Re: [MMUSIC] zrtp-hash (was Re: AD Evaluation of draft-ietf-mmusic-sdp-mux-attributes-12)
"Ben Campbell" <ben@nostrum.com> Mon, 23 May 2016 23:12 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 04C9512D5D3; Mon, 23 May 2016 16:12:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.326
X-Spam-Level:
X-Spam-Status: No, score=-3.326 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.426] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EvR4RjtsIsR5; Mon, 23 May 2016 16:12:10 -0700 (PDT)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4A5212D5DF; Mon, 23 May 2016 16:12:07 -0700 (PDT)
Received: from [10.0.1.18] (cpe-66-25-7-22.tx.res.rr.com [66.25.7.22]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id u4NNC5Kg032637 (version=TLSv1 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 23 May 2016 18:12:05 -0500 (CDT) (envelope-from ben@nostrum.com)
X-Authentication-Warning: raven.nostrum.com: Host cpe-66-25-7-22.tx.res.rr.com [66.25.7.22] claimed to be [10.0.1.18]
From: Ben Campbell <ben@nostrum.com>
To: Alan Johnston <alan.b.johnston@gmail.com>
Date: Mon, 23 May 2016 18:12:06 -0500
Message-ID: <66ECA4FB-729F-421B-8CD7-C87E6FD248F0@nostrum.com>
In-Reply-To: <CAKhHsXFybXGPjF-pQuJ7ctyq5qc8JYdgi9ctpTghpFbuOS4B2w@mail.gmail.com>
References: <ED0991AE-DF16-4D42-9130-A2B42C4677A1@nostrum.com> <CAKhHsXFybXGPjF-pQuJ7ctyq5qc8JYdgi9ctpTghpFbuOS4B2w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Mailer: MailMate (1.9.4r5234)
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/etPlkwniOmYgWgJQJsAGmMo8QZY>
Cc: mmusic WG <mmusic@ietf.org>, draft-ietf-mmusic-sdp-mux-attributes.all@ietf.org
Subject: Re: [MMUSIC] zrtp-hash (was Re: AD Evaluation of draft-ietf-mmusic-sdp-mux-attributes-12)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 May 2016 23:12:13 -0000
Hi Alan,
If I read RFC 6189 correctly, I see that it documents how to distinguish
zrtp messages from rtp and stun. Further, it distinguishes itself from
stun by using a different magic cookie value. That's a little more
complex than the first-byte demuxing in 5764--although it looks like
first-byte demuxing might work as long as we don't end up with a
conflicting stun method. (I'm also not certain that the average 5764
implementation is going to look at the cookie to make the demux
decision.)
I don't see anything in 6189 about distinguishing itself from DTLS.
Again, we can infer that from the first byte, as long as we don't get a
conflicting tls content-type.
This doesn't quite seem (to me) to meet the following requirement in
draft-ietf-mmusic-sdp-bundle-negotiation (emphasis mine):
"If bundled "m=" lines use different protocols on top
of the transport-layer protocol, there MUST exist a publicly
available specification which describes a mechanism, for **this
particular protocol combination**, how to associate received data
with
the correct protocol."
As mentioned, one way to fix that could be to add zrtp into the general
guidance in 5764-mux-fixes.
Thanks,
Ben.
On 23 May 2016, at 17:48, Alan Johnston wrote:
> Hi Ben,
>
> The a=zrtp-hash attribute is a hash of the ZRTP Hello message that is
> going
> to be sent over the transport. There is one ZRTP Hello sent per
> transport,
> and one handshake per transport.
>
> The ZRTP message format was carefully crafted in association with
> DTLS-SRTP, so if draft-ietf-avtcore-rfc5764-mux-fixes breaks this,
> then it
> probably should be fixed.
>
> - Alan -
>
> On Mon, May 23, 2016 at 3:34 PM, Ben Campbell <ben@nostrum.com> wrote:
>
>> Hi,
>>
>> As promised, here's more on my concern about zrtp-hash in
>> draft-ietf-mmusic-sdp-mux-attributes:
>>
>> I think you need to describe the assumptions about what it means to
>> multiplex zrtp. Am I correct to assume that the draft assumes that
>> there is
>> only one zrtp session in a transport flow, with a single zrtp
>> handshake?
>> And that all of the bundled m=lines represent media that is part of
>> that
>> zrtp association? (That is, you never mux distinct zrtp associations,
>> or
>> zrtp and dtls-srtp?)
>>
>> If the answer is yes, then "transport" seems to make sense.
>>
>> But is zrtp demuxing really well defined enough to keep this out of
>> the
>> "NOT RECOMMENDED" category? I'm not sure it meets the bundle
>> requirement
>> for a public spec on how to demux it. One might infer that from two
>> public
>> specs (zrtp and 5764), but IIUC, the guidance proposed in
>> draft-ietf-avtcore-rfc5764-mux-fixes would cause a zrtp messages to
>> be
>> dropped, since its first byte would not match any of the demux rules.
>> Or,
>> if zrtp-hash is allowed, does mux-fixes need to change?
>>
>> What am I missing?
>>
>> Thanks!
>>
>> Ben.
>>
>>
>> On 20 May 2016, at 18:07, Ben Campbell wrote:
>>
>> Apologies for my slow response. The last month has been a perfect
>> storm of
>>> productivity killers. I'm digging out of the backlog now. Comments
>>> inline,
>>> with sections that appear resolved removed.
>>>
>>> There is one issue (zrtp-hash) where I will start a separate thread
>>> shortly.
>>>
>>> Thanks!
>>>
>>> Ben.
>>>
>>> On 20 Apr 2016, at 1:00, Suhas Nandakumar wrote:
>>>
>>> Hello Ben
>>>>
>>>> Sorry for the delay in responding. Many thanks for the detailed
>>>> review.
>>>>
>>>> Please find my responses inline (marked by [Suhas]).
>>>>
>>>> Cheers
>>>> Suhas
>>>>
>>>> On Fri, Feb 19, 2016 at 2:28 PM, Ben Campbell <ben@nostrum.com>
>>>> wrote:
>>>>
>>>> Hi,
>>>>>
>>>>> Here is my AD evaluation of
>>>>> draft-ietf-mmusic-sdp-mux-attributes-12. I
>>>>> would like at least the substantive
>>>>> section to be discussed before going to IETF last call.
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Ben.
>>>>>
>>>>> ----------
>>>>>
>>>>> # Substantive #
>>>>>
>>>>> - This is very long and detailed. Are the authors and chairs
>>>>> comfortable
>>>>> that all sections have had sufficient review?
>>>>>
>>>>> -4.0: It would be helpful to add a paragraph describing how these
>>>>> semantic
>>>>> groupings map to the categories.
>>>>>
>>>>>
>>>> [Suhas] The semantic groupings were added as a informal reference
>>>> and
>>>> they
>>>> don't really interact with the categories as such.
>>>>
>>>
>>> So I have to wonder why we have the groupings. But I guess at this
>>> point
>>> in the process, it's not worth changing that.
>>>
>>>
>>>> Does the following rephrasing work
>>>>
>>>> *"Attributes in an SDP session description can be defined at the
>>>> **session-level
>>>> or media-level or source-level. Informally, there are various
>>>> semantic
>>>> grouping for these attributes. One such grouping could be as noted
>>>> below:*
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> * o Attributes related to media content such as media type,
>>>> encoding
>>>> schemes, payload types. o Attributes specifying media
>>>> transport
>>>> characteristics like RTP/RTP Control Protocol (RTCP) port
>>>> numbers,
>>>> network addresses, QOS. o Metadata description attributes
>>>> capturing
>>>> session timing and origin information. o Attributes
>>>> establishing
>>>> relationships between media descriptions such as grouping
>>>> framework
>>>> [RFC5888 <https://tools.ietf.org/html/rfc5888>]The proposed
>>>> framework
>>>> defines categories for the SDP attributes under multiplexing and
>>>> assigns
>>>> each SDP attribute to an appropriate multiplexing category.*
>>>>
>>>> *Since the multiplexing categories defined in this specification
>>>> are
>>>> independent of any informal semantic grouping of the SDP
>>>> attributes, the
>>>> categorizations assigned against each attribute MUST be considered
>>>> as
>>>> normative assignments under multiplexing. "*
>>>>
>>>
>>> All fine, except the last sentence is pretty meta--it uses normative
>>> language to talk about normative language ("MUST be considered
>>> normative").
>>> I'm not entirely sure what you intend there, but how about something
>>> to the
>>> effect of "... the categorizations assigned against each attribute
>>> are
>>> normative."
>>>
>>>
>>>>
>>>>
>>>> -4.2: I recommend choosing a category name that is not a 2119
>>>> keyword.
>>>>> Maybe something like "not mux-able" or "unsafe"?
>>>>>
>>>>>
>>>> [Suhas]
>>>>
>>>> Initially that category was called "BAD" as in
>>>>
>>>>
>>>> https://datatracker.ietf.org/doc/draft-nandakumar-mmusic-sdp-mux-attributes/01/
>>>>
>>>> However we ended upon NOT RECOMMENDED since “BAD” was a bad
>>>> choice :-)
>>>>
>>>> Either of the following options seems fine to me
>>>>
>>>> 1.
>>>>
>>>> NOT-RECOMMENDED [ we use hyphen separated multi word format in
>>>> other
>>>> category names]
>>>> 2. UNSAFE
>>>>
>>>
>>> I lean towards unsafe. OTOH, NOT-RECOMMENDED makes sense if you
>>> intend
>>> the category name to mean "NOT RECOMMENDED" in the 2119 sense.
>>>
>>>
>>>>
>>>>
>>>>
>>>>
>>>>> -4.3: Please don't use a 2119 keyword as part of the definition
>>>>> of a category. This creates sort of a circular dependency; that is
>>>>> attributes are in this category because they MUST be identical;
>>>>> but they
>>>>> MUST be identical because they are in this category. I suggest
>>>>> describing
>>>>> the category descriptively, and adding a separate sentence to say
>>>>> "Attributes
>>>>> in the IDENTICAL category MUST be identical across all media
>>>>> descriptions."
>>>>>
>>>>>
>>>>
>>>> [Suhas]. I have removed the usage of word identical from the
>>>> definition
>>>> as
>>>> below. Please let me know if this works.
>>>>
>>>>
>>>> Category: IDENTICAL
>>>>
>>>> Attributes and their associated values (if present) in the
>>>> IDENTICAL
>>>> category MUST be repeated across all the media descriptions under
>>>> multiplexing.
>>>>
>>>>
>>> Okay.
>>>
>>> [...]
>>>
>>>
>>>>
>>>>
>>>> -5.8 and 5.9:
>>>>> The last paragraph of 5.8 seems redundant with section 5.9.
>>>>>
>>>>> -5.8, last paragraph:
>>>>>
>>>>> "Hence multiplexing MUST NOT be performed even in this
>>>>> alternate scenario." seems to contradict the category
>>>>> selection of
>>>>> "NOT RECOMMENDED" (but see previous comment about not using
>>>>> 2119
>>>>> keywords in a category title.)
>>>>>
>>>>>
>>>>> [Suhas] The idea here is to not perform multiplexing and hence the
>>>> category
>>>> of NOT RECOMMENDED assigned. I can update this once we finalize on
>>>> the
>>>> right naming for "NOT RECOMMENDED"
>>>>
>>>
>>> This argues for the "UNSAFE" name, since the actual normative
>>> guidance is
>>> stronger than "NOT RECOMMENDED". (Unless you want a "MUST NOT" name
>>> :-) )
>>>
>>>
>>>>
>>>>
>>>> -5.24, last paragraph: "it is recommended to consult the
>>>>> document defining the attribute."
>>>>>
>>>>> I assume one should _always_ refer to the specification of
>>>>> an SDP attribute before trying to mux it. But that doc is
>>>>> not going to explain muxing issues, is it?
>>>>>
>>>>>
>>>>> [Suhas]
>>>>
>>>> Since cparmin/cparmax can define numerical values/ranges
>>>>
>>>> for any of b= or a= attributes (identified via cpar), there is no
>>>> easy
>>>> way
>>>> to assign a multiplexing category unless one knows what cpar is
>>>> being
>>>>
>>>> used and the assignned numerical values to each of cparmin/cparmax
>>>> mean.
>>>> Thus the category SPECIAL has been assigned as a recommendation for
>>>> the
>>>> implementor to consult the spec that defines a particular usage of
>>>> cpar,
>>>> cparmin and cparmax combination to really see what’s going on.
>>>>
>>>> This is very similar to extmap or RTCP Application feedback message
>>>> type
>>>>
>>>> How about following rephrasing
>>>>
>>>>
>>>> *"The attributes (a=cparmin and a=cparmax) define minimum and
>>>> maximum
>>>> numerical values associated with the attributes described in
>>>> a=cpar.
>>>> Since
>>>> a cpar attribute can either define*
>>>>
>>>> *“b=” attribute or any “a=” attribute, the multiplexing
>>>> category *
>>>>
>>>> *depends on actual attribute being encapsulated and the
>>>> implications of
>>>> the
>>>> numerical values assigned. Hence it is recommended to consult the
>>>> specification defining the the attributes (cparmin/cparmax) to
>>>> further
>>>> analyze their behavior under multiplexing."*
>>>>
>>>
>>> That works for me.
>>>
>>>
>>>>
>>>>
>>>> -5.26:
>>>>> -"Support of this extension is OPTIONAL."
>>>>> Please don't use 2119 keywords to describe existing requirements
>>>>> from other docs, unless in direct quotes.
>>>>>
>>>>>
>>>>>
>>>> [Suhas] This sentence is taken directly from RFC6714. (
>>>> https://tools.ietf.org/html/rfc6714)
>>>>
>>>
>>> Sure, but it's not attributed as a quote. I suggest something to the
>>> effect of "This is an optional extension according to [RFC6714]", "
>>> [RFC6714] states that this extension is 'OPTIONAL'", or even the
>>> exact
>>> same language as currently in the draft, but without the capitalized
>>> OPTIONAL.
>>>
>>> [...]
>>>
>>>
>>>>
>>>>
>>>> - 5.39:
>>>>> I’m not a zrtp expert, but it seems like it might
>>>>> be more complicated than this. Section 8 of 6189 says
>>>>> “The a=zrtp-hash attribute can only be included in the
>>>>> SDP at the media level since Hello messages sent in
>>>>> different media streams will have unique hashes.”
>>>>> I wonder if this shouldn't be “identical”?
>>>>>
>>>>>
>>>>> [Suhas] The category TRANSPORT is the appropriate assignment. This
>>>>> spec
>>>> assigns category for these attributes over the multiplexed
>>>> transport.
>>>>
>>>> So, if we have 3 m= lines each with one zrtp-hash and all bundled.
>>>>
>>>> The zrtp-hash selected must correspond to the m=line that is
>>>> selected for
>>>> BUNDLE once the O/A negotiation completes. Thus the category
>>>> TRANSPORT.
>>>>
>>>>
>>>>
>>> I _think_ you are right, but there may be an interaction here that
>>> can
>>> break things I will think about that more, and respond to this issue
>>> is a
>>> separate thread.
>>>
>>>
>>>>
>>>>
>>>>
>>>>> -5.45:
>>>>> 6193 is an ISE stream RFC. Does anyone actually use
>>>>> in a context where muxing matters?
>>>>>
>>>>>
>>>> [Suhas] . I doubt it. Do you recommend as NOT-RECOMMENDED instead.
>>>>
>>>
>>> That seems reasonable, unless you know of good reasons otherwise.
>>>
>>>
>>>>> -15.1:
>>>>> - Is there no need for a spec for any newly registered
>>>>> categories?
>>>>> - 2nd to last paragraph: "This seems vague for a MUST. Do you
>>>>> expect
>>>>> the registration of a new category to change the categories
>>>>> already assigned to existing SDP parameters? Is it possible
>>>>> that a new category only applies to some new SDP parameters?"
>>>>>
>>>>>
>>>> [Suhas] The following 2 paragraphs are supposed to mean that new
>>>> multiplexing categories require new registrations via a spec and
>>>> applicability of the new category to new SDP attributes and
>>>> possibly
>>>> existing SDP attributes ( if the new category makes more sense).
>>>> What
>>>> would
>>>> be a better framing to capture the intent ?
>>>>
>>>> "*Further entries can be registered on a first-come first-serve
>>>> basis.
>>>> Each
>>>> registration needs to indicate the multiplexing category value to
>>>> be
>>>> added
>>>> to the "Multiplexing Categories" subregistry as defined in this
>>>> section.*
>>>>
>>>> *Such a registration MUST also indicate the applicability of the
>>>> newly
>>>> defined multiplexing category value to various subregistries
>>>> defined at
>>>> "Session Description Protocol (SDP) Parameters".*
>>>>
>>>
>>> That works for me.
>>>
>>>
>>>>
>>>> - Last paragraph: 4566 procedures apply to what? The text just
>>>> said
>>>>> new categories are first-come-first server. I don’t think
>>>>> 4566 set policies for how to change mux categories.
>>>>>
>>>>>
>>>> [Suhas] Agreed. I prefer removing this line altogether. Please let
>>>> me
>>>> know
>>>>
>>>>
>>> I agree.
>>>
>>>
>>>>> -15.2.1:
>>>>> How do you expect the table to look after adding this RFC to the
>>>>> references? Will this RFC be added to the entries in the MUX
>>>>> column?
>>>>>
>>>>>
>>>> [Suhas] The plan was to add the reference to this RFC in the
>>>> "Reference
>>>> Column"
>>>>
>>>
>>> Okay.
>>>
>>> [...]
>>>
>>>
>>>
>>>>
>>>>>
>>>>> # Editorial #
>>>>>
>>>>>
>>>> - The abstract is more detailed than needed. The point is to
>>>> describe the
>>>>> purpose of the draft. The second paragraph pretty much
>>>>> accomplishes
>>>>> that.
>>>>>
>>>>>
>>>>> [Suhas] How do this rephrase look
>>>>
>>>> “The purpose of this specification is to provide a framework for
>>>> analyzing
>>>> the multiplexing characteristics of SDP attributes when SDP is used
>>>> to
>>>> negotiate the usage of single 5-tuple for sending and receiving
>>>> media
>>>> associated with multiple media descriptions,. This specification
>>>> also
>>>> categorizes the existing SDP attributes based on the framework
>>>> described
>>>> herein.”
>>>>
>>>>
>>> That works for me.
>>>
>>> [...]
>>>
>>>
>>>>
>>>>
>>>>> -5 and subsections: Is there any method to the ordering? They
>>>>> aren't
>>>>> in RFC order. It might make sense to group by the nature of the
>>>>> attributes, but if that is the case here it's not explained.
>>>>>
>>>>>
>>>>> [Suhas] These are not ordered as of today. I can order the 5.X
>>>> subsections
>>>> by RFC order, if needed.
>>>>
>>>
>>> Unordered is also okay. I was just wondering if there was a logic
>>> that
>>> should be mentioned.
>>>
>>>
>>> [...]
>>>
>>>
>>>>
>>>>
>>>>> -5.13, table:
>>>>> "Specific RTP extension document MUST be referred"
>>>>>
>>>>>
>>>>> [Suhas] The idea was to mean that , one should refer to the
>>>> specification
>>>> that defines a specific RTP extension in order to understand the
>>>> multiplexing behavior.
>>>>
>>>> Would the following rephrasing help instead
>>>>
>>>> "Refer to the document defining specific RTP Extension"
>>>>
>>>>
>>>>
>>> Yes, thanks.
>>>
>>>
>>>> I don’t understand what that means. If you mean to
>>>>> say “refer to specific document”, that shouldn’t use
>>>>> MUST.
>>>>>
>>>>> -5.22, table: "document needs to be referred" (several
>>>>> repetitions)
>>>>> I'm not sure what this means. Should it say "Refer to the
>>>>> specific document"?
>>>>>
>>>>>
>>>>> Similarly as above, would this reprhasing help
>>>>
>>>> "Refer to the document defining specific FEC Scheme
>>>>
>>>>
>>>>
>>> Similarly as above, Yes, thanks. :-)
>>>
>>>
>>>>
>>>>> -6.3: "not clearly defined offer/answer usage"
>>>>> I'm not sure what is meant here. (Also, why is this not TBD or
>>>>> NOT
>>>>> RECOMMENDED?)
>>>>>
>>>>>
>>>> [Suhas] Since RFC3890 b=TIAS is not defined keeping O/A in mind,
>>>> either
>>>> the
>>>> BUNDLE spec or this spec cannot define its mux behavior. This is
>>>> due to
>>>> applicability of these specs under SD{ O/A usages alone.
>>>>
>>>> I can rephrase the above as
>>>> "not defined under SDP Offer/Answer usage"
>>>>
>>>
>>> WFM, thanks.
>>>
>>> [...]
>>>
>>
>> _______________________________________________
>> mmusic mailing list
>> mmusic@ietf.org
>> https://www.ietf.org/mailman/listinfo/mmusic
>>
- [MMUSIC] zrtp-hash (was Re: AD Evaluation of draf… Ben Campbell
- Re: [MMUSIC] zrtp-hash (was Re: AD Evaluation of … Alan Johnston
- Re: [MMUSIC] zrtp-hash (was Re: AD Evaluation of … Ben Campbell
- Re: [MMUSIC] zrtp-hash (was Re: AD Evaluation of … Alan Johnston