Re: [Perc] Comments on: draft-ietf-perc-dtls-tunnel-00.txt
"Paul E. Jones" <paulej@packetizer.com> Fri, 24 March 2017 02:09 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 633C1129C27 for <perc@ietfa.amsl.com>; Thu, 23 Mar 2017 19:09:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=packetizer.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yHLQVozdBLx4 for <perc@ietfa.amsl.com>; Thu, 23 Mar 2017 19:09:32 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11444129A7C for <perc@ietf.org>; Thu, 23 Mar 2017 19:09:31 -0700 (PDT)
Received: from [192.168.1.20] (cpe-098-122-167-029.nc.res.rr.com [98.122.167.29] (may be forged)) (authenticated bits=0) by dublin.packetizer.com (8.15.2/8.15.2) with ESMTPSA id v2O29U13025370 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 23 Mar 2017 22:09:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1490321371; bh=dh8c8faJ5ruhMC6aur0OYWlxBiPucM6sZt+MhF+axbg=; h=From:To:Subject:Date:In-Reply-To:References:Reply-To; b=O1YJ2EDFfpXS96d480SSBtKRevZARtf1ZsTtd2KrqayH5gERExmG468h8BkwLQSqn ijaL6ylYqsaquZkesQwHhK6/f2S1qI6N8mBlxcjsrD35m6r/cV8h3yO6uYDCSCSWtB 4gn5KQQ9X+XVqQSPVlckmyZ/PrAfSwOgYmvjTsWA=
From: "Paul E. Jones" <paulej@packetizer.com>
To: Eric Rescorla <ekr@rtfm.com>, perc@ietf.org
Date: Fri, 24 Mar 2017 02:09:32 +0000
Message-Id: <emc87df832-08c9-48f6-85b8-1d02a5db21ae@sydney>
In-Reply-To: <CABcZeBPmy8kKtN58-Q28kDhRu0320a5uDcbEXh+f2ZunYsQX=w@mail.gmail.com>
References: <CABcZeBPmy8kKtN58-Q28kDhRu0320a5uDcbEXh+f2ZunYsQX=w@mail.gmail.com>
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
User-Agent: eM_Client/7.0.28492.0
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="------=_MB7A3116D3-C1DB-4795-8617-71F475B2DB23"
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.1 (dublin.packetizer.com [10.165.122.250]); Thu, 23 Mar 2017 22:09:31 -0400 (EDT)
Archived-At: <https://mailarchive.ietf.org/arch/msg/perc/QoNMsIvYKXmTioxAOxcYVmo2Fik>
Subject: Re: [Perc] Comments on: draft-ietf-perc-dtls-tunnel-00.txt
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2017 02:09:34 -0000
Ekr,
>I'm not sure I'm excited about having the version # in every message.
>That seems like a recipe for mess. Why not just have it in the first
>message?
Yeah, that could be done. We could move the version field to the
"SupportedProfiles" message and require that the key distributor send
the version error if that message contains an incompatible version.
Then, we could put a version field into the "UnsupportedVersion" message
I think that would be sufficient.
>S 5.4.
> subsequently include this identifier in all messages it sends so
>that
> the media distributor can map messages received via a tunnel and
> forward those messages to the correct endpoint. The association
> identifier SHOULD be randomly assigned and values not be re-used for
> a short period of time (e.g., five minutes) to ensure any residual
> state in the key distributor is clear and to ensure any packets
> already transmitted from the key distributor are not directed to the
> wrong endpoint.
>
>Why don't you just generate a longer identifier and guarantee
>non-reuse?
>It's not like you are short on bandwidth in this channel.
Something like a 128-bit random value? A UUID? We could do that and
avoid state maintenance.
>S 6.1.
> enum {
> unsupported_version(1),
> supported_profiles(2),
> media_keys(3),
> tunneled_dtls(4),
> endpoint_disconnect(5),
> (255)
> } MsgType;
>
> struct {
> uint8 version;
> MsgType msg_type;
> select (MsgType) {
> case unsupported_version: UnsupportedVersion;
> case supported_profiles: SupportedProfiles;
> case media_keys: MediaKeys;
> case tunneled_dtls: TunneledDtls;
> case endpoint_disconnect: EndpointDisconnect;
> } body;
> } TunnelMessage;
>
>Generally, it's a good idea to have TunnelMessages have a length in
>a deterministic place as this allows one to make a generic message
>parser before you look at the type.
Good point. I think this was a left-over from when we assumed use of
DTLS to tunnel DTLS, so length was the length of the packet. We do need
something for TLS, so I'll put in a length field before or after
msg_type.
>Nit:
> This message contains this single element: * protection_profiles:
>The
> list of two-octet SRTP protection profile values as per [RFC5764]
> supported by the media distributor.
>
>You have a formatting glitch here.
Indeed. Well, that sucks. My markdown tool failed me. I'll hack the
text or fix the markdown tool. :)
Paul
- [Perc] Comments on: draft-ietf-perc-dtls-tunnel-0… Eric Rescorla
- Re: [Perc] Comments on: draft-ietf-perc-dtls-tunn… Paul E. Jones