls-id is reflected in the answer. Different tls-id in the answer are used to disambiguate multiple DTLS associations in case of forking. _____________ Roman Shpount
- [MMUSIC] Adam Roach's Discuss on draft-ietf-mmusi… Adam Roach
- Re: [MMUSIC] Adam Roach's Discuss on draft-ietf-m… Roman Shpount
- Re: [MMUSIC] Adam Roach's Discuss on draft-ietf-m… Adam Roach