IETF Logo Mail Archive

Re: [MMUSIC] SCTP-SDP: Virtual Connection impact

Christer Holmberg <christer.holmberg@ericsson.com> Wed, 01 April 2015 19:42 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66B701A3B9C for <mmusic@ietfa.amsl.com>; Wed, 1 Apr 2015 12:42:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F1OxgAWAjBZo for <mmusic@ietfa.amsl.com>; Wed, 1 Apr 2015 12:42:32 -0700 (PDT)
Received: from sesbmg22.ericsson.net (sesbmg22.ericsson.net [193.180.251.48]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D96011A1A7C for <mmusic@ietf.org>; Wed, 1 Apr 2015 12:42:30 -0700 (PDT)
X-AuditID: c1b4fb30-f79996d000006ebb-15-551c4a2436a1
Received: from ESESSHC002.ericsson.se (Unknown_Domain [153.88.253.124]) by sesbmg22.ericsson.net (Symantec Mail Security) with SMTP id CC.18.28347.42A4C155; Wed, 1 Apr 2015 21:42:28 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.236]) by ESESSHC002.ericsson.se ([153.88.183.24]) with mapi id 14.03.0210.002; Wed, 1 Apr 2015 21:42:28 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Roman Shpount <roman@telurix.com>
Thread-Topic: [MMUSIC] SCTP-SDP: Virtual Connection impact
Thread-Index: AdBpPCnIe5AWsLgZRGGMCVgZi9S4agBp9w8AAAlD9G3//+elAP/+UhxQgANE4ID//sK9UIACrDAA//+bfnA=
Date: Wed, 01 Apr 2015 19:42:27 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D788924@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1D78274F@ESESSMB209.ericsson.se> <CAD5OKxvGbJj_rRtLX7rjzkPZ6R8Wg92L2Y6gz1VtpV_etzaSiw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D78511C@ESESSMB209.ericsson.se> <CAD5OKxum9Dt3vAxwAfa9LWiprSGkYHA1MrLspAee_-T8U=Ccvw@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D786CD9@ESESSMB209.ericsson.se> <CAD5OKxuj2TjgN2an9DywrQbBi38u38QSuuQb_eAoGU61DC8ENQ@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D787E27@ESESSMB209.ericsson.se> <CAD5OKxto0Cqmf9C1-Gg7O2+WQdaRwNGszKGQf4ccSUP7K9ZOEw@mail.gmail.com>
In-Reply-To: <CAD5OKxto0Cqmf9C1-Gg7O2+WQdaRwNGszKGQf4ccSUP7K9ZOEw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.154]
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B1D788924ESESSMB209erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpjkeLIzCtJLcpLzFFi42KZGfG3RlfFSybUYNJpE4upyx+zWMy4MJXZ gcljyZKfTB63phQEMEVx2aSk5mSWpRbp2yVwZazpP8VacGUWY8Wm7U+YGxiPTGPsYuTkkBAw kXj/ZhoLhC0mceHeerYuRi4OIYGjjBJrnh9nhHAWM0oc3tPC1MXIwcEmYCHR/U8bpEFEQFXi 7/fJTCA2s4CMxIyzjWC2sIClxLcNU5ggaqwkeicsYYawkyTunDzACmKzCKhIPGxaDLaYV8BX 4sSsw8wQu7aySJxqvcYOkuAUCJToXHoDbBAj0HXfT62BWiYucevJfCaIqwUkluw5zwxhi0q8 fPyPFcJWklh0+zNUfb7E/Zcn2CGWCUqcnPmEZQKj6Cwko2YhKZuFpGwW0MvMApoS63fpQ5Qo SkzpfsgOYWtItM6Zy44svoCRfRWjaHFqcVJuupGRXmpRZnJxcX6eXl5qySZGYMQd3PLbYAfj y+eOhxgFOBiVeHgTOqVDhVgTy4orcw8xSnOwKInz2hkfChESSE8sSc1OTS1ILYovKs1JLT7E yMTBKdXAKPn8w4q3tm9X3ZJfsGnFRouWVTvNb6kf/OX7qknlw1+ReMtV+//9CJAMeDsxQu7t X2+vQlv/Fr3V9xcfuCqxr0jUIp3F0eDKjEi7aZrKRo8WVzxap8nFwr5F4HCkbpuqkGXy+fZ3 ppfC6/ULZ3/8UtT8yfr7r7lPRYv+uueYRl86ePPpwysbZJRYijMSDbWYi4oTAWFjyPuZAgAA
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/ZaDxxTQSlTw3C2yWJblhc9N9ITE>
Cc: mmusic <mmusic@ietf.org>
Subject: Re: [MMUSIC] SCTP-SDP: Virtual Connection impact
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Apr 2015 19:42:34 -0000

Hi Roman,

>I have looked through the slides and I think they are misleading. To me they seem to imply that DTLS >association is orthogonal to transport and only gets re-established when fingerprint changes.

That was more or less the approach people wanted to take, when this was discussed in Dallas.

>In other words, even if the underlying transport changes, but fingerprint stays the same, the slides imply that >existing DTLS association continues to be used with the new transport. BTW, I think this is what Chrome is >currently doing. This behavior is against the proposed specification language ("If the underlying transport >protocol is modified, the endpoints MUST establish a new DTLS connection"). This also presents a serious >problem in the use case where third party call control is used to move the call between the several end point >that use the same site-wide certificate. All of those end points will present the same fingerprint, but the DTLS >connection will need to be re-established since the media connection is moved to a different device. This also >shows that fingerprint alone cannot be used to determine that connection moved to the new device.

I think the assumption people had was that, if the device changes, the fingerprint will also change.

Now, if we cannot make that assumption, we need to re-visit it.

>I thought the logic that made sense was:
>1. DTLS connection is re-established whenever underlying transport changes (already in the specification).
>2. Fingerprint and setup role MUST not change unless underlying transport changes as well (already in the >specification).
>3. Unless ICE is used, underlying transport is considered changed if 5-tuple for connection changes  (already >in the specification)

Correct.

>4. In case of ICE, the underlying transport is considered changed if ufrag and entire candidate list changed on >either side of the call (missing from the current specification).

We need to be clear what we mean by “entire candidate list”. Do you mean a new SDP, which only contains candidates that have never been used before during the session?

Obviously, the IP address:port properties may still be the same, so I guess the ufrag would have to be different – as you say.

BUT, I think someone in Dallas had a comment on why ufrag can’t be used. Justin? Ekr?

>In the proposed text, the issue that I have is with the phrase "Implementations MUST treat all ICE candidate >pairs associated with a an SCTP association on top of a DTLS connection as part of the same DTLS >connection". I am not 100% sure what this means and even if this is accurate. "All ICE candidate pairs >associated with a an SCTP association" is unclear to me. Does this refer only to the candidate pairs for the >current ICE session or to the candidate pairs for any future ICE sessions associated with this SCTP >association?

Current AND future. There are proposals about the possibility of dynamically adding new candidates during the session, and they would be part of the same DTLS connection.

>Original text from RFC 5763 ("Implementations MUST treat all ICE candidate pairs associated with a single >component as part of the same DTLS association") is more accurate but suffers from the fact that "single >component" is not well defined and because of this runs into similar issues. Does ICE re-start creates a new >component or is old component considered to be re-used? If component is specific to ICE session (ufrag pair), >can candidates from the previous session be re-used for negotiating a new component? If they can, how do >you de-mux packets received between old and new component if candidates were reused on both sides.

People had issues with the usage of “component” too, but I’d need to double check with the minutes/recording for the details.

And, my intention was not to deviate from the 5763 text on purpose. I for sure can use that text, if you think it is more accurate (assuming that there are no issues with usage of “component”).

Regards,

Christer

v2.23.0 | Report a Bug | By Email