IETF Logo Mail Archive

Re: [MMUSIC] actpass redux

Eric Rescorla <ekr@rtfm.com> Mon, 12 June 2017 12:33 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 747D812EAA8 for <mmusic@ietfa.amsl.com>; Mon, 12 Jun 2017 05:33:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s7_fAtEe1ifg for <mmusic@ietfa.amsl.com>; Mon, 12 Jun 2017 05:33:15 -0700 (PDT)
Received: from mail-yb0-x235.google.com (mail-yb0-x235.google.com [IPv6:2607:f8b0:4002:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE39512EAAB for <mmusic@ietf.org>; Mon, 12 Jun 2017 05:33:14 -0700 (PDT)
Received: by mail-yb0-x235.google.com with SMTP id 4so26426960ybl.1 for <mmusic@ietf.org>; Mon, 12 Jun 2017 05:33:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=vTD3nTIYUb0DrMmlG+UNwu8Db/2tLQeQtP0/6un8Dug=; b=iy7/tmh3BVXYZc8muMMzyJ1InmSOyBesRislPjiH6o6hfvgEUnxGpDaTUDu3k2wxDH Mn/4DrBMpWO/D3UvvyFgDX+T8NWgQeGtpQbR4ChUDruxQ8TSsNukuZQrkeIzXPV3w9Gj 8Ar1cJ4GJj+GKZsfAYbuqWkesl7SvxfOdYEsvG75zFLRLV9QcsVNUXibvHekSZzKBdzy tsVrPU8JHKVHE/1SvRr1IsyOLVj4cq/Ho3Bftqi7FdfQitvpD0AnU0o2HbZLYsSOj0Ta i6ncbiDCOi6yqjIw6DDEfGD1O91V/umwZL7zr7EuM5tguNnTJYkFhDqfpldwvn3pvoM3 CaAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=vTD3nTIYUb0DrMmlG+UNwu8Db/2tLQeQtP0/6un8Dug=; b=pEQnEgLeeyxNyFYxNw52paR7yn969aCjXDE86p5slezIENhBUcHsqQ+nkeWeZg6ecS j4JSqpuQRiQmRyX17uzAPI/StFToxDBE9VyoMoJANHdk7LQQy3JK+Wbl+A1iu6F8NFce 79/+rEtH6mSwr+qgsC3bWmRN2Uj8dZEKtLP4j2mBGurEh06x6QIn0Rg2Sr8bYMbMuU1N 5J+5nyb23+92b6tSdztg4WZe9xljgCxuKzfsvkDsmT3fcF3I4sbmkAkdYkBV+p7pCC4n LtLu5YhrRrGvem2vXcNdeUPKTanDK6JQfwIt4gVCBAVgp7Nh2FOb69VQa78Du8jhMeuR GBLw==
X-Gm-Message-State: AODbwcAVxKOK69QKo36zbZjgtTPGiRcy64dOgKaf5iayBM5q2GhdQNP/ LdrBnCoEpQGsiEyUxBEDpSOYb1pFXmse
X-Received: by 10.37.44.72 with SMTP id s69mr23556717ybs.89.1497270793904; Mon, 12 Jun 2017 05:33:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.13.215.144 with HTTP; Mon, 12 Jun 2017 05:32:33 -0700 (PDT)
In-Reply-To: <D56454AB.1E2C9%christer.holmberg@ericsson.com>
References: <CABcZeBMd2BZgyeFnqafTVyGga4FMoK0xJkPCv0y_wvmBWsg+xg@mail.gmail.com> <CAD5OKxvwgvm3Q4HsCYsewZjRS9ty_g34n9+x87vfLW4Omcm8mw@mail.gmail.com> <CAD5OKxuNvnBgpv7BO3fv27ASu5AMugh4-LNpq1r8ga5OtqD_nw@mail.gmail.com> <CABcZeBNELXgQjuYfsrJG9NCsQz8Tox8d3ktvoo3nqPgjESEXZw@mail.gmail.com> <6355EA0B-2C28-4D47-9600-F64F898BFC86@iii.ca> <CAD5OKxttSJ+0Gr2r1=duXe2RVnMeMoTFQ9kG_qUbVUZgiiB3kA@mail.gmail.com> <14ED932A-FCC7-4C4A-93BB-627A4E55F552@iii.ca> <c6a3c314-7089-19f6-5d67-f7ea77f97894@comcast.net> <CAD5OKxsd0saF1bLAORon25wk+MwyoCC6AkP-wSfEmYP7MNzV3Q@mail.gmail.com> <CABcZeBOKvGEWJUDvxfBcXn2DTmFyb8hvp8mD=NMj1-bum3tLFw@mail.gmail.com> <D5641A33.1E1FE%christer.holmberg@ericsson.com> <CABcZeBPK5T-=S14+U7LHhwPH0TQ9CHv32qVzZd4XUevNKcuXnQ@mail.gmail.com> <D56454AB.1E2C9%christer.holmberg@ericsson.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 12 Jun 2017 13:32:33 +0100
Message-ID: <CABcZeBOXOEaEbtBDzyPi63j-ZTYmZs5e=9raOcTFy9=KONBHsw@mail.gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Cc: Roman Shpount <roman@telurix.com>, Paul Kyzivat <paul.kyzivat@comcast.net>, "mmusic@ietf.org" <mmusic@ietf.org>
Content-Type: multipart/alternative; boundary="001a11432adecdba390551c28510"
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/v5H6Uw799haDD2a58csel-PyaoQ>
Subject: Re: [MMUSIC] actpass redux
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Jun 2017 12:33:17 -0000

On Mon, Jun 12, 2017 at 12:25 PM, Christer Holmberg <
christer.holmberg@ericsson.com> wrote:

> Hi,
>
>
>> First, one of the reasons we update specs is because there are usages
>> etc, that people weren’t aware of when the original spec was published,
>> that we think we need to cover. So, rather than just saying that we don’t
>> care about non-comformant endpoints, we should ask WHY they are
>> non-comformant. Is there a specific use-case behind? If so, do we need to
>> cover that use-case?
>>
>
> Yes, and one of the things we have to keep in mind is not breaking
> conformant endpoints.
>
> *"Be conservative in what you send, be liberal in what you accept”*
>

https://datatracker.ietf.org/doc/draft-thomson-postel-was-wrong/



As far as I understand, we would still mandate endpoints to support
> receiving non-actpass values.
>

I don't believe that 5763-conformant endpoints are in fact required to do
so, and
therefore it's not appropriate to break them by allowing people to send
actpass
in initial offers when offering DTLS-SRTP.

-Ekr



>
> Second, keep in mind that while RFC 5763 is for DTLS-SRTP, draft-dtls-sdp
>> is GENERIC - one of the main reasons we do the spec in the first place is
>> to have the DTLS-related O/A procedures in one place. And, RFC 7345
>> (UDPTL-DTLS) DOES allow non-actpass values in the offer:
>>
>> 	"The offerer SHOULD assign the SDP "setup" attribute with a value of
>>    	"actpass", unless the offerer insists on being either the sender or
>>    	receiver of the DTLS ClientHello message,"
>>
>> draft-dtls-sdp replaces that text with a reference to draft-dtls-sdp, and
>> by mandating actpass we would remove a valid option for UDPTL-DTLS. Sure,
>> we can do that, but it cannot be based on a claim that existing endpoints
>> are non-comformant.
>>
>> And, I do NOT think we want to allow non-actpass for some usages (e.g.,
>> UDPTL-DTLS), and forbid it for other usages (e.g., DTLS-SRTP), because that
>> would go against the purpose of having generic DTLS O/A procedures.
>>
>
> Well, given that we apparently have incompatible existing RFCs, I'm not
> sure I see any alternative.
>
> I object to that – we basically would have to update the spec every time
> there is a new data type, or define the type-specific O/A procedures in a
> separate spec – which is what has been previously been done.
>
> I think our aim should be to have generic procedures, even if that means
> we have to change procedures some existing RFCs.
>



> From: mmusic <mmusic-bounces@ietf.org> on behalf of Eric Rescorla <
> ekr@rtfm.com>
> Date: Saturday 10 June 2017 at 12:34
> To: Roman Shpount <roman@telurix.com>
> Cc: Paul Kyzivat <paul.kyzivat@comcast.net>, "mmusic@ietf.org" <
> mmusic@ietf.org>
> Subject: Re: [MMUSIC] actpass redux
>
>
>
> On Fri, Jun 9, 2017 at 7:23 PM, Roman Shpount <roman@telurix.com> wrote:
>
>> On Fri, Jun 9, 2017 at 2:00 PM, Paul Kyzivat <paul.kyzivat@comcast.net>
>> wrote:
>>
>>> On 6/9/17 9:17 AM, Cullen Jennings wrote:
>>>
>>>>
>>>> On Jun 8, 2017, at 6:49 PM, Roman Shpount <roman@telurix.com> wrote:
>>>>>
>>>>>   Because of this, I think for the best interop, offerer MUST specify
>>>>> actpass for both initial and subsequent offers but answerer MUST be able to
>>>>> handle active and passive setup roles as well.
>>>>>
>>>>
>>>> that works for me
>>>>
>>>
>>> I don't understand what this accomplishes. If you must be able to accept
>>> anything in a received offer, then what is gained by restricting what can
>>> be used in an offer?
>>>
>>
>> This is all because of legacy interop. There are legacy end points that
>> send non-actpass, so end point MUST be able to accept active and passive to
>> interop with such legacy devices.
>>
>
> Those legacy endpoints are clearly noncomformant, so I'm not sure I care
> about breaking them,
>
>
>
>> There are also legacy end points that only expect actass so end point
>> MUST only send actpass to interop with such devices.
>>
>
> These legacy endpoints are conformant, which is why it's important to
> accommodate them
>
> -Ekr
>
>
>> _____________
>> Roman Shpount
>>
>>
>> _______________________________________________
>> mmusic mailing list
>> mmusic@ietf.org
>> https://www.ietf.org/mailman/listinfo/mmusic
>>
>>
>
>
>

v2.23.0 | Report a Bug | By Email