IETF Logo Mail Archive

Re: [MMUSIC] ietf-mmusic-mdns-ice-candidates new draft: Christer's comments - corrected version

Christer Holmberg <christer.holmberg@ericsson.com> Wed, 26 May 2021 09:24 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3D043A27AB for <mmusic@ietfa.amsl.com>; Wed, 26 May 2021 02:24:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.698, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4Cwf9eykSE7 for <mmusic@ietfa.amsl.com>; Wed, 26 May 2021 02:24:50 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2046.outbound.protection.outlook.com [40.107.22.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D0C93A27B1 for <mmusic@ietf.org>; Wed, 26 May 2021 02:24:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dcDJi4Cd1+VfHaGG9C1NXLfp3ypw1nUDfBJqj0xEj4WhWAksl3IgqZZUaGO3NdUEL4unRFE4wLUd+jJknhMbYb8Pt8OHqKoXnJuin0r0wFtTLXmJpmpD8i8TjEcMpuQeaUr4RqV9Xq8Jxqh2FnQFb8ilFSYPk4EIxcb+mXiix4nS9l4cS9+WRyuBZVVQi9BPQt3Qpmy1QV0vOt9rO3fqxECZNCcHXA7QOXYLZd7tBs/FwbVJQ1rgAzIvY697Mknth1octaNDM7guc6HU9D1tLvz5oLAz4SZKnXKWWicntQ2txBGnJEmQFV6/rjmICSbStavkEURqnroMTeJ7Hl23iA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ljzlTk+kyX49eifq0rYcY4t2C1Ny4IiXDnfhetsHc1I=; b=hLLcVHcY4hzozQyBKd1Ws/UNl26kUlGSWeY8kyEckfGiaD6usKuoK5tGq/eS4/jOUg4Epl2whf3W6aWpdERDSTq0py/7vCyMLRhxCTt8fYlbdYhbYZ/IGF38hBtC6zffD2MupIQHR4FM4+cqM9Zs2rXQmBpmpjKyXdI+v6Gipb6PzHrb3P26PQt5RyCa/nOfJSJrbFQR/9lAIPE/nLQEWOrcb/eYzlatONJJhA+gbvQiLRdOQo1bDiFDCA+SKopWG04qGWNR2TAXXeyNrHC8zcJJ3mhUbs9zzfr5XAHLORIXDHxsH8Z/kgWUisveY0G18m3uQwr+GqH/flvaMwkEsw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ljzlTk+kyX49eifq0rYcY4t2C1Ny4IiXDnfhetsHc1I=; b=IJ123ue+KTsvYEppAeOvJoU429FJ3rqCEbMZenI8//CvwR70XTuLgEpJj0wI8lkFc7amp8gvLp/1FfPE1GLWlCQGHfHO8jyo4HXxUjopR7pjgHKGxMbMCD6zGSdCgLXynqkrgLiGrYLb3xsEDE/tbtrTZ8Ik7l/ww3YrJigFTWY=
Received: from AM0PR07MB3860.eurprd07.prod.outlook.com (2603:10a6:208:4c::18) by AM0PR07MB5825.eurprd07.prod.outlook.com (2603:10a6:208:116::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4173.12; Wed, 26 May 2021 09:24:48 +0000
Received: from AM0PR07MB3860.eurprd07.prod.outlook.com ([fe80::b10f:ebc0:80d:db2]) by AM0PR07MB3860.eurprd07.prod.outlook.com ([fe80::b10f:ebc0:80d:db2%7]) with mapi id 15.20.4173.021; Wed, 26 May 2021 09:24:48 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Youenn Fablet <youenn=40apple.com@dmarc.ietf.org>
CC: Youenn Fablet <youenn@apple.com>, mmusic WG <mmusic@ietf.org>
Thread-Topic: [MMUSIC] ietf-mmusic-mdns-ice-candidates new draft: Christer's comments - corrected version
Thread-Index: AddOaYvfxMVil8hTTVu5MqwwCVqVugC0WRKAADTinAA=
Date: Wed, 26 May 2021 09:24:48 +0000
Message-ID: <AM0PR07MB386064CCF618176DFD1642DD93249@AM0PR07MB3860.eurprd07.prod.outlook.com>
References: <AM0PR07MB3860453DCCB6278DD57BF27093299@AM0PR07MB3860.eurprd07.prod.outlook.com> <0DE13BAA-1F65-4876-AA0E-4F491A606877@apple.com>
In-Reply-To: <0DE13BAA-1F65-4876-AA0E-4F491A606877@apple.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [80.248.247.159]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 51a6b000-73e3-4bad-e527-08d920281ba0
x-ms-traffictypediagnostic: AM0PR07MB5825:
x-microsoft-antispam-prvs: <AM0PR07MB58252BE252557EEB84CD6C5A93249@AM0PR07MB5825.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tAjq367A1l1RjDBtMXTk+f+8soaKvuD2ScaTy99DOw5eUk5/lIgW9/4W1N68bIGJTbLOTe1Pf9A93PmmCBr5jrFSYONlX3OpU9HYyhUaQB+Q8uCbXj0ZazDx0W/ffOUAFPbDChFJopo4oAubG6k9nvUu7/9oo08hIKR7ahalYgeKdPYzPely8DNHwE/9/wX9hQN6QMZ2lOi3r5LGiz0jL2YI7iWE7/iGoDPyQlCNHMJWMLOHfsZJHnX0fhSILtoquQ1mwKkzt2/97ZikTA1+SBMJWqkR99AqET85SfltkFC6rTM5/We1/zBFmWZuVmmXgi+NHNBz1Z+NJ1SOvbQtTvyqI9xmGW9KkQdH/Hd6oBILouAXQE3vFhta7dGOn11bFHYi3C/yaUokAVN4SWBDPl8dkV+po+Zflj+9mZXwhXClXPZRTU2CcSp4C53oKGkMD1utuUW9DCgm9+Ry6jsEO/q416mHmZE/8pGIpXaPzzrmnark5IabocPmpqq9TEwG8cLMeY3VZXF8jXzm82t0RZWNk8hVNoKDXENUtIMEDocxXtnlIIUht5bprbv+ZL/Y4LdjQttPHgW8z56UHdmdAO1u9VI/QDhVmuAPZw4UziFETdcXEyA+GRJ+Ejl1qxLucVj9Dzf2wgG0KiqYHXRVaYyhae+7NYYsQXbumueb1dvk8aKuHJhb7V2AlVcK8cQd83AzufXA1hOQMJpo+VQ73FbyV//SukwjAGvScuY5UHQ=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR07MB3860.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(366004)(39860400002)(346002)(396003)(136003)(2906002)(66946007)(5660300002)(54906003)(4326008)(9686003)(55016002)(966005)(478600001)(122000001)(316002)(86362001)(44832011)(8676002)(33656002)(83380400001)(38100700002)(6506007)(52536014)(76116006)(64756008)(66446008)(66556008)(26005)(66476007)(8936002)(186003)(71200400001)(7696005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?OVNxbFNxZjFuNGFuSUdGUkE1aEgzS3JxeGlXL3I4S081czg1UW9IUS92VWI2?= =?utf-8?B?WUJjRFRJaDl5V2NwRlRhYnZNRlNiaEZ6SFI0TE5WWDFkdzYrQVBzaVo0Sko4?= =?utf-8?B?djAyelNtdy9aSDE5WW5lTkhzUElCblRqWVFiVTIwN2FRNjJMQlNTUkxrMzFC?= =?utf-8?B?cHFlVDF6aTRMdy9mRU1zYlB6SXprTHBtVEVEWWpkUm1DVTE5MlFuSWlkNWFZ?= =?utf-8?B?WGpoZEd3RDcrSkxsL0lHR1V4ZXkvWjJ5aHJPVHlNdGVlSEtlMHVCVmx2cDFv?= =?utf-8?B?TmFYYWIybnZCM0IxS1cycHFlaUg0RDdKcGUyL1c0eWs0TDZnTHNWT29mQWhC?= =?utf-8?B?NTcybUgvcGsyMGFaZkQ4enFrWnp0YzZuMDlDMXlpQWFiLzJMeDh3OXczbmM4?= =?utf-8?B?bExwNDlLYklKdkZ1R3pQdlFDRUZLV3F1MXZZK1FsQ3N0UnNLeHA1V0xMNk5p?= =?utf-8?B?a2JuNUEvVDVvM1V4UTJ0dmNOVHJ5UmJWV1VTUkpJRXZhUUZYZEJmT1BxOEc0?= =?utf-8?B?YkljZ01CQnYzUkovSjd2ZElmbjNaMllJMm8xWGRTZ2x0VmZHVG1tYXZZejIy?= =?utf-8?B?YnJidTNNL3BrSjZsOVNzRmFySEpIWjN5R0xnNDhxOGdVcFdwZVVyZ3laK3hR?= =?utf-8?B?aG02YWxLbGVmTW0yWFgrUDRqZ21oT1A2a05Nbi80d21DYWRET3FkNTl4bGZ6?= =?utf-8?B?aGYwSEFkbU5yV0d5bi9wTEVqY1VwSmFrVFZyeXVUbnJpKzlLaGQvbDFDT1RO?= =?utf-8?B?aFdHdC9wR0RyUHBIS2NmaXY0MklqdmtUNEhYZmtQN0VzU1VwM1lscUtvL3pl?= =?utf-8?B?QmRFb1lPVCtSQXVZMFNQRlVvdEs3Tmh0dlNkYnA3UEdwUDR3a1hrcGRHU2do?= =?utf-8?B?MllyQzZpd3FlN0o5UHBMcytYQlZJSTdqNFNJTDlRUmpUVXcyUDVMMUUyS1Zn?= =?utf-8?B?SkUvM3hYdVBCODVWZWZhbHhGMk5MVXpzbnV3YTBsdGtwOGk4VG5hd2cyWXdG?= =?utf-8?B?dTJRcGlwbm1xNUVLNCtqaThmMTlFbnZXWGx2ZEFmdVFOaFY1UmRnd1FRNE84?= =?utf-8?B?cjYrN1dtY0FlN1VTQ1hMaGs2NW5HZHBlb1ExVDBvbnVTNm5xNzNVbndNZVpG?= =?utf-8?B?TGNRZG1jd3hoNWVYcnlBSXNoYldLZnlFSTV4akxWWUdWUVBzQzZCNUJlRWhS?= =?utf-8?B?MXlNVTRUcWZld2dLelpFM3hnNGxMd25zR3BadXBidk5naWkrRTQzMzN2QXhY?= =?utf-8?B?Nk55d0V5RmlSdmJweXFwU0syanJjNUlZdnMwdVFibmZQZE9DVEpVeC9yY0xS?= =?utf-8?B?SHRGOEcrRG9MZ0VyTktkZmRuWW5MNHhrVVp0ZmRtRHk0dTJxOWlIN1dQMnY4?= =?utf-8?B?TkxPWHRxV01yVSswbkgraTJhb3BZR1ViTEsyNFhBREhzYnZrZ3hmcTg0V2ZH?= =?utf-8?B?N3l1MHZlVEx3aklRVUUydjlYQlQ5ZUZXTEgxMjdKZVprYlRLMW5QYzh1bzdx?= =?utf-8?B?Q095cFJUNVA3MDhML09Sd2Q2a3BJMW1RalBsUUg2V0dFa2p2bXFnOExIYldu?= =?utf-8?B?ZjlxUEtFZ1ZPcTJEY2JzQlRleEdwWGFOZklhRmpsdU9xOGxySzNmSDBPdnor?= =?utf-8?B?Nk55M25IMjM1VDhxdFdnaStFWXBkdnZGc3NaMnZqYTI4Mng4N3AvbjJGcERp?= =?utf-8?B?bmYxTU1RVnNDMmNRVlBpaWNoVkNxdUhFMEZGU3lYaEMrdzJ3UzBJdlFVWnd1?= =?utf-8?Q?u1rwI3AWJexH/uNvnjfpGVl3ke+lCrePMDAXahT?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR07MB3860.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 51a6b000-73e3-4bad-e527-08d920281ba0
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 May 2021 09:24:48.3216 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: rQmckTluJW60Xt/rBWAIsPGG3Mc5EchI/SZJ6LfOwBMTdQZkmO4UCIgapOALVmv4pP6lrveAq1JaFDuHrcJG836j74JvwZohbxX785/7NDw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR07MB5825
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/j5KkdlU-rleYewMNm_DPBew8t8M>
Subject: Re: [MMUSIC] ietf-mmusic-mdns-ice-candidates new draft: Christer's comments - corrected version
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 May 2021 09:24:56 -0000

Hi,

Q1:

>> I think it needs to be more clear that mDNS domain names (.local) can only be resolved by remote peers within the same local network.
>
> Right, this is a (useful) restriction from mDNS though mDNS extensions could potentially alleviate this.
> We might want to say this explicitly and detail that host candidates are useful for peers in the same local network as well.
> I filed https://protect2.fireeye.com/v1/url?k=6f70db02-30ebe3e0-6f709b99-86073b36ea28-d422b5bab32889b5&q=1&e=65335060-b720-4a53-baa4-dfa1a047c81d&u=https%3A%2F%2Fgithub.com%2Frtcweb-wg%2Fmdns-ice-candidates%2Fissues%2F133issues%2F133.

Thanks! I will take a look.

---

Q2:

>> Related to Q1, think it needs to be more clear that the mechanism prevents IP address leaking to peers outside the local network. Inside the local network I assume that web apps can still find out about the local address simply by performing an mDNS lookup on the mDNS domain name.
>
> Web apps cannot do mDNS lookups for privacy reasons.
> It is a good thing for privacy reasons that a web page does not have access to its local address without some form of user opt-in.

Well, maybe "web app" was too restrictive. You could also implement this in a native WebRTC app.

And, I assume even a web app can e.g., print the domain name on the screen, and the user can then use a separate resolver to get the IP address. Or, the web app can send the domain name to another server/service (within the local network) for resolving the address.

My point is that I think it is not possible that a remote peer *within the same local network* would not be able to figure out your IP address. I believe Tthere are even much simpler way of doing that than implementing a WebRTC app :)

---

Q3:

>The draft makes an assumption that the mDNS domain names are unique. Why making that assumption? If the local network supports multicast, there may even be non-WebRTC applications using mDNS, which increases the risk for collision.
>
>mDNS is supposed to handle name collision.
>This spec relies on the mDNS specification to handle such cases, which I think is the correct layering.

In the draft you have explicit text saying that one does NOT need to use the mDNS way of handling collisions.

       "The ICE agent SHOULD send an mDNS announcement for the hostname,
       but as the hostname is expected to be unique, the ICE agent
       SHOULD skip probing of the hostname."

Also, in general when you say "unique", please define the scope of the uniqueness - both in time and place.

---

Q4:

>> Section 3.1.1 says that an ICE agent, when it gathers candidates, generates a UNIQUE mDNS domain name. I assume that means that the mDNS domain name will only be valid for the duration of the ICE session.
>
> For the lifetime of the ICE agent, this may be more than the ICE session.
> Though there is no hard requirement, section 3.3.3 states that mDNS domain name lifetime should be scoped by the lifetime of the web page (agents are free to be stricter than that).
>
> Doesn't that mean that there is no need for other ICE agents to cache the mDNS domain name:IP address mapping for "future use", because the mDNS domain name won't be used in future anyway?
>
> The idea is for ICE agents to keep alive their own mDNS name as long as needed.

Ok.

Obviously, if the local IP address changes then the mapping has to be updated, but perhaps that is obvious.

> ICE agents should not try to buffer other ICE candidate mDNS:IP mapping. This is an optimization that should be left to the mDNS layer.

I don't even think an ICE agent should buffer its own mapping. Doesn't the local mDNS layer handle that?

---

Q5:

>> Section 5.3 says:
>>
>> "When an endpoint that supports mDNS communicates with an endpoint that does not, the legacy
>>  endpoint will still provide its local IP addresses, and accordingly a direct connection can still be attempted, 
>>  even though the legacy endpoint cannot resolve the mDNS names provided by the new endpoint."
>>
>> Please make it more clear that the legacy endpoint is the one that does not support mDNS. Something like:
>>
>>   "When an endpoint that supports mDNS communicates with a legacy endpoint that does not, the..."
>
> I filed https://protect2.fireeye.com/v1/url?k=ab050196-f49e3974-ab05410d-86073b36ea28-dfd572b54682df12&q=1&e=65335060-b720-4a53-baa4-dfa1a047c81d&u=https%3A%2F%2Fgithub.com%2Frtcweb-wg%2Fmdns-ice-candidates%2Fissues%2F134issues%2F134.

Thanks! I will take a look.

---

Q6:

>> If I remember correctly, people have raised issues with legacy parsers not being able to parse non-IP-addresses. If so, shouldn't that be mentioned in Section 5.3?
>>
>> (NOTE: Eventhough the draft updates RFC 8839, to support mDNS domain names, it does not solve the issue for legacy parsers.)
>
> In practice, deployment has not seen this issue, maybe because legacy parsers are not widely used in mode 3 applications, i.e. applications that do not access to any camera/microphone.
> It seems fine mentioning legacy parsers in the document.

You can for sure mention "legacy parsers", and what your real-network experience is. But, the main point that also needs to be pointed out is a not-backward compatible *specification* change, and it is important to mention those.

> Let’s handle it in the same issue as above, https://protect2.fireeye.com/v1/url?k=c8ba4bed-9721730f-c8ba0b76-86073b36ea28-d633b680ca12acc8&q=1&e=65335060-b720-4a53-baa4-dfa1a047c81d&u=https%3A%2F%2Fgithub.com%2Frtcweb-wg%2Fmdns-ice-candidates%2Fissues%2F134issues%2F134.

Thanks! I will take a look.

---

Q7:

>> The draft does not give any guidance regarding how long an ICE agent can safely cache an mDNS 
>
> Are you referring to remote mDNS mapping? If so, I think we want to leave caching to the mDNS layer.

I guess so. There may be no WebRTC-specific considerations regarding the buffering.

So, perhaps the best thing is to not talk about ICE agents doing buffering etc, and perhaps only have a statement saying that the buffering/caching is taken care of by the mDNS layer, as defined in RFC 6762.

Thanks!

---

Regards,

Christer

v2.8.7 | Report a Bug | By Email