IETF Logo Mail Archive

Re: [MMUSIC] actpass redux

Christer Holmberg <christer.holmberg@ericsson.com> Mon, 12 June 2017 13:18 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 698F0127B52 for <mmusic@ietfa.amsl.com>; Mon, 12 Jun 2017 06:18:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.22
X-Spam-Level:
X-Spam-Status: No, score=-4.22 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HU_aS8Wu42MU for <mmusic@ietfa.amsl.com>; Mon, 12 Jun 2017 06:18:18 -0700 (PDT)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0844A12714F for <mmusic@ietf.org>; Mon, 12 Jun 2017 06:18:17 -0700 (PDT)
X-AuditID: c1b4fb3a-31fff70000004a6a-7b-593e9498d14d
Received: from ESESSHC015.ericsson.se (Unknown_Domain [153.88.183.63]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 35.CC.19050.8949E395; Mon, 12 Jun 2017 15:18:16 +0200 (CEST)
Received: from ESESSMB109.ericsson.se ([169.254.9.30]) by ESESSHC015.ericsson.se ([153.88.183.63]) with mapi id 14.03.0339.000; Mon, 12 Jun 2017 15:18:15 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Eric Rescorla <ekr@rtfm.com>
CC: Roman Shpount <roman@telurix.com>, Paul Kyzivat <paul.kyzivat@comcast.net>, "mmusic@ietf.org" <mmusic@ietf.org>
Thread-Topic: [MMUSIC] actpass redux
Thread-Index: AQHS27+QUKTkX8TgukOHH0lDl2aBAKIRu7eAgAA2MQCABCQrAIAFew8AgAAKOICAANEbAIAATywAgAAGUoCAAP6QAIADNvOA///0PgCAAEysgP//3oeAgABA9wA=
Date: Mon, 12 Jun 2017 13:18:15 +0000
Message-ID: <D5647036.1E2ED%christer.holmberg@ericsson.com>
References: <CABcZeBMd2BZgyeFnqafTVyGga4FMoK0xJkPCv0y_wvmBWsg+xg@mail.gmail.com> <CAD5OKxvwgvm3Q4HsCYsewZjRS9ty_g34n9+x87vfLW4Omcm8mw@mail.gmail.com> <CAD5OKxuNvnBgpv7BO3fv27ASu5AMugh4-LNpq1r8ga5OtqD_nw@mail.gmail.com> <CABcZeBNELXgQjuYfsrJG9NCsQz8Tox8d3ktvoo3nqPgjESEXZw@mail.gmail.com> <6355EA0B-2C28-4D47-9600-F64F898BFC86@iii.ca> <CAD5OKxttSJ+0Gr2r1=duXe2RVnMeMoTFQ9kG_qUbVUZgiiB3kA@mail.gmail.com> <14ED932A-FCC7-4C4A-93BB-627A4E55F552@iii.ca> <c6a3c314-7089-19f6-5d67-f7ea77f97894@comcast.net> <CAD5OKxsd0saF1bLAORon25wk+MwyoCC6AkP-wSfEmYP7MNzV3Q@mail.gmail.com> <CABcZeBOKvGEWJUDvxfBcXn2DTmFyb8hvp8mD=NMj1-bum3tLFw@mail.gmail.com> <D5641A33.1E1FE%christer.holmberg@ericsson.com> <CABcZeBPK5T-=S14+U7LHhwPH0TQ9CHv32qVzZd4XUevNKcuXnQ@mail.gmail.com> <D56454AB.1E2C9%christer.holmberg@ericsson.com> <CABcZeBOXOEaEbtBDzyPi63j-ZTYmZs5e=9raOcTFy9=KONBHsw@mail.gmail.com>
In-Reply-To: <CABcZeBOXOEaEbtBDzyPi63j-ZTYmZs5e=9raOcTFy9=KONBHsw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.7.4.170508
x-originating-ip: [153.88.183.19]
Content-Type: multipart/alternative; boundary="_000_D56470361E2EDchristerholmbergericssoncom_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrAIsWRmVeSWpSXmKPExsUyM2K7ve6MKXaRBoevC1mseH2O3WLq8scs Fg9+9LJZzLgwldmBxWPy4zmMHkuW/GQCstqYPW5NKQhgieKySUnNySxLLdK3S+DK2NPFWTCt j7Hi6tJfTA2Mu6q6GDk5JARMJGY/+8XWxcjFISRwhFHifuNxFghnMaPEvjm97F2MHBxsAhYS 3f+0QRpEBBQkfv05wQJiMwuUSjy43M4MYgsLKEvcnNzADFGjIvGyfSnYHBGBLkaJmSv6WEES LAKqEn3LlrGB2LwC1hLXD9+G2tzILrHq+XQmkASnQKDEvu8djCA2o4CYxPdTa5ggtolL3Hoy nwnibAGJJXvOM0PYohIvH/9jBTlUVEBP4t1+T4iwokT70wZGiNYEiT1XH7NC7BWUODnzCcsE RtFZSKbOQlI2C0kZRNxA4v25+cwQtrbEsoWvoWx9iY1fzjJC2NYSr9rXsSCrWcDIsYpRtDi1 uDg33chIL7UoM7m4OD9PLy+1ZBMjMF4PbvlttYPx4HPHQ4wCHIxKPLyr+u0ihVgTy4orcw8x SnAwK4nwfpoEFOJNSaysSi3Kjy8qzUktPsQozcGiJM7rsO9ChJBAemJJanZqakFqEUyWiYNT qoFRfW7Sqh4byTX8plOXq/BUBF58KuBS8WCO57ctjCb8R3h+vV+wrOJ9ubC4r45ynMizVPWT Cs620buEryyTKJLRtJi1hWNvtJD3sQ6Bx2VnGHc6XAk7UnVC/V15yLvUIs7JHPuvzuy02jXV uTJ7+beNku+V1K/a7l2h2nzTYabpnY1zl/duDbdSYinOSDTUYi4qTgQAQhQPWtMCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/YsqAcRa5CSVOLvet3llFHgWmIQk>
Subject: Re: [MMUSIC] actpass redux
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 13:18:20 -0000

Hi,



First, one of the reasons we update specs is because there are usages etc, that people weren’t aware of when the original spec was published, that we think we need to cover. So, rather than just saying that we don’t care about non-comformant endpoints, we should ask WHY they are non-comformant. Is there a specific use-case behind? If so, do we need to cover that use-case?

Yes, and one of the things we have to keep in mind is not breaking conformant endpoints.

"Be conservative in what you send, be liberal in what you accept”

https://datatracker.ietf.org/doc/draft-thomson-postel-was-wrong/

Expired :)



As far as I understand, we would still mandate endpoints to support receiving non-actpass values.

I don't believe that 5763-conformant endpoints are in fact required to do so, and
therefore it's not appropriate to break them by allowing people to send actpass
in initial offers when offering DTLS-SRTP.

I assume you mean non-actpass?

But, my point was that, AFAIK, the suggestion has been to say that endpoints must send actpass, but must support receiving non-actpass. Am I wrong?

Regards,

Christer





Second, keep in mind that while RFC 5763 is for DTLS-SRTP, draft-dtls-sdp is GENERIC - one of the main reasons we do the spec in the first place is to have the DTLS-related O/A procedures in one place. And, RFC 7345 (UDPTL-DTLS) DOES allow non-actpass values in the offer:


        "The offerer SHOULD assign the SDP "setup" attribute with a value of
        "actpass", unless the offerer insists on being either the sender or
        receiver of the DTLS ClientHello message,"

draft-dtls-sdp replaces that text with a reference to draft-dtls-sdp, and by mandating actpass we would remove a valid option for UDPTL-DTLS. Sure, we can do that, but it cannot be based on a claim that existing endpoints are non-comformant.

And, I do NOT think we want to allow non-actpass for some usages (e.g., UDPTL-DTLS), and forbid it for other usages (e.g., DTLS-SRTP), because that would go against the purpose of having generic DTLS O/A procedures.

Well, given that we apparently have incompatible existing RFCs, I'm not sure I see any alternative.

I object to that – we basically would have to update the spec every time there is a new data type, or define the type-specific O/A procedures in a separate spec – which is what has been previously been done.

I think our aim should be to have generic procedures, even if that means we have to change procedures some existing RFCs.



From: mmusic <mmusic-bounces@ietf.org<mailto:mmusic-bounces@ietf.org>> on behalf of Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>>
Date: Saturday 10 June 2017 at 12:34
To: Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>>
Cc: Paul Kyzivat <paul.kyzivat@comcast.net<mailto:paul.kyzivat@comcast.net>>, "mmusic@ietf.org<mailto:mmusic@ietf.org>" <mmusic@ietf.org<mailto:mmusic@ietf.org>>
Subject: Re: [MMUSIC] actpass redux



On Fri, Jun 9, 2017 at 7:23 PM, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>> wrote:
On Fri, Jun 9, 2017 at 2:00 PM, Paul Kyzivat <paul.kyzivat@comcast.net<mailto:paul.kyzivat@comcast.net>> wrote:
On 6/9/17 9:17 AM, Cullen Jennings wrote:

On Jun 8, 2017, at 6:49 PM, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>> wrote:

  Because of this, I think for the best interop, offerer MUST specify actpass for both initial and subsequent offers but answerer MUST be able to handle active and passive setup roles as well.

that works for me

I don't understand what this accomplishes. If you must be able to accept anything in a received offer, then what is gained by restricting what can be used in an offer?

This is all because of legacy interop. There are legacy end points that send non-actpass, so end point MUST be able to accept active and passive to interop with such legacy devices.

Those legacy endpoints are clearly noncomformant, so I'm not sure I care about breaking them,


There are also legacy end points that only expect actass so end point MUST only send actpass to interop with such devices.

These legacy endpoints are conformant, which is why it's important to accommodate them

-Ekr

_____________
Roman Shpount


_______________________________________________
mmusic mailing list
mmusic@ietf.org<mailto:mmusic@ietf.org>
https://www.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email