IETF Logo Mail Archive

Re: [MMUSIC] actpass redux

Christer Holmberg <christer.holmberg@ericsson.com> Sat, 03 June 2017 07:06 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E87C9126C0F for <mmusic@ietfa.amsl.com>; Sat, 3 Jun 2017 00:06:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.219
X-Spam-Level:
X-Spam-Status: No, score=-4.219 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pA3yAYxGDJTk for <mmusic@ietfa.amsl.com>; Sat, 3 Jun 2017 00:06:14 -0700 (PDT)
Received: from sesbmg23.ericsson.net (sesbmg23.ericsson.net [193.180.251.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34A091250B8 for <mmusic@ietf.org>; Sat, 3 Jun 2017 00:06:13 -0700 (PDT)
X-AuditID: c1b4fb25-73a9f9a0000055fe-58-59325fe45c11
Received: from ESESSHC018.ericsson.se (Unknown_Domain [153.88.183.72]) by sesbmg23.ericsson.net (Symantec Mail Security) with SMTP id 38.5A.22014.4EF52395; Sat, 3 Jun 2017 09:06:12 +0200 (CEST)
Received: from ESESSMB109.ericsson.se ([169.254.9.30]) by ESESSHC018.ericsson.se ([153.88.183.72]) with mapi id 14.03.0339.000; Sat, 3 Jun 2017 09:04:13 +0200
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Roman Shpount <roman@telurix.com>, Eric Rescorla <ekr@rtfm.com>
CC: mmusic WG <mmusic@ietf.org>
Thread-Topic: [MMUSIC] actpass redux
Thread-Index: AQHS27+QUKTkX8TgukOHH0lDl2aBAKIRu7eAgAA2MQCAAMRawA==
Date: Sat, 03 Jun 2017 07:04:13 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B4CBD7C32@ESESSMB109.ericsson.se>
References: <CABcZeBMd2BZgyeFnqafTVyGga4FMoK0xJkPCv0y_wvmBWsg+xg@mail.gmail.com> <CAD5OKxvwgvm3Q4HsCYsewZjRS9ty_g34n9+x87vfLW4Omcm8mw@mail.gmail.com> <CAD5OKxuNvnBgpv7BO3fv27ASu5AMugh4-LNpq1r8ga5OtqD_nw@mail.gmail.com>
In-Reply-To: <CAD5OKxuNvnBgpv7BO3fv27ASu5AMugh4-LNpq1r8ga5OtqD_nw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.148]
Content-Type: multipart/alternative; boundary="_000_7594FB04B1934943A5C02806D1A2204B4CBD7C32ESESSMB109erics_"
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprPIsWRmVeSWpSXmKPExsUyM2K7h+6TeKNIgz2/5CxWvD7HbjF1+WMW ixkXpjI7MHssWfKTyWPy4zZmj1tTCgKYo7hsUlJzMstSi/TtErgy/p2bwV6wqZWpYtGMLewN jEf+MXYxcnJICJhI7L/azNrFyMUhJHCEUeLqj09QziJGibcr5jN1MXJwsAlYSHT/0wZpEBFw lujqvccKYjMLyEtcWLKGCcQWFlCW2P+8ixGiRkXiZftSFgjbSWJ750ewGhag+ISDX9hAbF4B X4m/mzeyQ+y6xyix4+tGsKGcAoES01Y/ArMZBcQkvp+CWMAsIC5x68l8JoirBSSW7DnPDGGL Srx8/I8VwlaSaFzyBOq4fIlp5y4yQywTlDg58wnLBEaRWUhGzUJSNgtJ2Sygl5kFNCXW79KH KFGUmNL9kB3C1pBonTOXHVl8ASP7KkbR4tTipNx0I2O91KLM5OLi/Dy9vNSSTYzAaDu45bfq DsbLbxwPMQpwMCrx8Dr4GkUKsSaWFVfmHmKU4GBWEuH1DwIK8aYkVlalFuXHF5XmpBYfYpTm YFES53XcdyFCSCA9sSQ1OzW1ILUIJsvEwSnVwGgsNVs8yvCHpKOchMXav9vTVt22uXHKa7eI if+aoHPsSnveF4r5H1rpLXhI+slP+wOHJs1jft5m+PEYu/Dk8C7x5zF3jPaWHor7wXjk9c6L i5KMT1r+OLrh7e+wE/P7GJ8v+sAUrrPWYHIZO9Oed5U/hSOke6b65p2ZquqVd1bz+LPJEzxs lmQosRRnJBpqMRcVJwIAQis9x7ICAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/tXsF54ml7GkaFIAEQQqWw4rkUE8>
Subject: Re: [MMUSIC] actpass redux
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Jun 2017 07:06:17 -0000

Hi,

For subsequent offers, draft-dtls-sdp says SHOULD-use-actpass-MAY-use-something-else.

We can apply that SHOULD to initial offers if people want to.

Regards,

Christer

From: mmusic [mailto:mmusic-bounces@ietf.org] On Behalf Of Roman Shpount
Sent: 02 June 2017 23:16
To: Eric Rescorla <ekr@rtfm.com>
Cc: mmusic WG <mmusic@ietf.org>
Subject: Re: [MMUSIC] actpass redux

Just to provide the historic background for this change. We have discussed setup role in subsequent offers with Christer before IETF95 and decided to remove the text that setup MUST be actpass in all the offers. This removed this requirement from the initial offers as well (even though they weren't discussed at that time).

Now we have three options:

1. setup can be whatever application wants in all offers (current text)
2. setup MUST be actpass in initial offer and whatever application wants in subsequent (or, alternatively actpass or negotiated role in subsequent offers).
3. setup MUST be actpass in all the offers (back to RFC 5763)

My top preference is that setup SHOULD be actpass in all the offers. Second preference is 1 and hope that application will do the right thing.

From my point of view 2 is strange, since there is no principal difference between initial and subsequent offers, especially when 3pcc comes into play. Any offer can end up being subsequent for one end point and initial for another.

I also think that RFC 5763 requirement is too strong. There are implementations which send offers without actpass so it is already violated. There are also legitimate scenarios where sending current role (subsequent offers without ICE restart) or active (endpoints with basic UDP behind NAT) makes more sense.

Regards,

_____________
Roman Shpount

On Fri, Jun 2, 2017 at 2:02 PM, Roman Shpount <roman@telurix.com<mailto:roman@telurix.com>> wrote:
Hi All,

There was a discussion regarding the setup attribute value in subsequent offers when establishing new DTLS association is not desired. Based on that discussion it was decided that setup value can be either currently negotiated value or actpass. There are also UDP/DTLS without STUN NAT traversal scenarios that only work when end point behind NAT is active. I think sending actpass in offers is a generally safer option, but I think SHOULD here is more appropriate then MUST.

Please note that https://tools.ietf.org/html/rfc5763#section-5 says:

The endpoint MUST use the setup attribute defined in [RFC4145]. The endpoint that is the offerer MUST use the setup attribute value of setup:actpass and be prepared to receive a client_hello before it receives the answer.

This applies not only to initial but to ALL offers.

Finally, I can double check, but I am fairly sure there are current implementation that violate this rule.

Regards,

_____________
Roman Shpount

On Fri, Jun 2, 2017 at 12:44 PM, Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>> wrote:
Hi folks,

RFC 5763 required (and JSEP imported) that all offers include

  a=setup:actpass

However, assuming I am reading:
  https://tools.ietf.org/html/draft-ietf-mmusic-dtls-sdp-24

correctly, S 4.2 allows the initial offer to contain anything,
though encourages actpass:

   When an offerer sends the initial offer, the offerer MUST insert an
   SDP 'setup' attribute according to the procedures in [RFC4145], and
   one or more SDP 'fingerprint' attributes according to the procedures
   in [RFC8122].  In addition, the offerer MUST insert in the offer an
   SDP 'tls-id' attribute with a unique value.

   If the offerer inserts the SDP 'setup' attribute with an 'actpass' or
   'passive' attribute value, the offerer MUST be prepared to receive a
   DTLS ClientHello message (if a new DTLS association is established by
   the answerer) from the answerer before the offerer receives the SDP
   answer.

For subequent offers, it also gives flexibility but points at 4145.


So...

1. Changing the behavior for initial offers seems like it presents
a serious interop risk, because previously you could depend on
the offer being actpass.

2. JSEP requires actpass for all offers, so at least it's stricter.


What was the rationale for these changes? Feel free to point me at the
mailing list discussion where that happened.

-Ekr
 Hi folks,

RFC 5763 required (and JSEP imported) that all offers include

  a=setup:actpass

However, assuming I am reading:
  https://tools.ietf.org/html/draft-ietf-mmusic-dtls-sdp-24

correctly, S 4.2 allows the initial offer to contain anything,
though encourages actpass:

   When an offerer sends the initial offer, the offerer MUST insert an
   SDP 'setup' attribute according to the procedures in [RFC4145], and
   one or more SDP 'fingerprint' attributes according to the procedures
   in [RFC8122].  In addition, the offerer MUST insert in the offer an
   SDP 'tls-id' attribute with a unique value.

   If the offerer inserts the SDP 'setup' attribute with an 'actpass' or
   'passive' attribute value, the offerer MUST be prepared to receive a
   DTLS ClientHello message (if a new DTLS association is established by
   the answerer) from the answerer before the offerer receives the SDP
   answer.

For subequent offers, it also gives flexibility but points at 4145.


So...

1. Changing the behavior for initial offers seems like it presents
a serious interop risk, because previously you could depend on
the offer being actpass.

2. JSEP requires actpass for all offers, so at least it's stricter.


What was the rationale for these changes? Feel free to point me at the
mailing list discussion where that happened.

-Ekr


_______________________________________________
mmusic mailing list
mmusic@ietf.org<mailto:mmusic@ietf.org>
https://www.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email