Re: [MMUSIC] SDP connection attribute optional [was: DTLS-SDP: TLS support added]
Roman Shpount <roman@telurix.com> Mon, 10 April 2017 19:26 UTC
Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 206C5129A91 for <mmusic@ietfa.amsl.com>; Mon, 10 Apr 2017 12:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LXrZPn2rRGmH for <mmusic@ietfa.amsl.com>; Mon, 10 Apr 2017 12:26:09 -0700 (PDT)
Received: from mail-pg0-x231.google.com (mail-pg0-x231.google.com [IPv6:2607:f8b0:400e:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7C70129AB6 for <mmusic@ietf.org>; Mon, 10 Apr 2017 12:19:55 -0700 (PDT)
Received: by mail-pg0-x231.google.com with SMTP id x125so110501388pgb.0 for <mmusic@ietf.org>; Mon, 10 Apr 2017 12:19:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=GOGwfTcKrUc7HUCkbcXQx98RnDkM2TB+TP/fw2SxmMQ=; b=IBMQsjbYdEMdKwqvanNhyrAgN3+mBR4qa41XXwRQcrwK9wrr0rA3hnXRkcps1iQhnY SX2BEEH3b0UidML6xi9KBB+8IlpVU+F7ImL4Q/fQ84gb50LAEx73t5hNzgZpxjv4XW2E 7yaMRWPU+lkGLtl/2qJD5c1BErOW5RKanALpcE6UNsUUOpj01wnrwkgkKAKpMPLYEGnj sGyTjulcqVUcfs7G6jr04ZYzWEWBfl3luFy6E1U0V5FFkw7WyIfCd49Q/mwRUngxlD17 Eb8ygYAOFCthxZOEnGU5OYr5CsHhClkBnbUVhvocJBYmR9WyWWeUJtbnOm+UIkzFpE00 mdsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=GOGwfTcKrUc7HUCkbcXQx98RnDkM2TB+TP/fw2SxmMQ=; b=MY4AmVM9M1JPD1E60EN19oGZ47v3UcOk+SahCu+/g+LsJpHLkhgbm5MLbCWZVklcqC Jw4CSbcjymwruHYRHMaqZ657JzegARNTkCNWr/gWtTVa4Lyl90l6+BR1eyIN8DkJdzDE XcJydxLWSjqgeN2F6R7wszCPRUZTy+FLScl2yDGDH+S0Sh4TEHvBrT8le4+z8XBZKHdX 2osZeSMxwhobEG2JhX+Dynu+VsBOxOq0Zy9hFNs7Wz9PsL5JzTJu2mQLe8dCjj8xT+H6 RXzFmbCMpsRgqU9DNOteY3hjGfUxzZ8+hmCc9Bc6fJbo9zoRHneGZ7o4S96E7rdpm0m1 chlg==
X-Gm-Message-State: AFeK/H1QA/DeNJ6tvaS1OapMD21GAcZcz/P79y1oXZyV0KeYBOQdCt/+/3GLYDHa30j3VA==
X-Received: by 10.98.206.78 with SMTP id y75mr58008047pfg.108.1491851995260; Mon, 10 Apr 2017 12:19:55 -0700 (PDT)
Received: from mail-pf0-f180.google.com (mail-pf0-f180.google.com. [209.85.192.180]) by smtp.gmail.com with ESMTPSA id y29sm9771883pfj.90.2017.04.10.12.19.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Apr 2017 12:19:54 -0700 (PDT)
Received: by mail-pf0-f180.google.com with SMTP id o126so37664961pfb.3; Mon, 10 Apr 2017 12:19:54 -0700 (PDT)
X-Received: by 10.84.209.204 with SMTP id y70mr6534095plh.155.1491851994335; Mon, 10 Apr 2017 12:19:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.145.151 with HTTP; Mon, 10 Apr 2017 12:19:53 -0700 (PDT)
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B4CB5E219@ESESSMB102.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B4CB5E1CC@ESESSMB102.ericsson.se> <7594FB04B1934943A5C02806D1A2204B4CB5E219@ESESSMB102.ericsson.se>
From: Roman Shpount <roman@telurix.com>
Date: Mon, 10 Apr 2017 15:19:53 -0400
X-Gmail-Original-Message-ID: <CAD5OKxvT79-42J4EkEkriZTuRzfVN96GF7PEhbBP_3XwsJhJNw@mail.gmail.com>
Message-ID: <CAD5OKxvT79-42J4EkEkriZTuRzfVN96GF7PEhbBP_3XwsJhJNw@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Cc: "mmusic (E-mail)" <mmusic@ietf.org>, "mmusic-chairs@ietf.org" <mmusic-chairs@ietf.org>, Ben Campbell <ben@nostrum.com>
Content-Type: multipart/alternative; boundary="94eb2c0354962e156f054cd4dc80"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/VrxOvxjepH6S6YfGVQSHTbiie-0>
Subject: Re: [MMUSIC] SDP connection attribute optional [was: DTLS-SDP: TLS support added]
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Apr 2017 19:26:12 -0000
Hi All, A think for all the normal cases m=connection attribute must be specified when TLS is used. There is no way to know if remote party supports tls-id when offer is sent, so if m=connection is not specified, then it is unclear how the offer is going to be processed. The only exception I can this of would be ICE TLS candidates, if ICE TLS candidates would ever get defined. ICE procedures would overwrite a lot of what we are going to define here, including how fingerprints are specified and matched and when TLS connections are established. I believe this is something that should be defined in ICE TLS document and update this document, if necessary. Regards. _____________ Roman Shpount On Mon, Apr 10, 2017 at 3:10 PM, Christer Holmberg < christer.holmberg@ericsson.com> wrote: > And XXX stands for section 5.1 :) > > > > *From:* Christer Holmberg > *Sent:* 10 April 2017 22:10 > *To:* Christer Holmberg <christer.holmberg@ericsson.com>; mmusic (E-mail) > <mmusic@ietf.org> > *Cc:* mmusic-chairs@ietf.org; Ben Campbell <ben@nostrum.com> > *Subject:* SDP connection attribute optional [was: DTLS-SDP: TLS support > added] > > > > Hi, > > > > Section XXX of RFC 4145 says: > > > > “When an offerer generates an 'm' line that uses TCP, it SHOULD provide > a > > connection attribute for the 'm' line unless the application using > > the 'm' line has other means to deal with connection reestablishment.” > > > > Now, if both endpoints support the ‘tls-id’ attribute, that would be > “other means”. > > > > However, section of RFC 4145 says: > > > > “The default value of the connection attribute in both offers and > > answers is 'new'.” > > > > So, I think we need to say something. Either: > > > > 1) If both endpoints support tls-id, they don’t need to care about > the connection attribute (or the default value in case the attribute is not > present); OR > > 2) We mandate that the connection attribute is present, with an > ‘existing’ value, whenever an existing connection is to be maintained. > > > > Option 2) seems most safe, i.e., we continue using the ‘connection’ > attribute and its semantics even if both endpoints support the ‘tls-id’ > attribute. > > > > Comments? > > > > Regards, > > > > Christer > > > > > > *From:* mmusic [mailto:mmusic-bounces@ietf.org <mmusic-bounces@ietf.org>] *On > Behalf Of *Christer Holmberg > *Sent:* 09 April 2017 10:15 > *To:* mmusic (E-mail) <mmusic@ietf.org> > *Cc:* mmusic-chairs@ietf.org; Ben Campbell <ben@nostrum.com> > *Subject:* [MMUSIC] DTLS-SDP: TLS support added > > > > Hi, > > > > Based on the decision in Chicago to allow usage of the SDP ‘dtls-id’ > attribute also for TLS connections, I have created a pull request: > > > > https://github.com/cdh4u/draft-dtls-sdp/pull/26 > > > > Note that the name of the attribute has now been changed to ‘tls-id’. > > > > The approach I’ve taken is: rather than talking about both DTLS and TLS > throughout the document, I’ve basically added a section describing the > TLS-specific considerations – mainly regarding the interaction with the SDP > ‘connection’ attribute. > > > > Now, I think we do need some text on WHY we also cover TLS connections > since, as far as creating new connections is concerned, the ‘connection’ > attribute can be used. We know that it would be needed for > draft-thomson-avtcore-sdp-uks (https://datatracker.ietf.org/ > doc/draft-thomson-avtcore-sdp-uks/). But, AFAIK that work has not been > adopted yet, so I don’t think we can use it as justification at this point? > > > > Note that this pull request does NOT include any of the changes to be done > based on the gen-art/sec-dir reviews. I have updated the 4572-update > reference, though. > > > > Regards, > > > > Christer > > _______________________________________________ > mmusic mailing list > mmusic@ietf.org > https://www.ietf.org/mailman/listinfo/mmusic > >
- Re: [MMUSIC] SDP connection attribute optional [w… Roman Shpount
- Re: [MMUSIC] SDP connection attribute optional [w… Christer Holmberg
- Re: [MMUSIC] SDP connection attribute optional [w… Christer Holmberg
- Re: [MMUSIC] SDP connection attribute optional [w… Roman Shpount
- Re: [MMUSIC] SDP connection attribute optional [w… Christer Holmberg
- [MMUSIC] SDP connection attribute optional [was: … Christer Holmberg