IETF Logo Mail Archive

Re: [rtcweb] Review of draft-ietf-rtcweb-stun-consent-freshness

Emil Ivov <emcho@jitsi.org> Thu, 21 May 2015 20:01 UTC

Return-Path: <emcho@sip-communicator.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4EEB1A8A12 for <rtcweb@ietfa.amsl.com>; Thu, 21 May 2015 13:01:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vssXRC08kitL for <rtcweb@ietfa.amsl.com>; Thu, 21 May 2015 13:01:27 -0700 (PDT)
Received: from mail-ob0-f178.google.com (mail-ob0-f178.google.com [209.85.214.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76BAE1A8A39 for <rtcweb@ietf.org>; Thu, 21 May 2015 13:01:26 -0700 (PDT)
Received: by obcus9 with SMTP id us9so68457781obc.2 for <rtcweb@ietf.org>; Thu, 21 May 2015 13:01:26 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=UNsiDaeFZhMSU+gAw5z06sCirqMPHv7uf/In5ASMHiY=; b=B9PFi1TwXCbmka/fn6WxMNfUsdRGZyC66IaXhUTwPdMoP8tI9DhF/ZxphdqEEPZ7st 1x9QZADnWxCwCqaojlR8q2JK2thw9ZJM+qnx/rpIhxuVWtHTdOipiVLDZVYRhzJ+fNKg imFDmrn0Ska8IVLgsPmt/hdCmZIUamqpJyb58htX4F/0z5TjtVtvDS2x4WpUyUJiPZeK ThDdcU4OJnqKg3gzJjgnMfsQQRDWr93DC7OCBGh1w2Q7uaBgzfyJYmkWxCXNjs1lhQZg kdZHWvEQLnKz9+sdVpfmz08JCvnHrb1CBcmBpU82zLAVnFSEMNwCBtEojiScM8s9cegD rCFw==
X-Gm-Message-State: ALoCoQkfkl2M29WT0TQkB4096u7ePA6CgSCn2oxivxcx3CuMpnZV75uAEhgQy6OSzXkwlaAO0dpS
X-Received: by 10.182.70.100 with SMTP id l4mr3658155obu.77.1432238485953; Thu, 21 May 2015 13:01:25 -0700 (PDT)
Received: from camionet.local (9.6.69.91.rev.sfr.net. [91.69.6.9]) by mx.google.com with ESMTPSA id s3sm12650892obt.27.2015.05.21.13.01.24 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 May 2015 13:01:25 -0700 (PDT)
Message-ID: <555E3991.9010809@jitsi.org>
Date: Thu, 21 May 2015 22:01:21 +0200
From: Emil Ivov <emcho@jitsi.org>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Bernard Aboba <bernard.aboba@gmail.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>, The IESG <iesg@ietf.org>
References: <CAOW+2dsv8CVpaKoBsUvc5MGh2s3xD2J5NiXPAnFUMOhYqSmjzQ@mail.gmail.com>
In-Reply-To: <CAOW+2dsv8CVpaKoBsUvc5MGh2s3xD2J5NiXPAnFUMOhYqSmjzQ@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/1fNtHb2MfGOqY2QyXi3EfrM3eZI>
Subject: Re: [rtcweb] Review of draft-ietf-rtcweb-stun-consent-freshness
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 May 2015 20:01:29 -0000

On 21.05.15 1:48, Bernard Aboba wrote:
> This is a review of draft-ietf-rtcweb-stun-consent-freshness.
>
> Overall, I believe that this document is not yet ready for publication
> as a proposed standard,
> due to transport-related issues.  Rather than building upon the RFC 5389
> transport model
> (including the transaction structure and RTT/RTO estimator), the
> specification proposes a
> new (and poorly specified) transport model that does not adapt properly
> to networks with differing transport characteristics.

I think we can easily fix this if we replace semantic usage of "STUN 
request" throughout the specification with "STUN transaction".

For example, in page 4 in the following paragraph:

    Each STUN binding request for consent MUST use a new
    cryptographically strong [RFC4086] STUN transaction ID.  Each STUN
    binding requests for consent is transmitted once only.  Hence, the
    sender cannot assume that it will receive a response for each consent
    request, and a response might be for a previous request (rather than
    for the most recently sent request).

replacing request with transaction we would get:

    Each STUN transaction MUST use a new cryptographically strong
    [RFC4086] STUN transaction ID.  Each STUN transaction for consent
    is transmitted once only. Hence, the sender cannot assume that it
    will receive a response for each consent transaction, and a response
    might be for a previous transaction (rather than for the most
    recently sent request).

The fact that this entire paragraphs becomes redundant after the change 
is probably good indication that we were basically defining STUN 
transactions ...

Obviously using transactions for every consent check would leave us with 
a couple of potential issues, like, what if you already have an ongoing 
STUN transaction and randomization tells you to start a new one. Those 
could be easily fixed however. For example, by simply starting the 
random timer after a STUN transaction has completed (as opposed to after 
sending the request).

Emil

-- 
https://jitsi.org

v2.23.0 | Report a Bug | By Email