IETF Logo Mail Archive

Re: [MMUSIC] (Rough) Consensus Call - No FQDN support in ice-sip-sdp

Flemming Andreasen <fandreas@cisco.com> Tue, 21 May 2019 13:37 UTC

Return-Path: <fandreas@cisco.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72524120041 for <mmusic@ietfa.amsl.com>; Tue, 21 May 2019 06:37:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ush8hqYmX_FO for <mmusic@ietfa.amsl.com>; Tue, 21 May 2019 06:37:29 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7411812012D for <mmusic@ietf.org>; Tue, 21 May 2019 06:37:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27170; q=dns/txt; s=iport; t=1558445849; x=1559655449; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=Ww7KdLM8lXXREmhyHZ9nG9Psuoevo+HTLhcX3Ued03Q=; b=VW5XvQ5JEk5IJG0+YWMppg2EQCtEDh2OCmBkUstRKd1Hyhw6Z9Sb93zI KwuqXAk09A41fUP31I88qlDPfzl8ZoBHXOvZeHG3eDgqRdj6n8o+ua69+ AIrjwNMeb3jfpSfl+uZk+zyCbRB2wXEBq/lsdoIwRtpGvzxu43P6+6Rro s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BkAAAL/uNc/51dJa1lHAEBAQQBAQcEAQGBUgYBAQsBgQ5TL2lRMyiEE5RoCCV+iEIOjweBewkBAQEOGAEKDAEBg3pGAoImIzUIDgEDAQEEAQECAQRtHAyFSwEBBAEBIUsLEAsYIAcDAgIhBh8RBgEMBgIBAReDBwGBagMJFA+mUoEvH4Upgj4NXYFABoE0AYtQF4FAP4ERJwyCKgcuPoIaRwEBAgEXhFGCWASLMAGcOTkJgg+GLoh0g1gGG4xPiV2DfYhZhnKBU4lLg2CBUAE2KYEbCwhNIxU7gmyCGxeIYIVbIwMwi2oHgksBAQ
X-IronPort-AV: E=Sophos;i="5.60,495,1549929600"; d="scan'208,217";a="562268660"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 May 2019 13:37:26 +0000
Received: from [10.118.10.19] (rtp-fandreas-2-8812.cisco.com [10.118.10.19]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTP id x4LDbPhN020761; Tue, 21 May 2019 13:37:26 GMT
To: Suhas Nandakumar <suhasietf@gmail.com>, Roman Shpount <roman@telurix.com>
Cc: Bernard Aboba <bernard.aboba@gmail.com>, Christer Holmberg <christer.holmberg@ericsson.com>, mmusic <mmusic@ietf.org>
References: <77400318-1e2c-7d33-ab41-a3b8d0062b00@cisco.com> <CAMRcRGQ0gQ0c-pmBQ2ZOOX-5uGWkfy57Yu0QMuAp9ED2f8drwA@mail.gmail.com> <D7E2876E-E750-40C6-B33E-FC24F9CD0709@ericsson.com> <CAOW+2dsy5_cjH2BJJq7mRu9JaQNmh7oqWxUrFDPqBKaceffJaQ@mail.gmail.com> <2226B494-B058-45C8-901B-1B872218ECE7@ericsson.com> <CAD5OKxs2fvyqxjcNmNbqx+ToSpnaeqj5LyX4qz2rOuqFp3oBow@mail.gmail.com> <710E80DF-8389-4A5E-9DBE-5DF2D20E4F02@ericsson.com> <CAD5OKxtcEWmRvXanh7FsdQAD_fTFRnQc8HhkeLx9mz+-XUX7-Q@mail.gmail.com> <871E99E8-DA8D-4E71-B359-F2388479C38E@ericsson.com> <CAOW+2dvUAed2P-xCOvbcsHJGcs92=ad9T5K63xhpVqdKvjK2fw@mail.gmail.com> <CAD5OKxuU-wio4Af8me1OMo62vanu5y_PnQ3nq=UF6jh6yr1EFg@mail.gmail.com> <CAOW+2dskL5P+02xujeEL-SGVPQ8-Gy85hX_DE10TBDwaE1e2Xw@mail.gmail.com> <CAD5OKxu9zKxVhFFxiBzq6v67A18Msd1fZMhbrpXf1=NQAgceAQ@mail.gmail.com> <CAMRcRGTKJmPCr4MZsK613csJ2yXHZzoDFzMtDujui4-NVZkH1A@mail.gmail.com>
From: Flemming Andreasen <fandreas@cisco.com>
Message-ID: <c3a3dccf-6398-e47b-79ba-34aaea410f33@cisco.com>
Date: Tue, 21 May 2019 09:37:25 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CAMRcRGTKJmPCr4MZsK613csJ2yXHZzoDFzMtDujui4-NVZkH1A@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------A66407438601E81DCA736070"
Content-Language: en-US
X-Outbound-SMTP-Client: 10.118.10.19, rtp-fandreas-2-8812.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/V1fGEjk17TM7Ans2QLuXHeKfMEE>
Subject: Re: [MMUSIC] (Rough) Consensus Call - No FQDN support in ice-sip-sdp
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 13:37:34 -0000


On 5/21/19 1:01 AM, Suhas Nandakumar wrote:
>
>
> On Mon, May 20, 2019 at 8:19 PM Roman Shpount <roman@telurix.com 
> <mailto:roman@telurix.com>> wrote:
>
>     There was a bit of discussion earlier about this and the
>     understanding was that RFC 8445 does not deal with FQDN or DNS
>     resolution. RFC 8445 gets a list of candidates with IP Addresses.
>     FQDN resolution as well as the format in which candidates are
>     encoded would be a part of some other draft such ice-sip-sdp or an
>     extension.
>
>
> [suhas] .. I don’t understand why FQDN resolution should be scoped in 
> ice-sip-sdp whose main purposes is offer / answer negotiation and yes 
> encoding provided candidates. I agree with Bernard and vote to move 
> fqdn resolution outside ice-sip-sdp into a new draft
>
I'm leaning towards that as well. Trying to rush an FQDN solution into 
ice-sip-sdp does not seem like a good idea, and we need to move this 
draft forward.

Thanks

-- Flemming (as individual)


>
>
>
>     Also, using ice2 option does not help much since offer with FQDN
>     in connection address would have to be generated before agent
>     knows if remote party supports ice2. Bottom line is if remote
>     party fails to parse FQDN there is nothing that can be done to
>     generate an offer that will be compatible (except for putting FQDN
>     in candidate extension). If FQDN is ignored or handled according
>     to RFC 5245 procedure then it is safe to insert FQDN in contact
>     address since either behavior would no worse then candidate pair
>     connectivity check failing.
>
>     Roman Shpount
>
>     On Mon, May 20, 2019, 22:51 Bernard Aboba <bernard.aboba@gmail.com
>     <mailto:bernard.aboba@gmail.com>> wrote:
>
>         I would recommend updating RFC 8445 to require that
>         implementations that do not support FQDNs ignore them.  That
>         way we can assume that implementations including an 'ice2'
>         option will ignore FQDNs if they are unsupported.  Then the
>         MDNS draft can cite RFC 8445.
>
>         On Mon, May 20, 2019 at 7:34 PM Roman Shpount
>         <roman@telurix.com <mailto:roman@telurix.com>> wrote:
>
>             What do you suggest?
>
>             Most of the legacy implementations would fail to parse
>             FQDN in the connection address.
>
>             Roman Shpount
>
>             On Mon, May 20, 2019, 21:55 Bernard Aboba
>             <bernard.aboba@gmail.com <mailto:bernard.aboba@gmail.com>>
>             wrote:
>
>                 "If FQDN is allowed but ignored, this will allow
>                 "legacy" implementations to interop with ICE
>                 implementation which support mDNS or generic FQDN. How
>                 FQDN are resolved and how ICE agents specify to each
>                 other the these procedures are supported can and
>                 should be part of mDNS or generic FQND support draft.
>                 If I am missing something and something else is
>                 required, mDNS authors should comment."
>
>                 [BA] Unfortunately, RFC 5245 did not mandate that
>                 FQDNs be ignored by implementations that did not
>                 choose to support them.  All it says is this:
>
>                 <connection-address>:  is taken fromRFC 4566  <https://tools.ietf.org/html/rfc4566>  [RFC4566  <https://tools.ietf.org/html/rfc4566>].  It is the
>                        IP address of the candidate, allowing for IPv4 addresses, IPv6
>                        addresses, and fully qualified domain names (FQDNs).  When parsing
>                        this field, an agent can differentiate an IPv4 address and an IPv6
>
>                        address by presence of a colon in its value - the presence of a
>                        colon indicates IPv6.  An agent MUST ignore candidate lines that
>                        include candidates with IP address versions that are not supported
>                        or recognized.  An IP address SHOULD be used, but an FQDN MAY be
>                        used in place of an IP address.  In that case, when receiving an
>                        offer or answer containing an FQDN in an a=candidate attribute,
>                        the FQDN is looked up in the DNS first using an AAAA record
>                        (assuming the agent supports IPv6), and if no result is found or
>                        the agent only supports IPv4, using an A.  If the DNS query
>                        returns more than one IP address, one is chosen, and then used for
>                        the remainder of ICE processing.
>
>
>                 So while there are good reasons why modern ICE
>                 implementations should support FQDNs (e.g. for NAT64
>                 support), "legacy" implementations are by definition
>                 not modern.  Given that RFC 5245-compliant
>                 implementations were not obligated to either send
>                 FQDNs or to correctly handle them if they were not
>                 supported, we need to look at what legacy
>                 implementations do, not what we would prefer that they
>                 do.
>
>                 Since RFC 5245 did not mandate either FQDN support or
>                 even resilient behavior in non-supporting
>                 implementations, problems such as the one below (or
>                 much worse) are to be expected:
>                 https://bugs.chromium.org/p/webrtc/issues/detail?id=4165
>
>                 So if were are attempting to interoperate with the
>                 vast body of existing implementations, we should
>                 assume that we have to contend with legacy
>                 implementations have been baked into equipment, or
>                 forked to create mobile applications that have not
>                 been resync'd in years.  Note that this is a very
>                 different circumstance from browser-browser interop
>                 where "evergreen" is rapidly becoming the rule among
>                 WebRTC-capable browsers.
>
>                 On Mon, May 20, 2019 at 4:14 PM Christer Holmberg
>                 <christer.holmberg@ericsson.com
>                 <mailto:christer.holmberg@ericsson.com>> wrote:
>
>                     Hi,
>
>                     >If FQDN is allowed but ignored, this will allow
>                     "legacy" implementations to interop with ICE
>                     implementation which support mDNS or generic FQDN.
>                     >How FQDN are resolved and how ICE agents specify
>                     to each other the these procedures are supported
>                     can and should be part of mDNS or generic
>                     >FQND support draft. If I am missing something and
>                     something else is required, mDNS authors should
>                     comment.
>
>                     I don’t think you are missing anything.
>
>                     So far this is my proposal for ice-sip-sdp
>                     connection address definition which should
>                     implement option 2:
>
>                     ><connection-address>: :: is taken from RFC 4566
>                     <<RFC4566>>. It is the IP address of the
>                     candidate, allowing for IPv4 addresses, IPv6
>                     addresses, and fully qualified domain names
>                     (FQDNs). When >parsing this field, an agent can
>                     differentiate  an IPv4 address and an IPv6 address
>                     by presence of a colon in its value - the presence
>                     of a colon indicates IPv6.  An agent MUST ignore
>                     candidate lines >that include candidates with FQDN
>                     or IP address versions that are not supported or
>                     recognized.  Handling of FQDN addresses in
>                     candidate can be defined in the future
>                     specification. If candidate >with FQDN
>                     <connection-address> is the default
>                     destination/candidate, the the "c=" address type
>                     MUST be set the IP address family for the FQDN DNS
>                     resolution result and the "c=" connection >address
>                     MUST be set to FQDN. Differences in the "c=" line
>                     address family and type with FQDN resolution
>                     result MUST not cause ICE support verification
>                     failure.
>
>                     Minor change suggestion:
>
>                     "The procedures for handling FQDN addresses, and
>                     for agents to indicate support of such procedures,
>                     need to be specified in an extension specification."
>
>                     Regards,
>
>                     Christer
>
>
>
>     _______________________________________________
>     mmusic mailing list
>     mmusic@ietf.org <mailto:mmusic@ietf.org>
>     https://www.ietf.org/mailman/listinfo/mmusic
>

v2.23.0 | Report a Bug | By Email