IETF Logo Mail Archive

Re: [MMUSIC] (Rough) Consensus Call - No FQDN support in ice-sip-sdp

Christer Holmberg <christer.holmberg@ericsson.com> Tue, 21 May 2019 14:36 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C68A0120020 for <mmusic@ietfa.amsl.com>; Tue, 21 May 2019 07:36:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b2otCt_CLTXd for <mmusic@ietfa.amsl.com>; Tue, 21 May 2019 07:36:23 -0700 (PDT)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150077.outbound.protection.outlook.com [40.107.15.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC126120157 for <mmusic@ietf.org>; Tue, 21 May 2019 07:36:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=MxyPt27lHrkFJAtuCfjRad6iz3hrH2uBJz+ZiN0y39I=; b=JrTVP+93FNroZfDIKhNlwVct+RcBJiz+JX0IEi3fkYbbcpsYAaKKZrOJP/zcx3k+chjnxSka8LXDtn5cX8bjKEsqdkPA1uW0+uedRRJJe70Nw5N7AL05xrvHz5VRRkocrySGNrH2pgZDEN3dUWH/0X9aDfmo4IUUJRF8Y4Y1HAI=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3194.eurprd07.prod.outlook.com (10.170.245.32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.15; Tue, 21 May 2019 14:36:19 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321%6]) with mapi id 15.20.1922.013; Tue, 21 May 2019 14:36:19 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Flemming Andreasen <fandreas@cisco.com>, Suhas Nandakumar <suhasietf@gmail.com>, Roman Shpount <roman@telurix.com>
CC: mmusic <mmusic@ietf.org>
Thread-Topic: [MMUSIC] (Rough) Consensus Call - No FQDN support in ice-sip-sdp
Thread-Index: AQHVCT2tPwy1I9GoQ0ibIOLFdr9u/qZogFkAgACByACAC5w8gIAAFLKA///yEYCAABKwAP//9huAgAAUAYCAABwaAIAACskAgAAE3oCAAAepAIAAHMUAgACQD4CAACE1AA==
Date: Tue, 21 May 2019 14:36:18 +0000
Message-ID: <4E9FD8D0-2443-4504-8362-211ED5522C6F@ericsson.com>
References: <77400318-1e2c-7d33-ab41-a3b8d0062b00@cisco.com> <CAMRcRGQ0gQ0c-pmBQ2ZOOX-5uGWkfy57Yu0QMuAp9ED2f8drwA@mail.gmail.com> <D7E2876E-E750-40C6-B33E-FC24F9CD0709@ericsson.com> <CAOW+2dsy5_cjH2BJJq7mRu9JaQNmh7oqWxUrFDPqBKaceffJaQ@mail.gmail.com> <2226B494-B058-45C8-901B-1B872218ECE7@ericsson.com> <CAD5OKxs2fvyqxjcNmNbqx+ToSpnaeqj5LyX4qz2rOuqFp3oBow@mail.gmail.com> <710E80DF-8389-4A5E-9DBE-5DF2D20E4F02@ericsson.com> <CAD5OKxtcEWmRvXanh7FsdQAD_fTFRnQc8HhkeLx9mz+-XUX7-Q@mail.gmail.com> <871E99E8-DA8D-4E71-B359-F2388479C38E@ericsson.com> <CAOW+2dvUAed2P-xCOvbcsHJGcs92=ad9T5K63xhpVqdKvjK2fw@mail.gmail.com> <CAD5OKxuU-wio4Af8me1OMo62vanu5y_PnQ3nq=UF6jh6yr1EFg@mail.gmail.com> <CAOW+2dskL5P+02xujeEL-SGVPQ8-Gy85hX_DE10TBDwaE1e2Xw@mail.gmail.com> <CAD5OKxu9zKxVhFFxiBzq6v67A18Msd1fZMhbrpXf1=NQAgceAQ@mail.gmail.com> <CAMRcRGTKJmPCr4MZsK613csJ2yXHZzoDFzMtDujui4-NVZkH1A@mail.gmail.com> <c3a3dccf-6398-e47b-79ba-34aaea410f33@cisco.com>
In-Reply-To: <c3a3dccf-6398-e47b-79ba-34aaea410f33@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [157.190.0.15]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5ea54edb-722e-4d2b-e244-08d6ddf9b019
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR07MB3194;
x-ms-traffictypediagnostic: HE1PR07MB3194:
x-ms-exchange-purlcount: 3
x-microsoft-antispam-prvs: <HE1PR07MB31946379D5DF42F5E1B669A293070@HE1PR07MB3194.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0044C17179
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(366004)(396003)(346002)(376002)(39860400002)(199004)(189003)(36756003)(66574012)(110136005)(7736002)(316002)(82746002)(58126008)(561944003)(2616005)(66476007)(66556008)(14444005)(256004)(446003)(76176011)(14454004)(6436002)(68736007)(102836004)(53546011)(66066001)(53936002)(5660300002)(6506007)(99286004)(2906002)(6246003)(44832011)(8676002)(86362001)(4326008)(71200400001)(81166006)(8936002)(81156014)(606006)(486006)(71190400001)(25786009)(33656002)(83716004)(6116002)(229853002)(3846002)(66446008)(476003)(66946007)(54896002)(966005)(6306002)(11346002)(76116006)(64756008)(236005)(73956011)(6512007)(91956017)(26005)(790700001)(508600001)(6486002)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3194; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Kt4qwzElZjF+BkF0BpvryafhsfsE6auPbikrnTs9Tx1rMngHbzW+SrP66QxFmJmzt1rmvsBrfTAd7SPtSj6ClFdiMRI/rdZhgQjObX9OVJf6ebnPx7LFxtp4ajrnIAl4axomLCcE5s5QpWSJEbMTsV+FEOFCkXdRxgH2kKGhQ2WUy3qq4r8MnJY7yAtgiEKdj8OjEpvbHerNsGKgTKm62bzB49AVtoNyvcakbX2MYQXipVi9icl5iMBYU5b42bEQAKJJSCm3rQguEGa5BwVwgtOYae3hCZmb/rrjT0wBbqb7GOwGAEg343zndLZsIiRJmjXcxE1e8ynmrO4ojj0LfKh3O6lUBGGUEnKVpCf8dMU+C3j29YGO9AJ1TKbH73FUBrLtG73VOs7qyYjIyjXGI3I1I5RAf2G2Mc0hPVUfE2c=
Content-Type: multipart/alternative; boundary="_000_4E9FD8D0244345048362211ED5522C6Fericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5ea54edb-722e-4d2b-e244-08d6ddf9b019
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 May 2019 14:36:18.9406 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: christer.holmberg@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3194
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/VajzDRzCz7vXB-tWyOuMv4wgiF0>
Subject: Re: [MMUSIC] (Rough) Consensus Call - No FQDN support in ice-sip-sdp
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 14:36:28 -0000

Hi,

Roman suggested text yesterday, and with my change suggestion it would look like:

<connection-address>: :: is taken from RFC 4566 <<RFC4566>>. It is the IP address of the candidate, allowing for IPv4 addresses, IPv6 addresses,
and fully qualified domain names (FQDNs).  When parsing this field, an agent can differentiate  an IPv4 address and an IPv6 address by presence
of a colon in its value - the presence of a colon indicates IPv6.  An agent processing remote candidates MUST ignore candidate lines that include
candidates with FQDN or IP address versions that are not supported or recognized.  The procedures for handling FQDN candidates, and for agents
to indicate support of such procedures, need to be specified in an extension specification. If candidate with FQDN <connection-address> is the
default destination/candidate, the "c=" address type MUST be set the IP address family for the FQDN DNS resolution result and the "c=" connection
address MUST be set to FQDN. Differences in the "c=" line address family and type with FQDN resolution result MUST not cause ICE support verification failure.

The text in bold covers the must-ignore-FQDN-and-will-be-specified-in-an-extension-specification part.

Now, I have some difficulties to understand the last sentence. It seems to indicate that some FQDN DNS resolution is performed, and that the IP family is set according to the result. But, what if the result contains both IPv6 and IPv4?

Also, I assume that the procedures in the last sentence is related to the provider of the candidates. If so, it needs to be more clear.

Regards,

Christer

From: mmusic <mmusic-bounces@ietf.org> on behalf of Flemming Andreasen <fandreas@cisco.com>
Date: Tuesday, 21 May 2019 at 14.40
To: Suhas Nandakumar <suhasietf@gmail.com>, Roman Shpount <roman@telurix.com>
Cc: Christer Holmberg <christer.holmberg@ericsson.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] (Rough) Consensus Call - No FQDN support in ice-sip-sdp


On 5/21/19 1:01 AM, Suhas Nandakumar wrote:


On Mon, May 20, 2019 at 8:19 PM Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>> wrote:
There was a bit of discussion earlier about this and the understanding was that RFC 8445 does not deal with FQDN or DNS resolution. RFC 8445 gets a list of candidates with IP Addresses. FQDN resolution as well as the format in which candidates are encoded would be a part of some other draft such ice-sip-sdp or an extension.

[suhas] .. I don’t understand why FQDN resolution should be scoped in ice-sip-sdp whose main purposes is offer / answer negotiation and yes encoding provided candidates. I agree with Bernard and vote to move fqdn resolution outside ice-sip-sdp into a new draft

I'm leaning towards that as well. Trying to rush an FQDN solution into ice-sip-sdp does not seem like a good idea, and we need to move this draft forward.

Thanks

-- Flemming (as individual)






Also, using ice2 option does not help much since offer with FQDN in connection address would have to be generated before agent knows if remote party supports ice2. Bottom line is if remote party fails to parse FQDN there is nothing that can be done to generate an offer that will be compatible (except for putting FQDN in candidate extension). If FQDN is ignored or handled according to RFC 5245 procedure then it is safe to insert FQDN in contact address since either behavior would no worse then candidate pair connectivity check failing.

Roman Shpount

On Mon, May 20, 2019, 22:51 Bernard Aboba <bernard.aboba@gmail.com<mailto:bernard.aboba@gmail.com>> wrote:
I would recommend updating RFC 8445 to require that implementations that do not support FQDNs ignore them.  That way we can assume that implementations including an 'ice2' option will ignore FQDNs if they are unsupported.  Then the MDNS draft can cite RFC 8445.

On Mon, May 20, 2019 at 7:34 PM Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>> wrote:
What do you suggest?

Most of the legacy implementations would fail to parse FQDN in the connection address.
Roman Shpount

On Mon, May 20, 2019, 21:55 Bernard Aboba <bernard.aboba@gmail.com<mailto:bernard.aboba@gmail.com>> wrote:
"If FQDN is allowed but ignored, this will allow "legacy" implementations to interop with ICE implementation which support mDNS or generic FQDN. How FQDN are resolved and how ICE agents specify to each other the these procedures are supported can and should be part of mDNS or generic FQND support draft. If I am missing something and something else is required, mDNS authors should comment."

[BA] Unfortunately, RFC 5245 did not mandate that FQDNs be ignored by implementations that did not choose to support them.  All it says is this:


<connection-address>:  is taken from RFC 4566<https://tools.ietf.org/html/rfc4566> [RFC4566<https://tools.ietf.org/html/rfc4566>].  It is the

      IP address of the candidate, allowing for IPv4 addresses, IPv6

      addresses, and fully qualified domain names (FQDNs).  When parsing

      this field, an agent can differentiate an IPv4 address and an IPv6

      address by presence of a colon in its value - the presence of a

      colon indicates IPv6.  An agent MUST ignore candidate lines that

      include candidates with IP address versions that are not supported

      or recognized.  An IP address SHOULD be used, but an FQDN MAY be

      used in place of an IP address.  In that case, when receiving an

      offer or answer containing an FQDN in an a=candidate attribute,

      the FQDN is looked up in the DNS first using an AAAA record

      (assuming the agent supports IPv6), and if no result is found or

      the agent only supports IPv4, using an A.  If the DNS query

      returns more than one IP address, one is chosen, and then used for

      the remainder of ICE processing.

So while there are good reasons why modern ICE implementations should support FQDNs (e.g. for NAT64 support), "legacy" implementations are by definition not modern.  Given that RFC 5245-compliant implementations were not obligated to either send FQDNs or to correctly handle them if they were not supported, we need to look at what legacy implementations do, not what we would prefer that they do.

Since RFC 5245 did not mandate either FQDN support or even resilient behavior in non-supporting implementations, problems such as the one below (or much worse) are to be expected:
https://bugs.chromium.org/p/webrtc/issues/detail?id=4165

So if were are attempting to interoperate with the vast body of existing implementations, we should assume that we have to contend with legacy implementations have been baked into equipment, or forked to create mobile applications that have not been resync'd in years.  Note that this is a very different circumstance from browser-browser interop where "evergreen" is rapidly becoming the rule among WebRTC-capable browsers.

On Mon, May 20, 2019 at 4:14 PM Christer Holmberg <christer.holmberg@ericsson.com<mailto:christer.holmberg@ericsson.com>> wrote:
Hi,

>If FQDN is allowed but ignored, this will allow "legacy" implementations to interop with ICE implementation which support mDNS or generic FQDN.
>How FQDN are resolved and how ICE agents specify to each other the these procedures are supported can and should be part of mDNS or generic
>FQND support draft. If I am missing something and something else is required, mDNS authors should comment.

I don’t think you are missing anything.

So far this is my proposal for ice-sip-sdp connection address definition which should implement option 2:

><connection-address>: :: is taken from RFC 4566 <<RFC4566>>. It is the IP address of the candidate, allowing for IPv4 addresses, IPv6 addresses, and fully qualified domain names (FQDNs).  When >parsing this field, an agent can differentiate  an IPv4 address and an IPv6 address by presence of a colon in its value - the presence of a colon indicates IPv6.  An agent MUST ignore candidate lines >that include candidates with FQDN or IP address versions that are not supported or recognized.  Handling of FQDN addresses in candidate can be defined in the future specification. If candidate >with FQDN <connection-address> is the default destination/candidate, the the "c=" address type MUST be set the IP address family for the FQDN DNS resolution result and the "c=" connection >address MUST be set to FQDN. Differences in the "c=" line address family and type with FQDN resolution result MUST not cause ICE support verification failure.

Minor change suggestion:

"The procedures for handling FQDN addresses, and for agents to indicate support of such procedures, need to be specified in an extension specification."

Regards,

Christer


_______________________________________________
mmusic mailing list
mmusic@ietf.org<mailto:mmusic@ietf.org>
https://www.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email