[Perc] Comments on: draft-ietf-perc-dtls-tunnel-00.txt
Eric Rescorla <ekr@rtfm.com> Fri, 24 March 2017 00:04 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CD5AF128B4E for <perc@ietfa.amsl.com>; Thu, 23 Mar 2017 17:04:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptqiQ_IupsGm for <perc@ietfa.amsl.com>; Thu, 23 Mar 2017 17:04:29 -0700 (PDT)
Received: from mail-yw0-x235.google.com (mail-yw0-x235.google.com [IPv6:2607:f8b0:4002:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11E0D1275C5 for <perc@ietf.org>; Thu, 23 Mar 2017 17:04:29 -0700 (PDT)
Received: by mail-yw0-x235.google.com with SMTP id v76so158149308ywg.0 for <perc@ietf.org>; Thu, 23 Mar 2017 17:04:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=JyclcgiFj67DKURsYC5kIEn9Kqaha2LMHyiu9erLL2A=; b=Eud+2QsrTzgYgj/ll9BEHyKUYJ+Hml6veOqhCHOQDwq22JCo4axXQ5dFu+HUgJR1Dj QhenbCI5QxtI+IqGbu9t21SqrOW2l59tlW/TMtGPZe0e8pBJIoI6vvu8SQuuJ7KNsDKW 9qL9nAduuC0MtssG9H5KgMWLKj31f673WsPK1c72ftPrZte626GxBWqQ+XhmrLKBwnej oRf0s8COB2PfvDsgTBIKyDB9ePzgeHWO7oHp9AZ1kZIoQMpe5wF4q1SCeKK9iava0wsT gS/7lrEhDKxwRYzpFytVt9Sc8w4YKvFV/kp1XnGUHzWN+kO7+KSZ79YSuP5uB53BK/tB Qx2A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=JyclcgiFj67DKURsYC5kIEn9Kqaha2LMHyiu9erLL2A=; b=oHszRUTXBbhlekwXEIfD2gpOOlga2c0EEBsilxleDwtZ7gPa0WYqyUczm1RFFf0azX ciW5QgoG+ZaWbO6VEJ5sW07d7JASIjpJX0lqQ/2IQ83cUoyTk7JMKOxHywtr4JOJq1D3 maSNOyFSojWEAbJZxQTVzOc1Au0hbn5WpMAkud6LFUQQWTZiJnrRLtpzPevJQCtdNVy6 tLjTIvvK24l+l0RlmMTekP6M+U+K8uWw5sWKh25xo+SoN6YHlz/OY4LQ40mY912qzvxz AkfV5VJ7D9Ie8ZOujZz5BN+hjDRo8wi19OccjNUPNRhRU31QKCAoG8/TrOmGOMWzdk3y 4bRA==
X-Gm-Message-State: AFeK/H0Ybmn7iKjJGLe9h/agMTt1WobxhyWAyEkv+nkSX/O10R8Av6/BlEtJ95ceJ458oWtKHFsJyJNjUKyiXg==
X-Received: by 10.129.152.22 with SMTP id p22mr4259964ywg.276.1490313868013; Thu, 23 Mar 2017 17:04:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.129.154.210 with HTTP; Thu, 23 Mar 2017 17:03:47 -0700 (PDT)
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 23 Mar 2017 17:03:47 -0700
Message-ID: <CABcZeBPmy8kKtN58-Q28kDhRu0320a5uDcbEXh+f2ZunYsQX=w@mail.gmail.com>
To: perc@ietf.org
Content-Type: multipart/alternative; boundary="94eb2c0b8fb4b5160f054b6ebc08"
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/5cXbuLlaO8x3DVLbs-whPjAQZ5Q>
Subject: [Perc] Comments on: draft-ietf-perc-dtls-tunnel-00.txt
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2017 00:04:31 -0000
This looks mostly OK. Comments below.
I'm not sure I'm excited about having the version # in every message.
That seems like a recipe for mess. Why not just have it in the first
message?
S 5.4.
subsequently include this identifier in all messages it sends so that
the media distributor can map messages received via a tunnel and
forward those messages to the correct endpoint. The association
identifier SHOULD be randomly assigned and values not be re-used for
a short period of time (e.g., five minutes) to ensure any residual
state in the key distributor is clear and to ensure any packets
already transmitted from the key distributor are not directed to the
wrong endpoint.
Why don't you just generate a longer identifier and guarantee non-reuse?
It's not like you are short on bandwidth in this channel.
S 6.1.
enum {
unsupported_version(1),
supported_profiles(2),
media_keys(3),
tunneled_dtls(4),
endpoint_disconnect(5),
(255)
} MsgType;
struct {
uint8 version;
MsgType msg_type;
select (MsgType) {
case unsupported_version: UnsupportedVersion;
case supported_profiles: SupportedProfiles;
case media_keys: MediaKeys;
case tunneled_dtls: TunneledDtls;
case endpoint_disconnect: EndpointDisconnect;
} body;
} TunnelMessage;
Generally, it's a good idea to have TunnelMessages have a length in
a deterministic place as this allows one to make a generic message
parser before you look at the type.
Nit:
This message contains this single element: * protection_profiles: The
list of two-octet SRTP protection profile values as per [RFC5764]
supported by the media distributor.
You have a formatting glitch here.
- [Perc] Comments on: draft-ietf-perc-dtls-tunnel-0… Eric Rescorla
- Re: [Perc] Comments on: draft-ietf-perc-dtls-tunn… Paul E. Jones