Re: [MMUSIC] (Rough) Consensus Call - No FQDN support in ice-sip-sdp
Flemming Andreasen <fandreas@cisco.com> Tue, 21 May 2019 13:37 UTC
Return-Path: <fandreas@cisco.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 72524120041 for <mmusic@ietfa.amsl.com>; Tue, 21 May 2019 06:37:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ush8hqYmX_FO for <mmusic@ietfa.amsl.com>; Tue, 21 May 2019 06:37:29 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7411812012D for <mmusic@ietf.org>; Tue, 21 May 2019 06:37:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27170; q=dns/txt; s=iport; t=1558445849; x=1559655449; h=subject:to:cc:references:from:message-id:date: mime-version:in-reply-to; bh=Ww7KdLM8lXXREmhyHZ9nG9Psuoevo+HTLhcX3Ued03Q=; b=VW5XvQ5JEk5IJG0+YWMppg2EQCtEDh2OCmBkUstRKd1Hyhw6Z9Sb93zI KwuqXAk09A41fUP31I88qlDPfzl8ZoBHXOvZeHG3eDgqRdj6n8o+ua69+ AIrjwNMeb3jfpSfl+uZk+zyCbRB2wXEBq/lsdoIwRtpGvzxu43P6+6Rro s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BkAAAL/uNc/51dJa1lHAEBAQQBAQcEAQGBUgYBAQsBgQ5TL2lRMyiEE5RoCCV+iEIOjweBewkBAQEOGAEKDAEBg3pGAoImIzUIDgEDAQEEAQECAQRtHAyFSwEBBAEBIUsLEAsYIAcDAgIhBh8RBgEMBgIBAReDBwGBagMJFA+mUoEvH4Upgj4NXYFABoE0AYtQF4FAP4ERJwyCKgcuPoIaRwEBAgEXhFGCWASLMAGcOTkJgg+GLoh0g1gGG4xPiV2DfYhZhnKBU4lLg2CBUAE2KYEbCwhNIxU7gmyCGxeIYIVbIwMwi2oHgksBAQ
X-IronPort-AV: E=Sophos;i="5.60,495,1549929600"; d="scan'208,217";a="562268660"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 21 May 2019 13:37:26 +0000
Received: from [10.118.10.19] (rtp-fandreas-2-8812.cisco.com [10.118.10.19]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTP id x4LDbPhN020761; Tue, 21 May 2019 13:37:26 GMT
To: Suhas Nandakumar <suhasietf@gmail.com>, Roman Shpount <roman@telurix.com>
Cc: Bernard Aboba <bernard.aboba@gmail.com>, Christer Holmberg <christer.holmberg@ericsson.com>, mmusic <mmusic@ietf.org>
References: <77400318-1e2c-7d33-ab41-a3b8d0062b00@cisco.com> <CAMRcRGQ0gQ0c-pmBQ2ZOOX-5uGWkfy57Yu0QMuAp9ED2f8drwA@mail.gmail.com> <D7E2876E-E750-40C6-B33E-FC24F9CD0709@ericsson.com> <CAOW+2dsy5_cjH2BJJq7mRu9JaQNmh7oqWxUrFDPqBKaceffJaQ@mail.gmail.com> <2226B494-B058-45C8-901B-1B872218ECE7@ericsson.com> <CAD5OKxs2fvyqxjcNmNbqx+ToSpnaeqj5LyX4qz2rOuqFp3oBow@mail.gmail.com> <710E80DF-8389-4A5E-9DBE-5DF2D20E4F02@ericsson.com> <CAD5OKxtcEWmRvXanh7FsdQAD_fTFRnQc8HhkeLx9mz+-XUX7-Q@mail.gmail.com> <871E99E8-DA8D-4E71-B359-F2388479C38E@ericsson.com> <CAOW+2dvUAed2P-xCOvbcsHJGcs92=ad9T5K63xhpVqdKvjK2fw@mail.gmail.com> <CAD5OKxuU-wio4Af8me1OMo62vanu5y_PnQ3nq=UF6jh6yr1EFg@mail.gmail.com> <CAOW+2dskL5P+02xujeEL-SGVPQ8-Gy85hX_DE10TBDwaE1e2Xw@mail.gmail.com> <CAD5OKxu9zKxVhFFxiBzq6v67A18Msd1fZMhbrpXf1=NQAgceAQ@mail.gmail.com> <CAMRcRGTKJmPCr4MZsK613csJ2yXHZzoDFzMtDujui4-NVZkH1A@mail.gmail.com>
From: Flemming Andreasen <fandreas@cisco.com>
Message-ID: <c3a3dccf-6398-e47b-79ba-34aaea410f33@cisco.com>
Date: Tue, 21 May 2019 09:37:25 -0400
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <CAMRcRGTKJmPCr4MZsK613csJ2yXHZzoDFzMtDujui4-NVZkH1A@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------A66407438601E81DCA736070"
Content-Language: en-US
X-Outbound-SMTP-Client: 10.118.10.19, rtp-fandreas-2-8812.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/V1fGEjk17TM7Ans2QLuXHeKfMEE>
Subject: Re: [MMUSIC] (Rough) Consensus Call - No FQDN support in ice-sip-sdp
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 13:37:34 -0000
On 5/21/19 1:01 AM, Suhas Nandakumar wrote: > > > On Mon, May 20, 2019 at 8:19 PM Roman Shpount <roman@telurix.com > <mailto:roman@telurix.com>> wrote: > > There was a bit of discussion earlier about this and the > understanding was that RFC 8445 does not deal with FQDN or DNS > resolution. RFC 8445 gets a list of candidates with IP Addresses. > FQDN resolution as well as the format in which candidates are > encoded would be a part of some other draft such ice-sip-sdp or an > extension. > > > [suhas] .. I don’t understand why FQDN resolution should be scoped in > ice-sip-sdp whose main purposes is offer / answer negotiation and yes > encoding provided candidates. I agree with Bernard and vote to move > fqdn resolution outside ice-sip-sdp into a new draft > I'm leaning towards that as well. Trying to rush an FQDN solution into ice-sip-sdp does not seem like a good idea, and we need to move this draft forward. Thanks -- Flemming (as individual) > > > > Also, using ice2 option does not help much since offer with FQDN > in connection address would have to be generated before agent > knows if remote party supports ice2. Bottom line is if remote > party fails to parse FQDN there is nothing that can be done to > generate an offer that will be compatible (except for putting FQDN > in candidate extension). If FQDN is ignored or handled according > to RFC 5245 procedure then it is safe to insert FQDN in contact > address since either behavior would no worse then candidate pair > connectivity check failing. > > Roman Shpount > > On Mon, May 20, 2019, 22:51 Bernard Aboba <bernard.aboba@gmail.com > <mailto:bernard.aboba@gmail.com>> wrote: > > I would recommend updating RFC 8445 to require that > implementations that do not support FQDNs ignore them. That > way we can assume that implementations including an 'ice2' > option will ignore FQDNs if they are unsupported. Then the > MDNS draft can cite RFC 8445. > > On Mon, May 20, 2019 at 7:34 PM Roman Shpount > <roman@telurix.com <mailto:roman@telurix.com>> wrote: > > What do you suggest? > > Most of the legacy implementations would fail to parse > FQDN in the connection address. > > Roman Shpount > > On Mon, May 20, 2019, 21:55 Bernard Aboba > <bernard.aboba@gmail.com <mailto:bernard.aboba@gmail.com>> > wrote: > > "If FQDN is allowed but ignored, this will allow > "legacy" implementations to interop with ICE > implementation which support mDNS or generic FQDN. How > FQDN are resolved and how ICE agents specify to each > other the these procedures are supported can and > should be part of mDNS or generic FQND support draft. > If I am missing something and something else is > required, mDNS authors should comment." > > [BA] Unfortunately, RFC 5245 did not mandate that > FQDNs be ignored by implementations that did not > choose to support them. All it says is this: > > <connection-address>: is taken fromRFC 4566 <https://tools.ietf.org/html/rfc4566> [RFC4566 <https://tools.ietf.org/html/rfc4566>]. It is the > IP address of the candidate, allowing for IPv4 addresses, IPv6 > addresses, and fully qualified domain names (FQDNs). When parsing > this field, an agent can differentiate an IPv4 address and an IPv6 > > address by presence of a colon in its value - the presence of a > colon indicates IPv6. An agent MUST ignore candidate lines that > include candidates with IP address versions that are not supported > or recognized. An IP address SHOULD be used, but an FQDN MAY be > used in place of an IP address. In that case, when receiving an > offer or answer containing an FQDN in an a=candidate attribute, > the FQDN is looked up in the DNS first using an AAAA record > (assuming the agent supports IPv6), and if no result is found or > the agent only supports IPv4, using an A. If the DNS query > returns more than one IP address, one is chosen, and then used for > the remainder of ICE processing. > > > So while there are good reasons why modern ICE > implementations should support FQDNs (e.g. for NAT64 > support), "legacy" implementations are by definition > not modern. Given that RFC 5245-compliant > implementations were not obligated to either send > FQDNs or to correctly handle them if they were not > supported, we need to look at what legacy > implementations do, not what we would prefer that they > do. > > Since RFC 5245 did not mandate either FQDN support or > even resilient behavior in non-supporting > implementations, problems such as the one below (or > much worse) are to be expected: > https://bugs.chromium.org/p/webrtc/issues/detail?id=4165 > > So if were are attempting to interoperate with the > vast body of existing implementations, we should > assume that we have to contend with legacy > implementations have been baked into equipment, or > forked to create mobile applications that have not > been resync'd in years. Note that this is a very > different circumstance from browser-browser interop > where "evergreen" is rapidly becoming the rule among > WebRTC-capable browsers. > > On Mon, May 20, 2019 at 4:14 PM Christer Holmberg > <christer.holmberg@ericsson.com > <mailto:christer.holmberg@ericsson.com>> wrote: > > Hi, > > >If FQDN is allowed but ignored, this will allow > "legacy" implementations to interop with ICE > implementation which support mDNS or generic FQDN. > >How FQDN are resolved and how ICE agents specify > to each other the these procedures are supported > can and should be part of mDNS or generic > >FQND support draft. If I am missing something and > something else is required, mDNS authors should > comment. > > I don’t think you are missing anything. > > So far this is my proposal for ice-sip-sdp > connection address definition which should > implement option 2: > > ><connection-address>: :: is taken from RFC 4566 > <<RFC4566>>. It is the IP address of the > candidate, allowing for IPv4 addresses, IPv6 > addresses, and fully qualified domain names > (FQDNs). When >parsing this field, an agent can > differentiate an IPv4 address and an IPv6 address > by presence of a colon in its value - the presence > of a colon indicates IPv6. An agent MUST ignore > candidate lines >that include candidates with FQDN > or IP address versions that are not supported or > recognized. Handling of FQDN addresses in > candidate can be defined in the future > specification. If candidate >with FQDN > <connection-address> is the default > destination/candidate, the the "c=" address type > MUST be set the IP address family for the FQDN DNS > resolution result and the "c=" connection >address > MUST be set to FQDN. Differences in the "c=" line > address family and type with FQDN resolution > result MUST not cause ICE support verification > failure. > > Minor change suggestion: > > "The procedures for handling FQDN addresses, and > for agents to indicate support of such procedures, > need to be specified in an extension specification." > > Regards, > > Christer > > > > _______________________________________________ > mmusic mailing list > mmusic@ietf.org <mailto:mmusic@ietf.org> > https://www.ietf.org/mailman/listinfo/mmusic >
- [MMUSIC] (Rough) Consensus Call - No FQDN support… Flemming Andreasen
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Suhas Nandakumar
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Christer Holmberg
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Roman Shpount
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Christer Holmberg
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Roman Shpount
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Bernard Aboba
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Christer Holmberg
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Roman Shpount
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Christer Holmberg
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Roman Shpount
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Christer Holmberg
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Bernard Aboba
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Roman Shpount
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Bernard Aboba
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Roman Shpount
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Suhas Nandakumar
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Christer Holmberg
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Flemming Andreasen
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Christer Holmberg
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Suhas Nandakumar
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Roman Shpount
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Roman Shpount
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Roman Shpount
- Re: [MMUSIC] (Rough) Consensus Call - No FQDN sup… Roman Shpount