IETF Logo Mail Archive

Re: [MMUSIC] FQDN Support Final Vote

Christer Holmberg <christer.holmberg@ericsson.com> Tue, 21 May 2019 21:09 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 947FD120219 for <mmusic@ietfa.amsl.com>; Tue, 21 May 2019 14:09:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id izocN7gduv5o for <mmusic@ietfa.amsl.com>; Tue, 21 May 2019 14:09:25 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-he1eur02on0604.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe05::604]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4140B1200A4 for <mmusic@ietf.org>; Tue, 21 May 2019 14:09:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cNmdM5qus6X/a+hY+RN3Ar+yfgqyyQMFytJYIpOB56I=; b=hkffUSaMqN4gYvR1TAOXBmlXO9gXXhR+aDiqNwzb5GwHpr7R3uNBrrQEQb5cUBrnJdauDJuO8GRiHZdYGZfCNfa79RltcU3+sXEE2cNO/koCk+xdDWjm6/NmAZ282UOFTAzwisrAwWg5slC7Wl/XPl68G9/eRuOnt5k/2tsie9A=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3418.eurprd07.prod.outlook.com (10.170.247.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.7; Tue, 21 May 2019 21:09:19 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321%6]) with mapi id 15.20.1922.013; Tue, 21 May 2019 21:09:19 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Roman Shpount <roman@telurix.com>, Suhas Nandakumar <suhasietf@gmail.com>
CC: mmusic WG <mmusic@ietf.org>
Thread-Topic: [MMUSIC] FQDN Support Final Vote
Thread-Index: AQHVD+mlwIgCIp9I/k6kBr0+k0McKqZ2C9UAgAAYA4A=
Date: Tue, 21 May 2019 21:09:19 +0000
Message-ID: <C5FAF067-7C03-4A13-BBAC-4A1A2C12FC09@ericsson.com>
References: <CAMRcRGRnKRNL9t+c6AQ7L+vszaPrJvAuwVG6BhUuJovBRuc=NA@mail.gmail.com> <CAD5OKxuRKTkj3YCaHBCLBpdyUqeBST=sLJcUvD7NFLjLBaqVmQ@mail.gmail.com>
In-Reply-To: <CAD5OKxuRKTkj3YCaHBCLBpdyUqeBST=sLJcUvD7NFLjLBaqVmQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [79.140.208.49]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9504438f-16f3-45a1-7d25-08d6de30974c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR07MB3418;
x-ms-traffictypediagnostic: HE1PR07MB3418:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <HE1PR07MB3418A1BE163DEFB3CDF20F4793070@HE1PR07MB3418.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0044C17179
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(396003)(366004)(39860400002)(346002)(199004)(189003)(53754006)(99286004)(25786009)(82746002)(606006)(4326008)(8936002)(229853002)(102836004)(14454004)(486006)(5070765005)(53546011)(6506007)(76176011)(36756003)(66446008)(68736007)(66556008)(66476007)(76116006)(91956017)(64756008)(66946007)(73956011)(508600001)(86362001)(44832011)(966005)(110136005)(58126008)(5660300002)(446003)(6512007)(6436002)(316002)(54896002)(236005)(6306002)(33656002)(16350225007)(71190400001)(71200400001)(83716004)(256004)(14444005)(6486002)(53936002)(26005)(6246003)(7736002)(2616005)(66066001)(81166006)(3846002)(81156014)(8676002)(11346002)(6116002)(2906002)(476003)(186003); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3418; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: MiAaXCi4k08scS+NApk1FrFswK+rV75t1VPEig3Efxt4cWJecVh0PoDA+wNt0chn1qLw8CUukY3pa7FyaLHo7qDbKjcYEm2hMn6CkDxeBUVwxqxzJfFhFMN/WSj+4jc6n074ubH/Sj0sSolk02SX94QN5DiP0Awt83vd42vpjp22dKzaf20UW5R4KPeYnWgdedtpwXBFmwC92yPMQfghfnkpQj3aNVnCZco2X0LFvVpG9kzoFd+PX5qqtwz+rRc0rWMyxPvGZH6PyC5ydKkjuVsz9IN0ApHLeDI3djA27UmOmKeVocuA52SpqBHCRfmJxX0du1btN0xvdHecF6T9y5V8y4qdWC+ZfM/c0xz7xQX1QP8UQyVD4oOOJV9Xb2tOYZ42J0Tv3FsUQM1uNWZkF6dwIWuyYJSykeqkonn3kkk=
Content-Type: multipart/alternative; boundary="_000_C5FAF0677C034A13BBAC4A1A2C12FC09ericssoncom_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9504438f-16f3-45a1-7d25-08d6de30974c
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 May 2019 21:09:19.6863 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: christer.holmberg@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3418
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/tCZOe4PqoqlSkac_f3pOBdv1ct0>
Subject: Re: [MMUSIC] FQDN Support Final Vote
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2019 21:09:36 -0000

Hi,

>4. Clarify ICE support validation procedures when processing session descriptions with FQDN in candidate connection address. Specifically, if agent implementing ice-sip-sdp receives a session >description where candidate with FQDN connection address is the default candidate, address in c= line must be the literal FQDN value used connection address of the default candidate. If >address in c= line is an IP address which is result of the FQDN resolution of candidate connection address, or FQDN which resolves to the same IP address as FQDN in the candidate, or anything >else except the literal FQDN value used in the default candidate connection address, then this m= line must be treated as ICE mismatch. On the other hand, difference in address family and type >between c= line and FQDN resolution result (regardless of what procedure is used to resolve FQDN), must not be considered a mismatch.

It is very difficult for me to parse what you are trying to say in bullet 4.

If an agent receives SDP with an IP address in the c= line, how does it know whether it is a “result of the FQDN resolution of the candidate connection address”? Does that agent have to do a DNS lookup after all, to see whether the result matches the IP address in the c= line?

> I do not like the current language in ice-sip-sdp, since it does provide a description on how connection addresses with FQDN are generated and handled, but does it in a way that is known to
> cause problems. Also, current language does not allow for FQDN to be ignored or specify how ICE mismatch conditions are handled when FQDN connection address is used.

I don’t think anyone disagree with changing the current text?

Regards,

Christer






On Tue, May 21, 2019 at 11:26 AM Suhas Nandakumar <suhasietf@gmail.com<mailto:suhasietf@gmail.com>> wrote:
Hi All

  Below i have included 4 flavors of suggested text for FQDN support in ice-sip-sdp.  Let's agree on one and go with it (even it doesn't make us entirely happy).


RFC5245 Version
"<connection-address>: is taken from RFC 4566<https://tools.ietf.org/html/rfc4566> [RFC4566<https://tools.ietf.org/html/rfc4566>]. It is the

      IP address of the candidate, allowing for IPv4 addresses, IPv6 addresses, and fully qualified domain names (FQDNs).  When parsing this field, an agent can differentiate an IPv4 address and an IPv6 address by presence of a colon in its value - the presence of a colon indicates IPv6.  An agent MUST ignore candidate lines that include candidates with IP address versions that are not supported or recognized.  An IP address SHOULD be used, but an FQDN MAY be used in place of an IP address.  In that case, when receiving an offer or answer containing an FQDN in an a=candidate attribute, the FQDN is looked up in the DNS first using an AAAA record (assuming the agent supports IPv6), and if no result is found or the agent only supports IPv4, using an A.  If the DNS query returns more than one IP address, one is chosen, and then used for the remainder of ICE processing..



ice-sip-sdp pre-22 version1



<connection-address>:  is taken from RFC 4566 [RFC4566].  It is the IP address of the candidate.  When parsing this field, an agent can differentiate an IPv4 address and an IPv6 address by presence of a colon in its value -- the presence of a colon indicates IPv6. An agent MUST ignore candidate lines that include candidates with IP address versions that are not supported or recognized.  An IP address SHOULD be used, but an FQDN MAY be used in place of an IP address.  In that case, when receiving an offer or answer containing an FQDN in an a=candidate attribute, the FQDN is looked up in the DNS first using an AAAA record (assuming the agent supports IPv6), and if no result is found or the agent only supports IPv4, using an A record.  The rules from section 6 of [RFC6724] is followed by fixing the source address to be one from the candidate pair to be matched against destination addresses

reported by FQDN, in cases where the DNS query returns more than one IP address.



ice-sip-sdp current version

<connection-address>:  is taken from RFC 4566 [RFC4566].  It is the

      IP address of the candidate.  When parsing this field, an agent

      can differentiate an IPv4 address and an IPv6 address by presence

      of a colon in its value -- the presence of a colon indicates IPv6.

      An agent MUST ignore candidate lines that include candidates with

      IP address versions that are not supported or recognized.  An IP

      address SHOULD be used, but an FQDN MAY be used in place of an IP

      address.  In that case, when receiving an offer or answer

      containing an FQDN in an a=candidate attribute, the FQDN is looked

      up in the DNS first using an AAAA record (assuming the agent

      supports IPv6), and if no result is found or the agent only

      supports IPv4, using an A record.  If a FQDN returns multiple IP

      addresses an agent MUST only use one of them throughout the

      duration of the ICE session.  Since an agent does not know whether

      the peer listens to the chosen IP address and port, it is

      RECOMMENDED to not use FQDNs that will resolve into multiple IP

      addresses.

Roman-Christer Version
<connection-address>: :: is taken from RFC 4566 <<RFC4566>>.. It is the IP address of the candidate, allowing for IPv4 addresses, IPv6 addresses,
and fully qualified domain names (FQDNs).  When parsing this field, an agent can differentiate  an IPv4 address and an IPv6 address by presence
of a colon in its value - the presence of a colon indicates IPv6.  An agent processing remote candidates MUST ignore candidate lines that include
candidates with FQDN or IP address versions that are not supported or recognized.  The procedures for handling FQDN candidates, and for agents
to indicate support of such procedures, need to be specified in an extension specification. If candidate with FQDN <connection-address> is the
default destination/candidate, the "c=" address type MUST be set the IP address family for the FQDN DNS resolution result and the "c=" connection
address MUST be set to FQDN. Differences in the "c=" line address family and type with FQDN resolution result MUST not cause ICE support verification failure.



My vote is on current version since it is backward compatible with a warning that using FQDN is not recommended since it MAY lead to failure.
_______________________________________________
mmusic mailing list
mmusic@ietf.org<mailto:mmusic@ietf.org>
https://www.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email