IETF Logo Mail Archive

Re: [MMUSIC] (Rough) Consensus Call - No FQDN support in ice-sip-sdp

Roman Shpount <roman@telurix.com> Tue, 21 May 2019 03:19 UTC

Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03E8D120094 for <mmusic@ietfa.amsl.com>; Mon, 20 May 2019 20:19:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D9MjHY9Wk8TP for <mmusic@ietfa.amsl.com>; Mon, 20 May 2019 20:19:06 -0700 (PDT)
Received: from mail-pl1-x629.google.com (mail-pl1-x629.google.com [IPv6:2607:f8b0:4864:20::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F108C120026 for <mmusic@ietf.org>; Mon, 20 May 2019 20:19:05 -0700 (PDT)
Received: by mail-pl1-x629.google.com with SMTP id w7so7703604plz.1 for <mmusic@ietf.org>; Mon, 20 May 2019 20:19:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=jjhz/118D/9lJaPwx4SEnbYk5ACjeLnc4rgSw3NS27Y=; b=onig9ogr6EbtpkdB92soqlkj4vzk8l14ddSxEXM2XvRSOOqEuAYblfdWgsEpsAflYt QwjAvj2E+w7xLLsFpT6C669SBCqzh9uSVVQ/N7pzd6E3TySXbjexU6FQa89nTJsKl9Ff Yi0dmHnOzplz+RBsPmrzMM4gnEtAx2Cqlf7Opx0iDEQWiMqy/RBRDf6E4o+0n0SIQoux eaDOKNo7rds945SJ7ixYwO/n+RRlqTgihDNA3b3ATjjCwrDVLEFDRbvdEJO6eQgpfMwx fEDVtlhfbCobOkfewypsHDYNOJQB+9YrXvOUMy2Od2JeaI96NkNqb4tZk50NaxW9ZxLk X3/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jjhz/118D/9lJaPwx4SEnbYk5ACjeLnc4rgSw3NS27Y=; b=YfEB99ib+TXiS754iClxUowl/Wq09wP7rpUvhmrYC6Kvbb5JEct/PtNalPg1uk47cu VQ3+TiGWMAaqfQgL8ZLljZLGHEaTB8WDaYFRgSDWgnOJ8lp09aK+LZ6x9kR5/Al6ThRI iqVc9d0AjfT3WP6zIZs7cu9lcbZSX8iDdy4GDwuk5LmoR2OtFeexvy29PIOtVbPnKFZY 2AbpmT2DO4cgxWfZu5fORvU+aGKhsbiGzyxDKcpZwkU9StBGX0qNCwD0miAfyHMjA8VJ Z7iShsP9SrwBkZHbH8XHR5P7V6Yi3diS5+L3/FXzv6qw6YYhfIlpxW0rBTvLorkCCJCS i4Ow==
X-Gm-Message-State: APjAAAVu8OUbt2a7ldRzhVXSssVhen+XW7e3sW9CNhRyntwjF7HffbvO BUq2V5MU9wNKCoH611OGoYdj92UZS4E=
X-Google-Smtp-Source: APXvYqwhLcqqcp5ir7Y6zwld4zq5SQTTXMmD9GVH6niA/7/pA5tZqUgZYFcE2NjZIcxerTt7Dv+8Og==
X-Received: by 2002:a17:902:a415:: with SMTP id p21mr66226904plq.286.1558408744997; Mon, 20 May 2019 20:19:04 -0700 (PDT)
Received: from mail-pg1-f178.google.com (mail-pg1-f178.google.com. [209.85.215.178]) by smtp.gmail.com with ESMTPSA id c16sm20695679pfd.99.2019.05.20.20.19.03 for <mmusic@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 20 May 2019 20:19:04 -0700 (PDT)
Received: by mail-pg1-f178.google.com with SMTP id 145so7780885pgg.9 for <mmusic@ietf.org>; Mon, 20 May 2019 20:19:03 -0700 (PDT)
X-Received: by 2002:a63:a84c:: with SMTP id i12mr80967777pgp.115.1558408743562; Mon, 20 May 2019 20:19:03 -0700 (PDT)
MIME-Version: 1.0
References: <77400318-1e2c-7d33-ab41-a3b8d0062b00@cisco.com> <CAMRcRGQ0gQ0c-pmBQ2ZOOX-5uGWkfy57Yu0QMuAp9ED2f8drwA@mail.gmail.com> <D7E2876E-E750-40C6-B33E-FC24F9CD0709@ericsson.com> <CAOW+2dsy5_cjH2BJJq7mRu9JaQNmh7oqWxUrFDPqBKaceffJaQ@mail.gmail.com> <2226B494-B058-45C8-901B-1B872218ECE7@ericsson.com> <CAD5OKxs2fvyqxjcNmNbqx+ToSpnaeqj5LyX4qz2rOuqFp3oBow@mail.gmail.com> <710E80DF-8389-4A5E-9DBE-5DF2D20E4F02@ericsson.com> <CAD5OKxtcEWmRvXanh7FsdQAD_fTFRnQc8HhkeLx9mz+-XUX7-Q@mail.gmail.com> <871E99E8-DA8D-4E71-B359-F2388479C38E@ericsson.com> <CAOW+2dvUAed2P-xCOvbcsHJGcs92=ad9T5K63xhpVqdKvjK2fw@mail.gmail.com> <CAD5OKxuU-wio4Af8me1OMo62vanu5y_PnQ3nq=UF6jh6yr1EFg@mail.gmail.com> <CAOW+2dskL5P+02xujeEL-SGVPQ8-Gy85hX_DE10TBDwaE1e2Xw@mail.gmail.com>
In-Reply-To: <CAOW+2dskL5P+02xujeEL-SGVPQ8-Gy85hX_DE10TBDwaE1e2Xw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Mon, 20 May 2019 23:18:50 -0400
X-Gmail-Original-Message-ID: <CAD5OKxu9zKxVhFFxiBzq6v67A18Msd1fZMhbrpXf1=NQAgceAQ@mail.gmail.com>
Message-ID: <CAD5OKxu9zKxVhFFxiBzq6v67A18Msd1fZMhbrpXf1=NQAgceAQ@mail.gmail.com>
To: Bernard Aboba <bernard.aboba@gmail.com>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, lemming Andreasen <fandreas@cisco.com>, mmusic <mmusic@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000093372f05895d4ffa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/KPYqJ_0SXnMZ_ny2FmirRjHA2J8>
Subject: Re: [MMUSIC] (Rough) Consensus Call - No FQDN support in ice-sip-sdp
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 03:19:09 -0000

There was a bit of discussion earlier about this and the understanding was
that RFC 8445 does not deal with FQDN or DNS resolution. RFC 8445 gets a
list of candidates with IP Addresses. FQDN resolution as well as the format
in which candidates are encoded would be a part of some other draft such
ice-sip-sdp or an extension.

Also, using ice2 option does not help much since offer with FQDN in
connection address would have to be generated before agent knows if remote
party supports ice2. Bottom line is if remote party fails to parse FQDN
there is nothing that can be done to generate an offer that will be
compatible (except for putting FQDN in candidate extension). If FQDN is
ignored or handled according to RFC 5245 procedure then it is safe to
insert FQDN in contact address since either behavior would no worse then
candidate pair connectivity check failing.

Roman Shpount

On Mon, May 20, 2019, 22:51 Bernard Aboba <bernard.aboba@gmail.com> wrote:

> I would recommend updating RFC 8445 to require that implementations that
> do not support FQDNs ignore them.  That way we can assume that
> implementations including an 'ice2' option will ignore FQDNs if they are
> unsupported.  Then the MDNS draft can cite RFC 8445.
>
> On Mon, May 20, 2019 at 7:34 PM Roman Shpount <roman@telurix.com> wrote:
>
>> What do you suggest?
>>
>> Most of the legacy implementations would fail to parse FQDN in the
>> connection address.
>>
>> Roman Shpount
>>
>> On Mon, May 20, 2019, 21:55 Bernard Aboba <bernard.aboba@gmail.com>
>> wrote:
>>
>>> "If FQDN is allowed but ignored, this will allow "legacy"
>>> implementations to interop with ICE implementation which support mDNS or
>>> generic FQDN. How FQDN are resolved and how ICE agents specify to each
>>> other the these procedures are supported can and should be part of mDNS or
>>> generic FQND support draft. If I am missing something and something else is
>>> required, mDNS authors should comment."
>>>
>>> [BA] Unfortunately, RFC 5245 did not mandate that FQDNs be ignored by
>>> implementations that did not choose to support them.  All it says is this:
>>>
>>> <connection-address>:  is taken from RFC 4566 <https://tools.ietf.org/html/rfc4566> [RFC4566 <https://tools.ietf.org/html/rfc4566>].  It is the
>>>       IP address of the candidate, allowing for IPv4 addresses, IPv6
>>>       addresses, and fully qualified domain names (FQDNs).  When parsing
>>>       this field, an agent can differentiate an IPv4 address and an IPv6
>>>
>>>       address by presence of a colon in its value - the presence of a
>>>       colon indicates IPv6.  An agent MUST ignore candidate lines that
>>>       include candidates with IP address versions that are not supported
>>>       or recognized.  An IP address SHOULD be used, but an FQDN MAY be
>>>       used in place of an IP address.  In that case, when receiving an
>>>       offer or answer containing an FQDN in an a=candidate attribute,
>>>       the FQDN is looked up in the DNS first using an AAAA record
>>>       (assuming the agent supports IPv6), and if no result is found or
>>>       the agent only supports IPv4, using an A.  If the DNS query
>>>       returns more than one IP address, one is chosen, and then used for
>>>       the remainder of ICE processing.
>>>
>>>
>>> So while there are good reasons why modern ICE implementations should
>>> support FQDNs (e.g. for NAT64 support), "legacy" implementations are by
>>> definition not modern.  Given that RFC 5245-compliant implementations were
>>> not obligated to either send FQDNs or to correctly handle them if they were
>>> not supported, we need to look at what legacy implementations do, not what
>>> we would prefer that they do.
>>>
>>> Since RFC 5245 did not mandate either FQDN support or even resilient
>>> behavior in non-supporting implementations, problems such as the one below
>>> (or much worse) are to be expected:
>>> https://bugs.chromium.org/p/webrtc/issues/detail?id=4165
>>>
>>> So if were are attempting to interoperate with the vast body of existing
>>> implementations, we should assume that we have to contend with legacy
>>> implementations have been baked into equipment, or forked to create mobile
>>> applications that have not been resync'd in years.  Note that this is a
>>> very different circumstance from browser-browser interop where "evergreen"
>>> is rapidly becoming the rule among WebRTC-capable browsers.
>>>
>>> On Mon, May 20, 2019 at 4:14 PM Christer Holmberg <
>>> christer.holmberg@ericsson.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> >If FQDN is allowed but ignored, this will allow "legacy"
>>>> implementations to interop with ICE implementation which support mDNS or
>>>> generic FQDN.
>>>> >How FQDN are resolved and how ICE agents specify to each other the
>>>> these procedures are supported can and should be part of mDNS or generic
>>>> >FQND support draft. If I am missing something and something else is
>>>> required, mDNS authors should comment.
>>>>
>>>> I don’t think you are missing anything.
>>>>
>>>> So far this is my proposal for ice-sip-sdp connection address
>>>> definition which should implement option 2:
>>>>
>>>> ><connection-address>: :: is taken from RFC 4566 <<RFC4566>>. It is the
>>>> IP address of the candidate, allowing for IPv4 addresses, IPv6 addresses,
>>>> and fully qualified domain names (FQDNs).  When >parsing this field, an
>>>> agent can differentiate  an IPv4 address and an IPv6 address by presence of
>>>> a colon in its value - the presence of a colon indicates IPv6.  An agent
>>>> MUST ignore candidate lines >that include candidates with FQDN or IP
>>>> address versions that are not supported or recognized.  Handling of FQDN
>>>> addresses in candidate can be defined in the future specification. If
>>>> candidate >with FQDN <connection-address> is the default
>>>> destination/candidate, the the "c=" address type MUST be set the IP address
>>>> family for the FQDN DNS resolution result and the "c=" connection >address
>>>> MUST be set to FQDN. Differences in the "c=" line address family and type
>>>> with FQDN resolution result MUST not cause ICE support verification failure.
>>>>
>>>> Minor change suggestion:
>>>>
>>>> "The procedures for handling FQDN addresses, and for agents to indicate
>>>> support of such procedures, need to be specified in an extension
>>>> specification."
>>>>
>>>> Regards,
>>>>
>>>> Christer
>>>>
>>>>
>>>>
>>>>

v2.23.0 | Report a Bug | By Email