IETF Logo Mail Archive

Re: [MMUSIC] FQDN Support Final Vote

Roman Shpount <roman@telurix.com> Tue, 21 May 2019 20:43 UTC

Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 038C71200E9 for <mmusic@ietfa.amsl.com>; Tue, 21 May 2019 13:43:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ntGDCQHSBW40 for <mmusic@ietfa.amsl.com>; Tue, 21 May 2019 13:43:34 -0700 (PDT)
Received: from mail-pg1-x52a.google.com (mail-pg1-x52a.google.com [IPv6:2607:f8b0:4864:20::52a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C2C212001A for <mmusic@ietf.org>; Tue, 21 May 2019 13:43:34 -0700 (PDT)
Received: by mail-pg1-x52a.google.com with SMTP id z3so87872pgp.8 for <mmusic@ietf.org>; Tue, 21 May 2019 13:43:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=BSolFG9drtp2pfZaNzlrXzkfM72FECJIpdVsUCHpedE=; b=QiCBz13jXNIIE6v/swT2E5CYs/ySiNg0NfKcomsSjhb6A+SXbrNoHuVgMDYhxltfRF aC6NtVosVVW0UDpOBD87G6LPn7o1CdUY5oClkloLgbrYMmpl9iZ/Xfxpmz5h9bojsJ// fZUTuf35jJE5lLgSMTwxZBCGXeJ72cn9Qr9z3ssjbY+N3RVJsdAiVqemtU63+vZO6h9+ 4MTMVUejqsz1/JdBH9XYnO9LnfvsZnT0jVUbREFt1QHOCTEB/8XeRvHp+wtwzCDEmY1T w2jiw9XdBQy2uu6976kESxbZRlaNtMeo1YBmqPDLsRsR5fGQ7/qr2Ds7fPEEymJu+9oe k9lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=BSolFG9drtp2pfZaNzlrXzkfM72FECJIpdVsUCHpedE=; b=lev5b5zwWsfJ6sK3VxP5OXAqwFxEsioVwvyJ7JXWFWYmnCK1prLg5cT4gGgMuRYJ69 z0rNt0ASLgeHjfthZ6SCVZJNBttRvcq46y8MK4CHgPueGXFq1GCLbYbONp7DTUVscmnS Fuq3Rm+a8ksePJMl4Qq26cKFgSxfK8d+Hkiwg8KcKN5W3IorzNaj2bvJepnOp6sXPJwm Q8qQxBqMyyQfXmXsGxHHai+7Fn99UluWRNcuTOHIMXnKVyz0NuLlRlrfmKLdON7/7m0U SRuJc9VTM+IbxEg+ARBQSjvEsPYqjW4vXTLw2YnxheWl/AeNxkUH8VPxcZ1GOphWjan3 wPhQ==
X-Gm-Message-State: APjAAAWrFMbKjI2KZDKoveqssuNjquA/2V/xeztnxfeAh7JkGsAS97/D XUQ/l1Pr/RLd+7k58CE8WfWplTxrOW8=
X-Google-Smtp-Source: APXvYqy0K6um+N7kxHR8oOvIIpKELrP/PDglP6Ihaqp0woGh9GD4VdYPon2fJEJ7Zl9MrArlAj+9eQ==
X-Received: by 2002:a63:1160:: with SMTP id 32mr85592135pgr.106.1558471413839; Tue, 21 May 2019 13:43:33 -0700 (PDT)
Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com. [209.85.214.173]) by smtp.gmail.com with ESMTPSA id h6sm34369407pfk.188.2019.05.21.13.43.32 for <mmusic@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 21 May 2019 13:43:32 -0700 (PDT)
Received: by mail-pl1-f173.google.com with SMTP id c5so8956320pll.11 for <mmusic@ietf.org>; Tue, 21 May 2019 13:43:32 -0700 (PDT)
X-Received: by 2002:a17:902:a510:: with SMTP id s16mr85475829plq.334.1558471412521; Tue, 21 May 2019 13:43:32 -0700 (PDT)
MIME-Version: 1.0
References: <CAMRcRGRnKRNL9t+c6AQ7L+vszaPrJvAuwVG6BhUuJovBRuc=NA@mail.gmail.com>
In-Reply-To: <CAMRcRGRnKRNL9t+c6AQ7L+vszaPrJvAuwVG6BhUuJovBRuc=NA@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
Date: Tue, 21 May 2019 16:43:22 -0400
X-Gmail-Original-Message-ID: <CAD5OKxuRKTkj3YCaHBCLBpdyUqeBST=sLJcUvD7NFLjLBaqVmQ@mail.gmail.com>
Message-ID: <CAD5OKxuRKTkj3YCaHBCLBpdyUqeBST=sLJcUvD7NFLjLBaqVmQ@mail.gmail.com>
To: Suhas Nandakumar <suhasietf@gmail.com>
Cc: mmusic WG <mmusic@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000efa36405896be6a1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/gKbTeF-CaCGYYE_U5b5dke8NWpQ>
Subject: Re: [MMUSIC] FQDN Support Final Vote
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 20:43:38 -0000

I wanted to explain what I was trying to achieve with the proposed language:

1. State that specification of how FQDN are resolved or how offer with FQDN
is generated, including interop with FQDN in candidate attributes generated
by agents implementing RFC 5245 will be provided in a future draft.

2. State that agents that implement ice-sip-sdp do not generate offers with
FQDN in connection address unless they implement some future specification
that describes how this is done.

3. State that it is legal to ignore ICE candidates with FQDN connection
address and that these candidates MUST be ignored by agents that implement
ice-sip-sdp unless this agent implements some future draft which describes
how FQDN resolution is done.

4. Clarify ICE support validation procedures when processing session
descriptions with FQDN in candidate connection address. Specifically, if
agent implementing ice-sip-sdp receives a session description where
candidate with FQDN connection address is the default candidate, address in
c= line must be the literal FQDN value used connection address of the
default candidate. If address in c= line is an IP address which is result
of the FQDN resolution of candidate connection address, or FQDN which
resolves to the same IP address as FQDN in the candidate, or anything else
except the literal FQDN value used in the default candidate connection
address, then this m= line must be treated as ICE mismatch. On the other
hand, difference in address family and type between c= line and FQDN
resolution result (regardless of what procedure is used to resolve FQDN),
must not be considered a mismatch.

I do not like the current language in ice-sip-sdp, since it does provide a
description on how connection addresses with FQDN are generated and
handled, but does it in a way that is known to cause problems. Also,
current language does not allow for FQDN to be ignored or specify how ICE
mismatch conditions are handled when FQDN connection address is used.

The language that I have provided can certainly be improved, but I would
really like the above stated items to be covered in the current draft to
allow for future extension and FQDN support.

Regards,
_____________
Roman Shpount


On Tue, May 21, 2019 at 11:26 AM Suhas Nandakumar <suhasietf@gmail.com>
wrote:

> Hi All
>
>   Below i have included 4 flavors of suggested text for FQDN support in
> ice-sip-sdp.  Let's agree on one and go with it (even it doesn't make us
> entirely happy).
>
>
> *RFC5245 Version *
> "<connection-address>: is taken from RFC 4566
> <https://tools.ietf.org/html/rfc4566> [RFC4566
> <https://tools.ietf.org/html/rfc4566>]. It is the
>
>       IP address of the candidate, allowing for IPv4 addresses, IPv6 addresses, and fully qualified domain names (FQDNs).  When parsing this field, an agent can differentiate an IPv4 address and an IPv6 address by presence of a colon in its value - the presence of a colon indicates IPv6.  An agent MUST ignore candidate lines that include candidates with IP address versions that are not supported or recognized.  An IP address SHOULD be used, but an FQDN MAY be used in place of an IP address.  In that case, when receiving an offer or answer containing an FQDN in an a=candidate attribute, the FQDN is looked up in the DNS first using an AAAA record (assuming the agent supports IPv6), and if no result is found or the agent only supports IPv4, using an A.  If the DNS query returns more than one IP address, one is chosen, and then used for the remainder of ICE processing.
>
>
> *ice-sip-sdp pre-22 version1*
>
>
> <connection-address>:  is taken from RFC 4566 [RFC4566].  It is the IP address of the candidate.  When parsing this field, an agent can differentiate an IPv4 address and an IPv6 address by presence of a colon in its value -- the presence of a colon indicates IPv6. An agent MUST ignore candidate lines that include candidates with IP address versions that are not supported or recognized.  An IP address SHOULD be used, but an FQDN MAY be used in place of an IP address.  In that case, when receiving an offer or answer containing an FQDN in an a=candidate attribute, the FQDN is looked up in the DNS first using an AAAA record (assuming the agent supports IPv6), and if no result is found or the agent only supports IPv4, using an A record.  The rules from section 6 of [RFC6724] is followed by fixing the source address to be one from the candidate pair to be matched against destination addresses
>
> reported by FQDN, in cases where the DNS query returns more than one IP address.
>
>
> *ice-sip-sdp current version*
>
> <connection-address>:  is taken from RFC 4566 [RFC4566].  It is the
>       IP address of the candidate.  When parsing this field, an agent
>       can differentiate an IPv4 address and an IPv6 address by presence
>       of a colon in its value -- the presence of a colon indicates IPv6.
>       An agent MUST ignore candidate lines that include candidates with
>       IP address versions that are not supported or recognized.  An IP
>       address SHOULD be used, but an FQDN MAY be used in place of an IP
>       address.  In that case, when receiving an offer or answer
>       containing an FQDN in an a=candidate attribute, the FQDN is looked
>       up in the DNS first using an AAAA record (assuming the agent
>       supports IPv6), and if no result is found or the agent only
>       supports IPv4, using an A record.  If a FQDN returns multiple IP
>       addresses an agent MUST only use one of them throughout the
>       duration of the ICE session.  Since an agent does not know whether
>       the peer listens to the chosen IP address and port, it is
>       RECOMMENDED to not use FQDNs that will resolve into multiple IP
>       addresses.
>
>
> *Roman-Christer Version *
>
> <connection-address>: :: is taken from RFC 4566 <<RFC4566>>.. It is the IP
> address of the candidate, allowing for IPv4 addresses, IPv6 addresses,
>
> and fully qualified domain names (FQDNs).  When parsing this field, an
> agent can differentiate  an IPv4 address and an IPv6 address by presence
>
> of a colon in its value - the presence of a colon indicates IPv6.  *An
> agent processing remote candidates MUST ignore candidate lines that include*
>
> *candidates with FQDN or IP address versions that are not supported or
> recognized.  The procedures for handling FQDN candidates, and for agents*
>
> *to indicate support of such procedures, need to be specified in an
> extension specification.* If candidate with FQDN <connection-address> is
> the
>
> default destination/candidate, the "c=" address type MUST be set the IP
> address family for the FQDN DNS resolution result and the "c=" connection
>
> address MUST be set to FQDN. Differences in the "c=" line address family
> and type with FQDN resolution result MUST not cause ICE support
> verification failure.
>
>
>
>
> *My vote is on current version since it is backward compatible with a
> warning that using FQDN is not recommended since it MAY lead to failure.*
> _______________________________________________
> mmusic mailing list
> mmusic@ietf.org
> https://www.ietf.org/mailman/listinfo/mmusic
>

v2.23.0 | Report a Bug | By Email