IETF Logo Mail Archive

Re: [MMUSIC] [mmusic-udptl-dtls-01] Establishment direction of DTLS session

Christer Holmberg <christer.holmberg@ericsson.com> Thu, 19 September 2013 08:01 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 56ABA21F9AEF for <mmusic@ietfa.amsl.com>; Thu, 19 Sep 2013 01:01:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.184
X-Spam-Level:
X-Spam-Status: No, score=-5.184 tagged_above=-999 required=5 tests=[AWL=-0.135, BAYES_00=-2.599, HELO_EQ_SE=0.35, J_CHICKENPOX_56=0.6, J_CHICKENPOX_57=0.6, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rBhhJK5exQqe for <mmusic@ietfa.amsl.com>; Thu, 19 Sep 2013 01:01:33 -0700 (PDT)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id A148A21F9B8A for <mmusic@ietf.org>; Thu, 19 Sep 2013 01:01:32 -0700 (PDT)
X-AuditID: c1b4fb25-b7eff8e000000eda-5e-523aaf5b5704
Received: from ESESSHC003.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id 50.C3.03802.B5FAA325; Thu, 19 Sep 2013 10:01:31 +0200 (CEST)
Received: from ESESSMB209.ericsson.se ([169.254.9.146]) by ESESSHC003.ericsson.se ([153.88.183.27]) with mapi id 14.02.0328.009; Thu, 19 Sep 2013 10:01:30 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Schwarz, Albrecht (Albrecht)" <albrecht.schwarz@alcatel-lucent.com>
Thread-Topic: [mmusic-udptl-dtls-01] Establishment direction of DTLS session
Thread-Index: Ac60g62jSxVm2TCNSGW1wolV+AvE6AAhc/7w
Date: Thu, 19 Sep 2013 08:01:30 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1C4A769E@ESESSMB209.ericsson.se>
References: <786615F3A85DF44AA2A76164A71FE1AC0BA3EC@FR711WXCHMBA03.zeu.alcatel-lucent.com>
In-Reply-To: <786615F3A85DF44AA2A76164A71FE1AC0BA3EC@FR711WXCHMBA03.zeu.alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.17]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrFLMWRmVeSWpSXmKPExsUyM+JvjW70eqsgg+5NwhZ/Wn8xWkxd/pjF gcmj9dleVo8lS34yBTBFcdmkpOZklqUW6dslcGV8mHKYveC8UMWPicfZGhin8HcxcnJICJhI HPqzkh3CFpO4cG89WxcjF4eQwGFGiYd/r0E5SxglXhy4ytzFyMHBJmAh0f1PG6RBRMBD4v6C Y2wgYWYBdYmri4NAwsIC3hL7T+1jgyjxkdjQe5AJwjaSeN0+iRnEZhFQlei51c4CYvMK+Eo8 /TUFrF5IIEriU28vmM0pEC0x5dEDMJsR6Lbvp9aAzWEWEJe49WQ+E8TNAhJL9pxnhrBFJV4+ /scKco6EgKLE8n45iHIdiQW7P7FB2NoSyxa+ZoZYKyhxcuYTlgmMYrOQTJ2FpGUWkpZZSFoW MLKsYmTPTczMSS832sQIjI+DW36r7mC8c07kEKM0B4uSOO9mvTOBQgLpiSWp2ampBalF8UWl OanFhxiZODilGhid9614NPvMedV6XcGrxQFxj7+tfiIf/0ra5mnN+6m2y2v6V/wqaeOYKHdt knLDXP5fzKc3H5D6XrfYwTpr2eslf5nl5x9569FWGXPfLvDCPc5sw+Llp4873Uqya1ZwrBRg 37HCrPuQSl9URpHLep4t7875/md+kj5v1wnhSapqWzgCXP7N+OGmxFKckWioxVxUnAgA6zAF 310CAAA=
Cc: "mmusic@ietf.org" <mmusic@ietf.org>
Subject: Re: [MMUSIC] [mmusic-udptl-dtls-01] Establishment direction of DTLS session
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Sep 2013 08:01:39 -0000

Hi Albrecht,

The direction of the SIP session establishment and the DTLS session establishment are NOT tightly coupled. The draft enables the Answerer to select whether it wants to act as DTLS client or DTLS server.

Section 3.1 states:

.... The
offerer MUST assign the SDP setup attribute with setup:actpass
value, and MUST be prepared to receive a DTLS client_hello message
before it receives the SDP answer. The answerer MUST assign the
SDP setup attribute with either setup:active value or
setup:passive value. The answerer SHOULD assign the SDP setup
attribute with the setup:active value. Whichever party is active
MUST initiate a DTLS handshake by sending a ClientHello over each
flow (host/port quartet).

The same rules apply for DTLS-SRTP (see Section 5 of RFC5763). In fact, we base the procedure on that RFC.

BFCP-over-DTLS (draft-ietf-bfcpbis-rfc4582bis) also refers to the DTLS-SRTP procedures for DTLS server determination.

Regards,

Christer





-----Original Message-----
From: Schwarz, Albrecht (Albrecht) [mailto:albrecht.schwarz@alcatel-lucent.com] 
Sent: 18. syyskuuta 2013 18:28
To: Christer Holmberg
Cc: mmusic@ietf.org
Subject: [mmusic-udptl-dtls-01] Establishment direction of DTLS session

The T.38 endpoint could be located in a terminal (= T.38 IAF) or in a gateway, leading to three possible scenarios of 
a) T - T
b) T -GW
c) GW-GW

I'd like to scope on scenario (b) due to its asymmetry of user- and network-side located T.38 endpoints.

Christer,
I thought that the two directions of
1) SIP session establishment and
2) DTLS session establishment
should be NOT tightly coupled (as currently supposed to be in clause 3.1)?
The ietf draft should offer the flexibility in decoupling both establishment directions.

E.g., there might be the demand to limit DTLS session establishment in T-to-GW direction (and apply rather the reverse direction) due ClientHello associated security threats, resource requests in terms of memory, ...

In my opinion:
the IETF should allow the flexibility,
other SDOs could still profile/limit this capability.

Best regards,
Albrecht

PS
We had a similar discussion with TLS, there NAT traversal (NAT-T) aspects could influence TLS session establishment direction. However, I guess that NAT-T is minor for DTLS/UDP.

v2.23.0 | Report a Bug | By Email