Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments
Magnus Westerlund <magnus.westerlund@ericsson.com> Tue, 06 September 2016 13:47 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2873A12B1F6; Tue, 6 Sep 2016 06:47:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.221
X-Spam-Level:
X-Spam-Status: No, score=-4.221 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4fc3pglcQsjC; Tue, 6 Sep 2016 06:47:00 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8817912B38B; Tue, 6 Sep 2016 06:43:13 -0700 (PDT)
X-AuditID: c1b4fb25-ca31e98000001071-0e-57cec7ef4034
Received: from ESESSHC002.ericsson.se (Unknown_Domain [153.88.183.24]) by (Symantec Mail Security) with SMTP id BD.EB.04209.FE7CEC75; Tue, 6 Sep 2016 15:43:11 +0200 (CEST)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.26) with Microsoft SMTP Server id 14.3.301.0; Tue, 6 Sep 2016 15:43:10 +0200
To: Christer Holmberg <christer.holmberg@ericsson.com>, "mmusic (E-mail)" <mmusic@ietf.org>, "draft-ietf-mmusic-sdp-bundle-negotiation@ietf.org" <draft-ietf-mmusic-sdp-bundle-negotiation@ietf.org>
References: <D3EDD01C.E518%christer.holmberg@ericsson.com>
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
Message-ID: <05b9fc74-2849-0062-58fb-45f7f258de0f@ericsson.com>
Date: Tue, 06 Sep 2016 15:43:10 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <D3EDD01C.E518%christer.holmberg@ericsson.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFlrALMWRmVeSWpSXmKPExsUyM2K7hO774+fCDR50WFpMn/WOzWLq8scs DkweS5b8ZApgjOKySUnNySxLLdK3S+DKeNk3j61gjWXF/yNzGBsYm3S7GDk5JARMJG63vmEH sYUE1jNKHFjN2cXIBWQvY5S4OXs3I0hCWCBc4v6nB8wgCRGBE4wSv2adBergAKqyklg5KxOk hk3AQuLmj0Y2EJtXwF7i7tbtYENZBFQkth85yQZSLioQI7G+LwGiRFDi5MwnLCA2p4C1xOa+ aWAlzECtD7aWgYSZBeQlmrfOZoY4TVuioamDdQIj/ywk3bMQOmYh6VjAyLyKUbQ4tTgpN93I WC+1KDO5uDg/Ty8vtWQTIzDcDm75rbqD8fIbx0OMAhyMSjy8CVVnw4VYE8uKK3MPMUpwMCuJ 8EruPxcuxJuSWFmVWpQfX1Sak1p8iFGag0VJnNf/pWK4kEB6YklqdmpqQWoRTJaJg1OqgVH7 xbvFMT1ZsSwqLa/W7T54RGPFshtTfi4UCfgTuKBk05Hd0kq8acslGO/26K3j+hvc+qPi6cMF 5TpSp1n/n4mRNp3j/kyXQ3rtRT6hvnkxDf1n5lz46bM7/ZNG8ZM9c77kNc7y4nnlxBgXsC5b eLJn57/PsZwbTQpFr/yf6+6ozSrzSGtx0VUlluKMREMt5qLiRACne0hBMwIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/gt7owaRNxc7aoBmh-Z9NHSsFpBg>
Subject: Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bundle-negotiation-32 - Magnus' comments
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2016 13:47:04 -0000
Den 2016-09-01 kl. 12:20, skrev Christer Holmberg: > > Hi Magnus, > > Thanks for your comments! Please see inline. > >> 1. Section 1: >> The update allows an answerer to assign a non-zero port >> value to an "m=" line in an SDP answer, even if the "m=" line in the >> associated SDP offer contained a zero port value. >> >> I think this sentence could be more explicit that this is allowed given >> that the Offer included this "m=" line in an bundle group. > > The ³m=³ line has not been accepted into the BUNDLE group at that stage: > the offerer has suggested the ³m=³ line to be accepted (by the answerer) > into the BUNDLE group. Yes, but the condition for reverting an m= line in an offer to a non-zero value in answer, is that the offer contained an offer for bundling the m= line with some others m= lines. That requirement for doing this reverting should be more explicit in this line I think. > > > >> 2. Section 8.5.2: >> >> o Assign the previously selected offerer BUNDLE address to the added >> "m=" line; or >> >> Two things. >> >> A. Should "previously" be "currently"? > > Well, it¹s the address that was selected in a previous Offer/Answer > transaction. Ok, which means it is currently in force address. But, no strong opinion, I do get either of them. > > >> B. Add an "also" to the above sentence to make it clearer that it is for >> the added m= line. >> >> o Assign the currently selected offerer BUNDLE address also to the >> added "m=" line; or > > Not sure I understand. The bullets describe different options. What I suggested was to add "also" to that bullet. This to make it clear that this option means adding the existing Bundle Address to the new m= line; or ... > > > >> 3. Section 9: >> >> This document describes a mechanism to identify the protocol of >> received data among the STUN, DTLS and SRTP protocols (in any >> combination), when UDP is used as transport-layer protocol, but does >> not describe how to identify different protocols transported on DTLS. >> While the mechanism is generally applicable to other protocols and >> transport-layer protocols, any such use requires further >> specification around how to multiplex multiple protocols on a given >> transport-layer protocol, and how to associate received data with the >> correct protocols. >> >> I note that this formulation when it comes to other protocols results >> that there is no BUNDLE demultiplexing defined for transports that are >> not UDP but has a datagram semantics. I note that this is do effect >> WebRTC as there is a definition for using RFC 4571 framing over TCP for >> all type of protocols. See Section 3.4 of >> https://datatracker.ietf.org/doc/draft-ietf-rtcweb-transports/?include_tex >> t=1 >> >> If TCP connections are used, RTP framing according to [RFC4571] MUST >> be used for all packets. This includes the RTP packets, DTLS packets >> used to carry data channels, and STUN connectivity check packets. >> >> From BUNDLEs perspective, such a framing will behave equivalent to UDP >> when it comes to demultiplexing. Thus my question is if TCP with RFC4571 >> framing also should be defined? Otherwise we will end up with an feature >> mismatch in regards to BUNDLE depending on transport layer. > > But, does the de-multiplexing of STUN, DTLS and SRTP actually change if > everything is sent over TCP (sing the 4571 framing mechanism)? Once you > ³un-frame² the content, it can be processed as if it had been transported > over UDP. Or? From a demultiplexing perspective a TCP/RFC4571 stream is equivalent to UDP flow. However, the existing test is written so that only the UDP one is defined and thus allowed to use. The TCP/RFC4571 case will not be defined unless some change is done. I rather address this part of the first sentence ", when UDP is used as transport-layer protocol," so that it covers TCP/RFC4571 case also, rather then having to write a separate doc for "Bundle and RFC 4571 framing over TCP". > > > >> 4. Section 10.1: >> >> o The RTP MID header extension MUST be enabled, by associating an >> SDP 'extmap' attribute [RFC5285], with a 'urn:ietf:params:rtp- >> hdrext:sdes:mid' URI value, with each bundled RTP-based "m=" line >> in every offer and answer. >> >> I think the list is missing a bullet prior to the above one: >> >> * The MID SDES item MUST periodically be sent in RTCP SDES items for >> any SSRC originating from a "m=" line that is part of any BUNDLE >> group. >> >> What I see is the important goal here is that BUNDLE supporting >> implementations also support the MID SDES item in RTCP, not only the >> header extension. > > > So, you want to add the bullet you suggested? Yes. > > >> 5. Section 15.2: >> >> The SDES item does not reveal privacy information about the users. >> It is simply used to associate RTP-based media with the correct SDP >> media description (m- line) in the SDP used to negotiate the media. >> >> I do not fully agree with this statement. As the MIDs are transmitted >> over the RTP/RTCP channel the actual used values as well as the >> implementation algorithm for creating such IDs are exposed. This can >> allow for tracking of instances if they have unusual combinations of >> media streams as well if the MID values are poorly constructed from >> privacy perspective leak additional information. >> >> I think this threat needs to be made more explicit. I also think it >> might be better to move this discussion to the Security Consideration >> section. I note that the security consideration section is focused on >> only the SDP BUNDLE mechanism, not the other defined protocol elements, >> i.e. the new SDP attributes as well as the MID. > > > Note the following text in section 14.2: > > "The identification-tag MUST NOT contain any user information, and > applications SHALL avoid generating > the identification-tag using a pattern that enables application > identification.² > Yes, but when it comes to profiling I think the above is to unspecific to prevent profiling. One option is a very basic algorithm that everyone will implement identically. However, the ordering of the m= line and their media types etc etc may still allow fingerprinting of a device. One could define it to be cryptographically random 3 character tags. Then it would likely be difficult to get anything from it. The issue here is really that one moves the tags from a context where the tags is a minor issue, as the full SDP provides so much profiling possibilities, to a RTP where it can be provided to completely different set of attackers. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Christer Holmberg
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Paul Kyzivat
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Magnus Westerlund
- Re: [MMUSIC] Review of draft-ietf-mmusic-sdp-bund… Paul Kyzivat