IETF Logo Mail Archive

Re: [MMUSIC] FQDN Support Final Vote

Christer Holmberg <christer.holmberg@ericsson.com> Fri, 24 May 2019 19:33 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 20ADA1200F5 for <mmusic@ietfa.amsl.com>; Fri, 24 May 2019 12:33:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wJ_rNxUl4M55 for <mmusic@ietfa.amsl.com>; Fri, 24 May 2019 12:33:47 -0700 (PDT)
Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10051.outbound.protection.outlook.com [40.107.1.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9EE591200C4 for <mmusic@ietf.org>; Fri, 24 May 2019 12:33:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ycEQ+BGQ3BN+eDkOW51ilziFjNr6ntuxneo7TuRd43c=; b=iHyxAIVTIGGZb0SksmhWluHxHC0sghQ4jPGRg+pEb6f6fm7V4JMdHKwMqfaCvQBAWzJ2vtK4pmx5yeGgex4vbhAEWz1VXyYtRdvCwXTKvIzapX2obDEfwk33+QQ14epcDi6+VsTo4sP8gaGg5IFL7RN2CkmyC7+OYJkK2C4hYi4=
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com (10.170.245.23) by HE1PR07MB3401.eurprd07.prod.outlook.com (10.170.247.28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1943.12; Fri, 24 May 2019 19:33:43 +0000
Received: from HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321]) by HE1PR07MB3161.eurprd07.prod.outlook.com ([fe80::c999:f848:9abc:d321%6]) with mapi id 15.20.1922.016; Fri, 24 May 2019 19:33:43 +0000
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Flemming Andreasen <fandreas@cisco.com>, Bernard Aboba <bernard.aboba@gmail.com>, Suhas Nandakumar <suhasietf@gmail.com>
CC: mmusic WG <mmusic@ietf.org>
Thread-Topic: [MMUSIC] FQDN Support Final Vote
Thread-Index: AQHVD+mlwIgCIp9I/k6kBr0+k0McKqZ13fIAgARkuoCAADNtgP//0eSAgAAf2CyAAAziAIAAbPAA
Date: Fri, 24 May 2019 19:33:43 +0000
Message-ID: <214C40AA-6E58-4EB6-A707-52C4C42B582F@ericsson.com>
References: <CAMRcRGRnKRNL9t+c6AQ7L+vszaPrJvAuwVG6BhUuJovBRuc=NA@mail.gmail.com> <CAOW+2dtgBASYp7hbrj8rcC+bUWjmxQLxLfdYr0sMtdkTSsXo+w@mail.gmail.com> <5c44aa14-523d-a797-0002-7bf828585788@cisco.com> <B2BA676E-19D7-4C99-9059-0D0BAA256171@ericsson.com> <20e7ae31-4633-4851-1ae2-d755dfb66acc@cisco.com> <HE1PR07MB31613305D6274FD9526F2A9B93020@HE1PR07MB3161.eurprd07.prod.outlook.com> <d8abb288-0289-ea69-9709-72252fc8b10a@cisco.com>
In-Reply-To: <d8abb288-0289-ea69-9709-72252fc8b10a@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.19.0.190512
authentication-results: spf=none (sender IP is ) smtp.mailfrom=christer.holmberg@ericsson.com;
x-originating-ip: [178.55.236.10]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: dc72015c-42cc-4e30-9e3d-08d6e07ebb4e
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:HE1PR07MB3401;
x-ms-traffictypediagnostic: HE1PR07MB3401:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <HE1PR07MB34016F4A109AF17CC6DE730C93020@HE1PR07MB3401.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0047BC5ADE
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39860400002)(396003)(346002)(376002)(366004)(189003)(199004)(53754006)(316002)(44832011)(2906002)(76116006)(66476007)(66556008)(64756008)(99286004)(66446008)(73956011)(66946007)(36756003)(446003)(8676002)(81156014)(486006)(476003)(2616005)(6116002)(81166006)(11346002)(8936002)(68736007)(186003)(110136005)(305945005)(7736002)(3846002)(86362001)(26005)(71200400001)(71190400001)(478600001)(66066001)(83716004)(256004)(14444005)(14454004)(966005)(6512007)(6306002)(53936002)(6246003)(25786009)(6436002)(6486002)(4326008)(229853002)(82746002)(76176011)(53546011)(6506007)(102836004)(33656002)(58126008)(5660300002); DIR:OUT; SFP:1101; SCL:1; SRVR:HE1PR07MB3401; H:HE1PR07MB3161.eurprd07.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: ericsson.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: C84hCNrxDVMzaOcud0a4BpOnW1vaxVpnd2LkDbdiOuK34c3XijPDPH6SJCzwijtXjjcSDckzjlU0/MzzJ4MWlTuXu8KFK4pzaedRhuEl49YXluoXQj48yW0753YNi5255MP8RGRZYnd58xPtai5EgGmhrMUFZ3LwxLvHvbIQHhHP+x86i4IO9okoTQaW7Cm63lvnpX/0iWLkaAO3+kWcqAdnIwH2g4Loom1Mtk4IN8sITF2ijQgiJnDoiPUcaGLJ428oUTK7lUcuM4wgqwjVq4bLdwhGSlhgcfAm7DajzqS1uw/IFPn4s9/wA8AVdILqP968CbPRD2DmyFxZOYV71huUGjmD/yECtnoOo/0G//1FCGO/WZ06UERzCLJpepeKd2vLzng1WA6dKdihzjFUVGYDvPAcBJzDrHvpHzGP+Zs=
Content-Type: text/plain; charset="utf-8"
Content-ID: <79A1D1E722F8124C9E3287A6D1C087D8@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-Network-Message-Id: dc72015c-42cc-4e30-9e3d-08d6e07ebb4e
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 May 2019 19:33:43.1187 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: christer.holmberg@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB3401
Archived-At: <https://mailarchive.ietf.org/arch/msg/mmusic/yXRFz8iX4O0wu9x7d-xIVBAFCQM>
Subject: Re: [MMUSIC] FQDN Support Final Vote
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 May 2019 19:33:50 -0000

Hi,

>> As far as not allowing FQDN candidates is concerned, I think we have text. I have not seen any objection.
> I'm not clear on exactly what text you are agreeing to here. 

I am fine (and I have seen nobody object) to the following part of Roman's suggested text (with some modifications by myself), which is about discarding FQDN candidates:

"<connection-address>: :: is taken from RFC 4566 <<RFC4566>>. It is the IP address of the candidate, allowing for IPv4 addresses, IPv6 addresses,
and fully qualified domain names (FQDNs).  When parsing this field, an agent can differentiate  an IPv4 address and an IPv6 address by presence
of a colon in its value - the presence of a colon indicates IPv6.  An agent processing remote candidates MUST ignore candidate lines that include
candidates with FQDN or IP address versions that are not supported or recognized.  The procedures for handling FQDN candidates, and for agents
to indicate support of such procedures, need to be specified in an extension specification."


>> Now, in addition to that, Roman wants to cover FQDNs in c= lines. for “verification of ICE support”. If that is needed, could it be in a separate section and/or paragraph?
> Can you please provide a concrete text suggestion that satisfies your concerns. 

The second part of Roman's text covered that:

"If candidate with FQDN <connection-address> is the default destination/candidate, the "c=" address type MUST be set the IP address family for the 
FQDN DNS resolution result and the "c=" connection address MUST be set to FQDN. Differences in the "c=" line address family and type with FQDN 
resolution result MUST not cause ICE support verification failure."

I had some problems to parse the text, but that is probably only editorial. But, I *think* Suhas raised some technical issues with it.

One way could be to simply say that, if the c= line contains a FQDN, the agent simply does not look for a matching candidate. Because, if the agent is anyway going to discard FQDN candidates, why does it matter whether the c= line FQDN has a matching FQDN candidate?

Regards,

Christer


From: Flemming Andreasen mailto:fandreas@cisco.com
Sent: Friday, May 24, 2019 4:23:43 PM
To: Christer Holmberg; Bernard Aboba; Suhas Nandakumar
Cc: mmusic WG
Subject: Re: [MMUSIC] FQDN Support Final Vote 
 

On 5/24/19 9:08 AM, Christer Holmberg wrote:
Hi,
 
>I support that as well. 
>
>Christer: I'm not clear on what your vote is right now. 

My vote is to *not* support FQDN candidates, and add whatever text needed to explicitly indicate that.
If none of the 4 proposals work for you, can you please provide a concrete text suggestion we can take a look at. 

Thanks 

-- Flemming 


Regards,
Christer
 
On 5/21/19 1:59 PM, Bernard Aboba wrote:
Personally, I like the suggested text from Christer and Roman because it explicitly states that if FQDNs are not supported then the candidates must be ignored. 
 
On Tue, May 21, 2019 at 8:26 AM Suhas Nandakumar <mailto:suhasietf@gmail.com> wrote:
Hi All
 
  Below i have included 4 flavors of suggested text for FQDN support in ice-sip-sdp.  Let's agree on one and go with it (even it doesn't make us entirely happy)..  
 
 
RFC5245 Version 
"<connection-address>: is taken from https://tools.ietf.org/html/rfc4566 [https://tools.ietf.org/html/rfc4566]. It is the
      IP address of the candidate, allowing for IPv4 addresses, IPv6 addresses, and fully qualified domain names (FQDNs).  When parsing this field, an agent can differentiate an IPv4 address and an IPv6 address by presence of a colon in its value - the presence of a colon indicates IPv6.  An agent MUST ignore candidate lines that include candidates with IP address versions that are not supported or recognized.  An IP address SHOULD be used, but an FQDN MAY be used in place of an IP address.  In that case, when receiving an offer or answer containing an FQDN in an a=candidate attribute, the FQDN is looked up in the DNS first using an AAAA record (assuming the agent supports IPv6), and if no result is found or the agent only supports IPv4, using an A.  If the DNS query returns more than one IP address, one is chosen, and then used for the remainder of ICE processing.
ice-sip-sdp pre-22 version1
 
<connection-address>:  is taken from RFC 4566 [RFC4566].  It is the IP address of the candidate.  When parsing this field, an agent can differentiate an IPv4 address and an IPv6 address by presence of a colon in its value -- the presence of a colon indicates IPv6. An agent MUST ignore candidate lines that include candidates with IP address versions that are not supported or recognized.  An IP address SHOULD be used, but an FQDN MAY be used in place of an IP address.  In that case, when receiving an offer or answer containing an FQDN in an a=candidate attribute, the FQDN is looked up in the DNS first using an AAAA record (assuming the agent supports IPv6), and if no result is found or the agent only supports IPv4, using an A record.  The rules from section 6 of [RFC6724] is followed by fixing the source address to be one from the candidate pair to be matched against destination addresses
reported by FQDN, in cases where the DNS query returns more than one IP address.
ice-sip-sdp current version
<connection-address>:  is taken from RFC 4566 [RFC4566].  It is the
      IP address of the candidate.  When parsing this field, an agent
      can differentiate an IPv4 address and an IPv6 address by presence
      of a colon in its value -- the presence of a colon indicates IPv6.
      An agent MUST ignore candidate lines that include candidates with
      IP address versions that are not supported or recognized.  An IP
      address SHOULD be used, but an FQDN MAY be used in place of an IP
      address.  In that case, when receiving an offer or answer
      containing an FQDN in an a=candidate attribute, the FQDN is looked
      up in the DNS first using an AAAA record (assuming the agent
      supports IPv6), and if no result is found or the agent only
      supports IPv4, using an A record.  If a FQDN returns multiple IP
      addresses an agent MUST only use one of them throughout the
      duration of the ICE session.  Since an agent does not know whether
      the peer listens to the chosen IP address and port, it is
      RECOMMENDED to not use FQDNs that will resolve into multiple IP
      addresses.
 
Roman-Christer Version 
<connection-address>: :: is taken from RFC 4566 <<RFC4566>>.. It is the IP address of the candidate, allowing for IPv4 addresses, IPv6 addresses,
and fully qualified domain names (FQDNs).  When parsing this field, an agent can differentiate  an IPv4 address and an IPv6 address by presence
of a colon in its value - the presence of a colon indicates IPv6.  An agent processing remote candidates MUST ignore candidate lines that include
candidates with FQDN or IP address versions that are not supported or recognized..  The procedures for handling FQDN candidates, and for agents
to indicate support of such procedures, need to be specified in an extension specification. If candidate with FQDN <connection-address> is the
default destination/candidate, the "c=" address type MUST be set the IP address family for the FQDN DNS resolution result and the "c=" connection
address MUST be set to FQDN. Differences in the "c=" line address family and type with FQDN resolution result MUST not cause ICE support verification failure.
 
 
 
My vote is on current version since it is backward compatible with a warning that using FQDN is not recommended since it MAY lead to failure.
_______________________________________________
mmusic mailing list
mailto:mmusic@ietf.org
https://www.ietf.org/mailman/listinfo/mmusic

_______________________________________________
mmusic mailing list
mailto:mmusic@ietf.org
https://www.ietf.org/mailman/listinfo/mmusic



_______________________________________________
mmusic mailing list
mailto:mmusic@ietf.org
https://www.ietf.org/mailman/listinfo/mmusic

v2.23.0 | Report a Bug | By Email