Re: [MMUSIC] Draft new version: draft-holmberg-mmusic-sdp-dtls-01

Paul Kyzivat <pkyzivat@alum.mit.edu> Mon, 22 June 2015 13:32 UTC

Return-Path: <pkyzivat@alum.mit.edu>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 783361A8AE8 for <mmusic@ietfa.amsl.com>; Mon, 22 Jun 2015 06:32:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.465
X-Spam-Level: *
X-Spam-Status: No, score=1.465 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_SOFTFAIL=0.665] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HURdP7UF6XYi for <mmusic@ietfa.amsl.com>; Mon, 22 Jun 2015 06:32:20 -0700 (PDT)
Received: from resqmta-po-07v.sys.comcast.net (resqmta-po-07v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:166]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 627D01A8AE5 for <mmusic@ietf.org>; Mon, 22 Jun 2015 06:32:20 -0700 (PDT)
Received: from resomta-po-15v.sys.comcast.net ([96.114.154.239]) by resqmta-po-07v.sys.comcast.net with comcast id jRYK1q0085AAYLo01RYKH1; Mon, 22 Jun 2015 13:32:19 +0000
Received: from Paul-Kyzivats-MacBook-Pro.local ([50.138.229.151]) by resomta-po-15v.sys.comcast.net with comcast id jRYK1q0013Ge9ey01RYKGn; Mon, 22 Jun 2015 13:32:19 +0000
Message-ID: <55880E62.2080702@alum.mit.edu>
Date: Mon, 22 Jun 2015 09:32:18 -0400
From: Paul Kyzivat <pkyzivat@alum.mit.edu>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: Christer Holmberg <christer.holmberg@ericsson.com>, "mmusic@ietf.org" <mmusic@ietf.org>
References: <7594FB04B1934943A5C02806D1A2204B1D8F4457@ESESSMB209.ericsson.se> <5585A71F.4080808@alum.mit.edu> <7594FB04B1934943A5C02806D1A2204B1D8F4863@ESESSMB209.ericsson.se>
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1D8F4863@ESESSMB209.ericsson.se>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1434979939; bh=1v2WdtW15ufKNZ9apJtuM90gxptNS796OFQ9MIW8l7E=; h=Received:Received:Message-ID:Date:From:MIME-Version:To:Subject: Content-Type; b=PuOFtppU5jj2mhbrTWU0PA5bZCfUNcBS/0ewBMHdnn747/ayIy2fDC+5VJglxyRLV /r6k0iXlCQqW3/RaSyi46kDKUdUy29dCzngkwi2uxA73qxIbY5+jieho/Txs9XjNqr 5eLjKWiwJBAPoGK3G+Vh/AQu4fceen8qwcTxoekCsG+zoBRrhcghhZnHDSwjYEja1A k8jBQGV+hhmbSTmCL//Nc+ek4+9L0xWJAmBhXFsQfsp0ehf1AXv/2nxF9hZwQpBJL5 tfQaTs4g4zkBWnQJAVnfEXBnesLezX8+SZluME45NSYMDPkCqS1ZIuk2fEWI1bKCf3 4CzK78LaIGKHQ==
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/QsqaKR80B57opnbW4GBWbaAaEcI>
Subject: Re: [MMUSIC] Draft new version: draft-holmberg-mmusic-sdp-dtls-01
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Jun 2015 13:32:21 -0000

On 6/20/15 6:05 PM, Christer Holmberg wrote:
> Hi Paul,
>
> Thanks for your comments. See inline.
>
>
>> * Section 2.1:
>>
>>     When a new DTLS association is established, an endpoint MUST use a
>>     new set of transport parameters (IP address and port combination).
>>
>> The above seems slightly ambiguous: does "an endpoint" mean "each endpoint" or "one (of the two) endpoints"?
>>
>> IIUC we have established that the important point is that the 5-tuple must change. So at least one side must change the address or port. But if one > side is known to do so, then the other side need not do so. So I suggest changing the above to:
>>
>>     When a new DTLS association is established, one of the endpoints
>>     MUST use a new set of transport parameters (IP address and port
>>     combination).
>
> The idea is that the endpoint(s) which does something the requires a new set of transport parameters needs to use a new set.
>
> So, if e.g. endpoint A wants to change the fingerprint, which requires a new DTLS association, endpoint A needs to use a new set of transport parameters.

That is certainly one approach that will work. See more on this below.

>> But there may be more to sort out about the o/a protocol for guaranteeing this. I can see a few:
>>
>> - if the offer has connection:new then the offer must have new
>>    transport parameters. Else, if the offer has connection:existing
>>    but the answer has connection:new then the answer must have new
>>    transport parameters.
>
> Yes.

This is the algorithm you suggested above.

>> - if the answer has connection:new and the offer didn't have new
>>    transport parameters, then the answer must have new ones.
>
> Yes.

This is a subtly different algorithm. It doesn't require the offerer to 
change transport parameters when specifying connection:new. It *can*, 
but it can also choose not to - forcing the answered to change them. (Or 
refuse the m-line, or refuse the offer.)

It gives the offerer a little more flexibility, but then allows the 
offerer to put more burden on the answerer. There may be some obscure 
cases where the extra flexibility might be useful, though I have not yet 
thought of any.

Either algorithm will work. This spec needs to choose one and explicitly 
state it.

>> Something about the above should probably go into section 6.
>>
>> * Section 5.1
>>
>>     A 'connection' attribute value of 'new' indicates that a new DTLS
>>     association MUST be established.  A 'connection' attribute value of
>>     'existing' indicates that a new DTLS association MUST NOT be
>>     established.
>>
>> I think this is wrong - that the answerer is permitted to answer with connection:new.
>
> The was meant to say that an endpoint sending 'new' needs to use a new set of transport parameters.
>
> However, if the offerer sends 'new', meaning it uses a new set of transport parameters, I am not sure we need to mandate the answerer to use a new set of transport parameters even if it sends 'new' in the answer.

So your intent was to specify the first of the algorithms I mentioned 
above. I did not get that out of this paragraph.

	Thanks,
	Paul

>> * Section 6.3
>>
>>     If an answerer receives an offer that contains an SDP 'connection'
>>     attribute with a 'new' value, the answerer MUST insert a 'new' value
>>     in the associated answer.  The same applies if the answerer receives
>>     an offer that contains an SDP 'connection' attribute with a 'new'
>>     value, but the answerer determines (based on the criteria for
>>     establishing a new DTLS association) that a new DTLS association is
>>    to be established.
>>
>> I think I previously commented on this: the 2nd sentence "The same applies if ... attribute with 'new' value ...". *That* 'new' should be 'existing' - it > is covering an alternative to the first sentence. And this aligns with my comment above about section 5.1.
>
> I'll have a look at that.
>
> Regards,
>
> Christer
>
>