Re: [MMUSIC] Review (by Albrecht) of draft-ietf-mmusic-udptl-dtls-02

Christer Holmberg <christer.holmberg@ericsson.com> Tue, 14 January 2014 12:47 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A73B1AE0C8 for <mmusic@ietfa.amsl.com>; Tue, 14 Jan 2014 04:47:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.65
X-Spam-Level:
X-Spam-Status: No, score=-2.65 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, J_CHICKENPOX_56=0.6, J_CHICKENPOX_57=0.6, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4L_2pMY4rHIt for <mmusic@ietfa.amsl.com>; Tue, 14 Jan 2014 04:47:02 -0800 (PST)
Received: from mailgw7.ericsson.se (mailgw7.ericsson.se [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id BCDEF1AE0BD for <mmusic@ietf.org>; Tue, 14 Jan 2014 04:47:01 -0800 (PST)
X-AuditID: c1b4fb30-b7f228e000003e6c-d1-52d531b9ddd9
Received: from ESESSHC016.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw7.ericsson.se (Symantec Mail Security) with SMTP id 82.41.15980.9B135D25; Tue, 14 Jan 2014 13:46:49 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.201]) by ESESSHC016.ericsson.se ([153.88.183.66]) with mapi id 14.02.0347.000; Tue, 14 Jan 2014 13:46:49 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Schwarz, Albrecht (Albrecht)" <albrecht.schwarz@alcatel-lucent.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Thread-Topic: Review (by Albrecht) of draft-ietf-mmusic-udptl-dtls-02
Thread-Index: Ac78BetKtAzG5MiCRciuBhIxNigaawVG7NHA
Date: Tue, 14 Jan 2014 12:46:48 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1C5F9C35@ESESSMB209.ericsson.se>
References: <786615F3A85DF44AA2A76164A71FE1AC1230F3@FR711WXCHMBA03.zeu.alcatel-lucent.com>
In-Reply-To: <786615F3A85DF44AA2A76164A71FE1AC1230F3@FR711WXCHMBA03.zeu.alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.17]
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B1C5F9C35ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrGLMWRmVeSWpSXmKPExsUyM+Jvje5Ow6tBBh/+Klj8af3FaDF1+WMW ByaP1md7WT2WLPnJFMAUxWWTkpqTWZZapG+XwJXxdvMt9oK16xgrPj5OaGDcPJOxi5GTQ0LA ROLX9K1sELaYxIV764FsLg4hgUOMEs9W3mOGcJYwSnzc8wgow8HBJmAh0f1PG6RBRCBf4tiW Y+wgtrCAi8THL91sEHFXieN/ZoGViwgYSVx6kAISZhFQldi66AkTSJhXwFfi4exAkLCQQJTE kmsdrCA2p0C0xOYfK8CmMAKd8/3UGiYQm1lAXOLWk/lMEGcKSCzZc54ZwhaVePn4HyvISAkB RYnl/XIQ5fkSc49vYwGxeQUEJU7OfMIygVFkFpJJs5CUzUJSBhHXkViw+xMbhK0tsWzha2YY +8yBx0zI4gsY2VcxsucmZuakl5tvYgTGzcEtvw12MG66L3aIUZqDRUmc98Nb5yAhgfTEktTs 1NSC1KL4otKc1OJDjEwcnFINjG1dv2I2hz2xT8r2P2T/VqnFbdK8d1PmdGfqf1+4bHGfW2MJ k3lWzWMhSQWbtX8jyk3Stxp8tPGRWzh76oTzHrUNNa/0H9+cX/D5fD5Daof/Ff8v+lOVxFb8 2SdYefrIr4nvO2rDv79axa7MKhgtx8uQp73wY+6mx1b5HVwfxJfeurt1U/PcZUosxRmJhlrM RcWJAOnHYkVpAgAA
Subject: Re: [MMUSIC] Review (by Albrecht) of draft-ietf-mmusic-udptl-dtls-02
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jan 2014 12:47:06 -0000

Hi Albrecht,

I am sorry that it took a while to address your comments, but here we go :)

Comment inline. I try to shorten your suggested text, by keeping the essential parts, and prevent adding long notes.

-----------------------------

to 3.1<http://tools.ietf.org/html/draft-ietf-mmusic-udptl-dtls-02#section-3.1>.1>.  Secure Channel Establishment
      Paragraph:

   In addition to the usual contents of an SDP media description ("m="

   line) specified for UDPTL over the UDP, each SDP media description

   for UDPTL over DTLS over the UDP will also contain several SDP

   attributes, as specified in [RFC4145<http://tools.ietf.org/html/rfc4145>] and [RFC4572<http://tools.ietf.org/html/rfc4572>]2>].

proposed to be detailed by:


   In addition to the usual contents of an SDP media description ("m="

   line) specified for UDPTL over the UDP, each SDP media description

   for UDPTL over DTLS over the UDP will also contain several SDP

   attributes, which were introduced in the context of TCP and TLS (but reused here for DTLS-over-UDP), as specified in [RFC4145<http://tools.ietf.org/html/rfc4145>] (TCP) and [RFC4572<http://tools.ietf.org/html/rfc4572>] (TLS).

I suggest the following:

In addition to the usual contents of an SDP media description ("m="

      line) specified for UDPTL over UDP, each SDP media description

      for UDPTL over DTLS over UDP will also contain several SDP

      attributes (which were introduced in the context of TCP [RFC4145]

      and TLS [4572], and re-used in this document).



-----------------------------


List item:

   o  The endpoint MUST use the SDP setup attribute [RFC4145<http://tools.ietf.org/html/rfc4145>]5>].  The

      offerer SHOULD assign the SDP setup attribute with a setup:actpass

      value, and MAY assign the SDP setup attribute with a setup:active

      value or setup:passive value.  The offerer MUST NOT assign the SDP

      setup attribute with a setup:holdconn value.  If the offerer ...

proposed to add further background information:

   o  The endpoint MUST use the SDP setup attribute [RFC4145<http://tools.ietf.org/html/rfc4145>]5>].  The

      offerer SHOULD assign the SDP setup attribute with a setup:actpass

      value, and MAY assign the SDP setup attribute with a setup:active

      value or setup:passive value (NOTE: these rules allow to decouple the establishment direction of the DTLS session from the establishment direction of the SIP session (which may be demanded due to security considerations, NAT traversal aspects, etc.)).
The offerer MUST NOT assign the SDP

      setup attribute with a setup:holdconn value.  If the offerer ....

I suggest to simply say following:

                "In order to negotiate the TLS roles, the endpoint MUST use the SDP setup attribute [RFC4145<http://tools.ietf.org/html/rfc4145>]."

I don't think we need the other text. It's really not the main scope of the document. Other DTLS protocols also use the setup
attribute to determine the TLS roles, and we are simply doing the same thing.

-----------------------------



to 3.2<http://tools.ietf.org/html/draft-ietf-mmusic-udptl-dtls-02#section-3.2>.2>.  Secure Channel Usage

      Paragraph:

   DTLS is used as specified in [RFC6347<http://tools.ietf.org/html/rfc6347>]7>].  Once the DTLS handshake is

   completed, the UDPTL packets SHALL be transported in DTLS record

   layer "application_data" packets.

proposed to be detailed by:

   DTLS is used as specified in [RFC6347<http://tools.ietf.org/html/rfc6347>]7>].  Once the DTLS handshake is

   successfully completed, the UDPTL packets SHALL be transported in DTLS record

   layer "application_data" packets.
NOTE: such a proceeding ensures that the application (i.e., T.38) does not start to transmit facsimile data already during an ongoing underlying DTLS session establishment. This aspect might be important for end-to-end scenarios with gateway equipment and a possible "UDPTL/DTLS/UDP-to-UDPTL/UDP" interworking function).

I suggest the following:


        "DTLS is used as specified in [RFC6347<http://tools.ietf.org/html/rfc6347>]7>].  Once the DTLS handshake is

        successfully completed (in order to prevent facsimile data from being

        transmitted insecurely), the UDPTL packets SHALL be transported in DTLS

        record layer "application_data" packets."



-----------------------------

Regards,

Christer