Re: [MMUSIC] Mirja Kühlewind's Discuss on draft-ietf-mmusic-dtls-sdp-28: (with DISCUSS and COMMENT)
Roman Shpount <roman@telurix.com> Tue, 15 August 2017 17:59 UTC
Return-Path: <roman@telurix.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C166D132143 for <mmusic@ietfa.amsl.com>; Tue, 15 Aug 2017 10:59:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_SPAM=0.5, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=telurix-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w79S__sgjqPN for <mmusic@ietfa.amsl.com>; Tue, 15 Aug 2017 10:59:04 -0700 (PDT)
Received: from mail-pg0-x229.google.com (mail-pg0-x229.google.com [IPv6:2607:f8b0:400e:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B25BF120713 for <mmusic@ietf.org>; Tue, 15 Aug 2017 10:59:04 -0700 (PDT)
Received: by mail-pg0-x229.google.com with SMTP id y129so9898354pgy.4 for <mmusic@ietf.org>; Tue, 15 Aug 2017 10:59:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telurix-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=UXqcMuaIN8B29OCXMQdVzYDxkbDZvbBuaPTNc6y0UC8=; b=lxlMSfnc5YGUL13TpsoA4HrMSNKyZe0slae5/cR5KFVEVpRGFjmy49e+SvrnGfTQJd mMfLC7BtvAv/vdOM8V2I5dd7MXW0kf858r0K4lnLQ/eQAdnmZbLh7RTDkDzEIHaymyIw BqhJf11VJRog2IFJnBRst/LUwZmEd+c2WsfOfUw1ox31CHP7DHYRhr6EpabIg2PlX7OP uNqszANazBYpQG4LkE98jlaG8Blk7MIwcJIlw7KfZEViFekUmaT92qy+svZD2gsZUlSj 7q/8gxWYL/Rk79oV1bbc3URvb7q0+Nbmg9R5S6TxlzrUBpGNL22JqWhRlLFCQqhaUT8x txWg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=UXqcMuaIN8B29OCXMQdVzYDxkbDZvbBuaPTNc6y0UC8=; b=Q7AoSmo9VqOFhcP8AZSP0WAJsD1MLG1WmwkrEjr0mqrIQTIFMcFa+rJXHBCmCEF/lK C2cG7pCh2td9rGjK54JHg+CrFEPLl1S3wmKJLuIxjf8ia68BO2IdLFo9/HxawK/RkxkV 0MjT0UVGGXuk2z2tks8ccen2PLaFUNsxqjZQr78JhFIYDqEMtxadVWKMa+gT9no/Tw6K 0GvnkAUu6cK+olgHtPfQkPkANKUfCiw14rKXgCn7FjbzBuDsr1aSWjjxRv51K3T7vViB kNxBEZkmggPXXpzvQwB2jU43atwPRaSu2qjfaGHVIKa+vmpS5a11tfbZ8SMXNlryoymM wIug==
X-Gm-Message-State: AHYfb5j9udpU9mngid4OFy14yXWvhLfw+HDrGtmodxwCP0zS7roABubm +jGlGg59iBlxU+dZ
X-Received: by 10.98.65.220 with SMTP id g89mr28697513pfd.122.1502819944277; Tue, 15 Aug 2017 10:59:04 -0700 (PDT)
Received: from mail-pg0-f54.google.com (mail-pg0-f54.google.com. [74.125.83.54]) by smtp.gmail.com with ESMTPSA id p62sm17566600pfg.66.2017.08.15.10.59.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 15 Aug 2017 10:59:02 -0700 (PDT)
Received: by mail-pg0-f54.google.com with SMTP id l64so9889127pge.5; Tue, 15 Aug 2017 10:59:02 -0700 (PDT)
X-Received: by 10.98.81.130 with SMTP id f124mr22454997pfb.152.1502819942427; Tue, 15 Aug 2017 10:59:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.100.133.150 with HTTP; Tue, 15 Aug 2017 10:59:01 -0700 (PDT)
In-Reply-To: <150280844371.21102.10635571599929348708.idtracker@ietfa.amsl.com>
References: <150280844371.21102.10635571599929348708.idtracker@ietfa.amsl.com>
From: Roman Shpount <roman@telurix.com>
Date: Tue, 15 Aug 2017 13:59:01 -0400
X-Gmail-Original-Message-ID: <CAD5OKxuAghZi5HRJUAHA22YYS7wuhqgCjRsQkbeXP-1g6rSQeA@mail.gmail.com>
Message-ID: <CAD5OKxuAghZi5HRJUAHA22YYS7wuhqgCjRsQkbeXP-1g6rSQeA@mail.gmail.com>
To: Mirja Kühlewind <ietf@kuehlewind.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-mmusic-dtls-sdp@ietf.org, mmusic-chairs@ietf.org, lemming Andreasen <fandreas@cisco.com>, "mmusic@ietf.org" <mmusic@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c1111c4d4721c0556ce8866"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/l1xwjzZLfW89HH9O2orU_LagnRM>
Subject: Re: [MMUSIC] Mirja Kühlewind's Discuss on draft-ietf-mmusic-dtls-sdp-28: (with DISCUSS and COMMENT)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 17:59:07 -0000
On Tue, Aug 15, 2017 at 10:47 AM, Mirja Kühlewind <ietf@kuehlewind.net> wrote: > Mirja Kühlewind has entered the following ballot position for > draft-ietf-mmusic-dtls-sdp-28: Discuss > > On section 7.1, of course... > "If DTLS is transported on top of a connection-oriented transport > protocol (e.g., TCP or SCTP), where all IP packets are acknowledged, > all DTLS packets associated with a previous DTLS association MUST be > acknowledged (or timed out) before a new DTLS association can be > established on the same instance of that transport (5-tuple)." > I don't think this would be necessary for QUIC. The point here is, I > believe, > not the fact that TCP and SCTP are connection-oriented, but that > re-transmissions cannot be easily distinguished from the original packet. > So > the point is rather the use of a reliable protocol that retransmits in a > specific way. However, why would you use DTLS with TCP instead of TLS? And > I > also don't think you want to use DTLS with QUIC because it has it's own > crypto. > I guess the recommendation should rather be that reliable transports > should use > TLS, and if DTLS is needed a new DTLS connection can only be established if > there is not retransmission ambiguity which is always the case when all > outstanding packets are ack'ed or considered lost (timed out). Or am I > missing > the point? > This whole section was added because of RFC6083 (DTLS over SCTP, not to be confused with SCTP over DTLS). I am not sure if anybody implemented DTLS over SCTP with SDP based negotiation so this language is highly theoretical. The issue is that DTLS over SCTP as it is defined in RFC6083 is not compatible with DTLS over UDP. Essentially RFC6083 removes re-transmission logic from DTLS stack and uses re-transmission logic in SCTP. It also states that a single SCTP association should be reused for multiple DTLS associations and DTLS association cannot span across multiple underlying transports. The intention of this text was to say that for DTLS over SCTP implementation should use different procedures since it is, essentially, different DTLS (without re-transmission logic). We have tried to generalize the language, but I am not sure the result is quite clear. My preference at the time was not cover DTLS over SCTP in this draft at all. Since EKR is reviewing this, and since he is one of RFC6083 authors, he can probably suggest a better language. This text does not apply to DTLS over TCP. DTLS over TCP is primarily used for ICE TCP candidates. In this case transport is still treated as unreliable un-ordered for two reasons: a. ICE can switch between candidates and transports, so when switch from UDP to TCP candidate pair occurs DTLS still needs to handle re-transmission or out of order packets. Even switching between two TCP candidates can result in un-ordered packet delivery. b. DTLS over TCP is often single hop, where TCP connection is terminated by SBC and UDP being used on the other leg. DTLS association in this cases continues to be end-to-end and will have to deal with re-transmission and out of order packets. I do not think we even though about QUIC here but most likely QUIC will not be used used with DTLS. > - in sec 5.1: "Because of > this, if an unordered transport is used for the DTLS association, a > new transport (3-tuple) must be allocated by at least one of the > endpoints so that DTLS packets can be de-multiplexed." > Why is this a 3-tuple (instead of a 5-tuple)? I guess you talk about the > source > address, source port, transport 3-tuple? May say this more explicitly. > Also > the word of the use transport is confusing to me here because it's used > for the > transport protocol as well as for the transport 'connection' (if a > connection-oriented transport protocol is used). Maybe s/new transport/new > flow/? Moreover, there should probably be a 'MUST' here instead of 'must'! > Each end point allocates a 3-tuple for connection (transport/address /port). Connections are disambiguated using 5 tuple (transport/source address/source port/destination address/destination port). We can make this more explicit. - sec 5.2:"In addition, the offerer MUST insert in the > offer an SDP 'tls-id' attribute with a unique attribute value." > Is that a MUST or rather a SHOULD? The rest of the text reads like this > should > be a SHOULD. > Implementations compliant with this specification MUST insert tls-id in offers and respond with answer with tls-id if tls-id was present in the offer. This is how end points indicate that they support this specification. Regards, _____________ Roman Shpount
- [MMUSIC] Mirja Kühlewind's Discuss on draft-ietf-… Mirja Kühlewind
- Re: [MMUSIC] Mirja Kühlewind's Discuss on draft-i… Eric Rescorla
- Re: [MMUSIC] Mirja Kühlewind's Discuss on draft-i… Mirja Kuehlewind (IETF)
- Re: [MMUSIC] Mirja Kühlewind's Discuss on draft-i… Roman Shpount