Re: [MMUSIC] Mirja Kühlewind's Discuss on draft-ietf-mmusic-dtls-sdp-28: (with DISCUSS and COMMENT)
"Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net> Tue, 15 August 2017 16:39 UTC
Return-Path: <ietf@kuehlewind.net>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C17412426E for <mmusic@ietfa.amsl.com>; Tue, 15 Aug 2017 09:39:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); domainkeys=pass (1024-bit key) header.from=ietf@kuehlewind.net header.d=kuehlewind.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CGV8Gx5rtp3t for <mmusic@ietfa.amsl.com>; Tue, 15 Aug 2017 09:39:32 -0700 (PDT)
Received: from kuehlewind.net (kuehlewind.net [83.169.45.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3122D132043 for <mmusic@ietf.org>; Tue, 15 Aug 2017 09:39:32 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=kuehlewind.net; b=asZWCRJXhHUnYfW/LyD/ZW2lcxrlBcnCntGZgI8l85Pr2e7zhfbDVsd9RQQ7AxyUTPz34Tk5QX4KdQ4lU0qUCvEc6C4VLLFtt36T4qu//M0QCSGyKMY27fyi1t0aoB9vHhUwlb4Bwc+YRFDPxH+90oylAx6de3ry8pfpfamcxS4=; h=Received:Received:Content-Type:Mime-Version:Subject:From:In-Reply-To:Date:Cc:Content-Transfer-Encoding:Message-Id:References:To:X-Mailer:X-PPP-Message-ID:X-PPP-Vhost;
Received: (qmail 26436 invoked from network); 15 Aug 2017 18:32:48 +0200
Received: from p5dec2e26.dip0.t-ipconnect.de (HELO ?192.168.178.33?) (93.236.46.38) by kuehlewind.net with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 15 Aug 2017 18:32:46 +0200
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: "Mirja Kuehlewind (IETF)" <ietf@kuehlewind.net>
In-Reply-To: <CABcZeBOZURWnzUZ02kDKP9Kd1O4UrvasAbpObALgshyws48mfg@mail.gmail.com>
Date: Tue, 15 Aug 2017 18:32:46 +0200
Cc: The IESG <iesg@ietf.org>, draft-ietf-mmusic-dtls-sdp@ietf.org, mmusic-chairs@ietf.org, Flemming Andreasen <fandreas@cisco.com>, mmusic WG <mmusic@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8CB35BF7-2533-4BE0-8608-EFEC3430FE2D@kuehlewind.net>
References: <150280844371.21102.10635571599929348708.idtracker@ietfa.amsl.com> <CABcZeBOZURWnzUZ02kDKP9Kd1O4UrvasAbpObALgshyws48mfg@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.3273)
X-PPP-Message-ID: <20170815163247.26427.6809@lvps83-169-45-111.dedicated.hosteurope.de>
X-PPP-Vhost: kuehlewind.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/yAq0FYnza3t1WpDN0zfQ5esAZKY>
Subject: Re: [MMUSIC] Mirja Kühlewind's Discuss on draft-ietf-mmusic-dtls-sdp-28: (with DISCUSS and COMMENT)
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Aug 2017 16:39:34 -0000
Hi Ekr, thanks for you quick reply. See below. > Am 15.08.2017 um 18:04 schrieb Eric Rescorla <ekr@rtfm.com>: > > > > On Tue, Aug 15, 2017 at 7:47 AM, Mirja Kühlewind <ietf@kuehlewind.net> wrote: > Mirja Kühlewind has entered the following ballot position for > draft-ietf-mmusic-dtls-sdp-28: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-mmusic-dtls-sdp/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > This is nothing big and should be easy to fix: > > On section 7.1, of course... > "If DTLS is transported on top of a connection-oriented transport > protocol (e.g., TCP or SCTP), where all IP packets are acknowledged, > > Incidentally, this text is not true, because IP packets are not necessarily > acknowledged. It is upper-level PDUs which are acknowledged. Right! Good catch! > > > all DTLS packets associated with a previous DTLS association MUST be > acknowledged (or timed out) before a new DTLS association can be > established on the same instance of that transport (5-tuple)." > I don't think this would be necessary for QUIC. The point here is, I believe, > not the fact that TCP and SCTP are connection-oriented, but that > re-transmissions cannot be easily distinguished from the original packet. So > the point is rather the use of a reliable protocol that retransmits in a > specific way. However, why would you use DTLS with TCP instead of TLS? > > ICE can switch-hit between UDP and TCP (sometimes mid-connection) and the > consensus was that it was much easier to run the same protocol over the > channel below (i.e., DTLS) rather than try to switch between TLS and DTLS. > > > And I > also don't think you want to use DTLS with QUIC because it has it's own crypto. > > Quite possibly, but in that case this whole document just won't apply to QUIC. Yes. > > > I guess the recommendation should rather be that reliable transports should use > TLS, and if DTLS is needed a new DTLS connection can only be established if > there is not retransmission ambiguity which is always the case when all > outstanding packets are ack'ed or considered lost (timed out). > > It's not just retransmission ambiguity but also reordering. That said, I'm not sure > this text is going down a useful line, and I'll take a look at that in my review. Right! Thanks! > > -Ekr > > Or am I missing > the point? > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > A couple mostly editorial comments: > - Probably a nit: In section 3.2 'must' is used while in section 3.3 'MUST' is > used. I would assume that both sections should probably use the same. > > - in sec 5.1: "Because of > this, if an unordered transport is used for the DTLS association, a > new transport (3-tuple) must be allocated by at least one of the > endpoints so that DTLS packets can be de-multiplexed." > Why is this a 3-tuple (instead of a 5-tuple)? I guess you talk about the source > address, source port, transport 3-tuple? May say this more explicitly. Also > the word of the use transport is confusing to me here because it's used for the > transport protocol as well as for the transport 'connection' (if a > connection-oriented transport protocol is used). Maybe s/new transport/new > flow/? Moreover, there should probably be a 'MUST' here instead of 'must'! > > - sec 5.2:"In addition, the offerer MUST insert in the > offer an SDP 'tls-id' attribute with a unique attribute value." > Is that a MUST or rather a SHOULD? The rest of the text reads like this should > be a SHOULD. > > - Shouldn't this document cite RFC6347 normatively, e.g. here (sec 5.3): > "... the answerer MUST initiate a DTLS handshake by sending a > DTLS ClientHello message towards the offerer." > > - I would like to see more discussion about linkability based on the > introduction of the "tls-id" in the security considerations section. > > >
- [MMUSIC] Mirja Kühlewind's Discuss on draft-ietf-… Mirja Kühlewind
- Re: [MMUSIC] Mirja Kühlewind's Discuss on draft-i… Eric Rescorla
- Re: [MMUSIC] Mirja Kühlewind's Discuss on draft-i… Mirja Kuehlewind (IETF)
- Re: [MMUSIC] Mirja Kühlewind's Discuss on draft-i… Roman Shpount