Re: [MMUSIC] RFC 6544: DTLS over 4571 framing over TCP
Justin Uberti <juberti@google.com> Wed, 19 November 2014 01:30 UTC
Return-Path: <juberti@google.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE6E01ACE41 for <mmusic@ietfa.amsl.com>; Tue, 18 Nov 2014 17:30:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.972
X-Spam-Level:
X-Spam-Status: No, score=-1.972 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hftNKiUkEPiJ for <mmusic@ietfa.amsl.com>; Tue, 18 Nov 2014 17:30:01 -0800 (PST)
Received: from mail-vc0-x22b.google.com (mail-vc0-x22b.google.com [IPv6:2607:f8b0:400c:c03::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 501D31ACE52 for <mmusic@ietf.org>; Tue, 18 Nov 2014 17:30:01 -0800 (PST)
Received: by mail-vc0-f171.google.com with SMTP id id10so9196335vcb.30 for <mmusic@ietf.org>; Tue, 18 Nov 2014 17:30:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=eWDpf+MPTVXz46NIptVcGxDTtDnA/MUKgB6+NTat50A=; b=ZLsKfSMYlRT3jA4MPxrqwQxNfR1t7bgtXjCWHVG7FLhkuptyluIPYnxlXTrKJ8KVyQ fWyLBRRlVYz9TmiHdW8npMbrpUZLCgpHU3IOp/uuOU4/2i5E2pWr+9SffKjC7WhlZ9XQ 71ktSgGZVThAPebLjI3ac0MhWZUyEJdIaWTkADhY25vGR01U7ELk3Ak2fEBuhneXo6O+ kp79T4G02lgCrbbdLk4psCVG/oMHd5jlmSfV7CB8gmshLKx6S/SqYY2S81Dm+uktIS4p h/Sowvq3iOyoktMruzKUC2pW+a7hVZ4NXQ/oduObkrjHKVpWqcvI3Fsp8tA0JPFglJ5h a5iA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=eWDpf+MPTVXz46NIptVcGxDTtDnA/MUKgB6+NTat50A=; b=WWUeS+4zmrsTw1/PGdo8uYswxjsS5gf0UB730U/Dm+2tjIcYkwTR69TM9kxeFjMeub 3cD2gJbJuAntOPZQ2gunvd45rbcGOb1DmXH1tZuUAeD5YtDPhQ61m8P6hVCIKBaeDCyl 2POfQZFW1HhPe4q9pyffABBmmpFdMhAkMgPui1THhqKblWs4yNtsSS/LfyTGcQwrQoCs SaMPn9+adrLXqAuodtFRSvwiSpfWp9mqFs9Pd6G4mqEexC6PnFG66gHwo4JQzkygVdic 8Y950z4fqYv3atl7SxGR0LHBBCxN9GkA258allfh/XpDgUm5XF2yX4ngDCIbxB8C6jGk mGcw==
X-Gm-Message-State: ALoCoQkAM6n+6foChcb3ousUvsxZ22tbUW5rIUEp4jIjUDBWOo0kIkvaPw15zGPV+/Snbo0sriqv
X-Received: by 10.220.139.147 with SMTP id e19mr103013vcu.27.1416360600323; Tue, 18 Nov 2014 17:30:00 -0800 (PST)
MIME-Version: 1.0
Received: by 10.52.237.130 with HTTP; Tue, 18 Nov 2014 17:29:40 -0800 (PST)
In-Reply-To: <E1FE4C082A89A246A11D7F32A95A17828E62AA90@US70UWXCHMBA02.zam.alcatel-lucent.com>
References: <44035890-A516-4D01-A679-A85032AA10ED@vidyo.com> <CAOJ7v-3ynhUK+TCQtEDw+pAU2+njLTW4gpd3-0y7SUPw-c48=Q@mail.gmail.com> <546B1615.8010701@alvestrand.no> <E1FE4C082A89A246A11D7F32A95A17828E62AA90@US70UWXCHMBA02.zam.alcatel-lucent.com>
From: Justin Uberti <juberti@google.com>
Date: Tue, 18 Nov 2014 17:29:40 -0800
Message-ID: <CAOJ7v-2sEawm_0=Do8SBpsqYpCwG2dni2NDj2q8UzNbmWG0DQg@mail.gmail.com>
To: "Makaraju, Maridi Raju (Raju)" <Raju.Makaraju@alcatel-lucent.com>, Suhas Nandakumar <suhasietf@gmail.com>
Content-Type: multipart/alternative; boundary="047d7b34332674f40c05082c260c"
Archived-At: http://mailarchive.ietf.org/arch/msg/mmusic/h0D5J0eYoVrhl1rF4GmplhCi6JM
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] RFC 6544: DTLS over 4571 framing over TCP
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Nov 2014 01:30:05 -0000
+Suhas Suhas, thoughts? On Tue, Nov 18, 2014 at 7:12 AM, Makaraju, Maridi Raju (Raju) < Raju.Makaraju@alcatel-lucent.com> wrote: > +1 for option b. > > IMO, use of “D” in “TCP/DTLS/RTP/SAVPF” can also be justified because of > the use of RFC 4571 for framing to make TCP transport as “datagram > transport” (which also allows multiplexing of STUN). > > > > BR > > Raju > > > > > > *From:* mmusic [mailto:mmusic-bounces@ietf.org] *On Behalf Of *Harald > Alvestrand > *Sent:* Tuesday, November 18, 2014 3:49 AM > *To:* mmusic@ietf.org > *Subject:* Re: [MMUSIC] RFC 6544: DTLS over 4571 framing over TCP > > > > On 11/13/2014 12:46 PM, Justin Uberti wrote: > > I think that makes the framing very clear; it is unfortunate that it is > coupled to ICE, but we can fix that by revving 4571. > > > > On the topic of naming, RFC 4572 <http://www.ietf.org/rfc/rfc4572.txt> > makes the meaning of TCP/TLS clear; it's (non-D) TLS. > > > > However, TCP transport for media isn't guaranteed to be reliable, as > explained in 4571, Section 3 > <https://tools.ietf.org/html/rfc4571#section-3>: > > > > The reliable nature of a connection does not imply that a framed > > RTP stream has a contiguous sequence number ordering. For > > example, if the connection is used to tunnel a UDP stream through > > a network middlebox that only passes TCP, the sequence numbers in > > the framed stream reflect any packet loss or reordering on the UDP > > portion of the end-to-end flow. > > > > This necessarily implies that we want to use DTLS whenever the layer 4 > transport is TCP. > > > > We could try to be explicit about this by making the identifiers > TCP/DTLS/RTP/SAVPF and TCP/DTLS/SCTP, but this introduces some > inconsistency with RFC5763, which indicates use of DTLS via > UDP/TLS/RTP/SAVPF. (In the context of UDP, this is unambiguous, since you > would only want to run DTLS over UDP). > > > > So I think we have two options: > > a) use TCP/TLS/RTP/SAVPF and TCP/TLS/SCTP, and make it clear in the > definitions of these that DTLS is to be used here. > > b) use TCP/DTLS/RTP/SAVPF and TCP/DTLS/SCTP, and live with the slight > inconsistency with the UDP variants from 5763. > > > > Personally, I prefer b) as being less error-prone. > > > I prefer b) as being more explicit. The RFC 5763 decision to use TLS as > the name for DTLS was unfortunate, and we shouldn't keep on doing it if we > don't have to. > > > > > Lastly, for SCTP transport over DTLS over UDP, I think we should use > UDP/TLS/SCTP for consistency with 5763. > > > In this case, I guess we have to.... > > > > > > > On Thu, Nov 13, 2014 at 11:32 AM, Jonathan Lennox <jonathan@vidyo.com> > wrote: > > Here’s the citation from RFC 6544 for DTLS over RFC 4571 framing over TCP. > > 3. Overview of Operation > > [...] > > ICE requires an agent to demultiplex STUN and application-layer > > traffic, since they appear on the same port. This demultiplexing is > > described in [RFC5245 <https://tools.ietf.org/html/rfc5245>] and is done using the magic cookie and other > > fields of the message. Stream-oriented transports introduce another > > wrinkle, since they require a way to frame the connection so that the > > application and STUN packets can be extracted in order to > > differentiate STUN packets from application-layer traffic. For this > > reason, TCP media streams utilizing ICE use the basic framing > > provided in RFC 4571 <https://tools.ietf.org/html/rfc4571> [RFC4571 <https://tools.ietf.org/html/rfc4571>], even if the application layer > > protocol is not RTP. > > > > When Transport Layer Security (TLS) or Datagram Transport Layer > > Security (DTLS) is used, they are also run over the RFC 4571 <https://tools.ietf.org/html/rfc4571> framing > > shim, while STUN runs outside of the (D)TLS connection. The > > resulting ICE TCP protocol stack is shown in Figure 1, with (D)TLS on > > the left side and without it on the right side. > > > > +----------+ > > | | > > | App | > > +----------+----------+ +----------+----------+ > > | | | | | | > > | STUN | (D)TLS | | STUN | App | > > +----------+----------+ +----------+----------+ > > | | | | > > | RFC 4571 <https://tools.ietf.org/html/rfc4571> | | RFC 4571 <https://tools.ietf.org/html/rfc4571> | > > +---------------------+ +---------------------+ > > | | | | > > | TCP | | TCP | > > +---------------------+ +---------------------+ > > | | | | > > | IP | | IP | > > +---------------------+ +---------------------+ > > > > Figure 1: ICE TCP Stack with and without (D)TLS > > > > > > > > > _______________________________________________ > mmusic mailing list > mmusic@ietf.org > https://www.ietf.org/mailman/listinfo/mmusic > > > > > > > _______________________________________________ > > mmusic mailing list > > mmusic@ietf.org > > https://www.ietf.org/mailman/listinfo/mmusic > > > > > -- > > Surveillance is pervasive. Go Dark. > > > _______________________________________________ > mmusic mailing list > mmusic@ietf.org > https://www.ietf.org/mailman/listinfo/mmusic > >
- [MMUSIC] RFC 6544: DTLS over 4571 framing over TCP Jonathan Lennox
- Re: [MMUSIC] RFC 6544: DTLS over 4571 framing ove… Justin Uberti
- Re: [MMUSIC] RFC 6544: DTLS over 4571 framing ove… Harald Alvestrand
- Re: [MMUSIC] RFC 6544: DTLS over 4571 framing ove… Makaraju, Maridi Raju (Raju)
- Re: [MMUSIC] RFC 6544: DTLS over 4571 framing ove… Justin Uberti
- Re: [MMUSIC] RFC 6544: DTLS over 4571 framing ove… Suhas Nandakumar