[rtcweb] comments on draft-ietf-rtcweb-stun-consent-freshness-00

John Mattsson <john.mattsson@ericsson.com> Tue, 04 March 2014 17:41 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FDA21A0289 for <rtcweb@ietfa.amsl.com>; Tue, 4 Mar 2014 09:41:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.851
X-Spam-Level:
X-Spam-Status: No, score=-3.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 449RwomG7PG3 for <rtcweb@ietfa.amsl.com>; Tue, 4 Mar 2014 09:41:43 -0800 (PST)
Received: from mailgw2.ericsson.se (mailgw2.ericsson.se [193.180.251.37]) by ietfa.amsl.com (Postfix) with ESMTP id 351AF1A0284 for <rtcweb@ietf.org>; Tue, 4 Mar 2014 09:41:42 -0800 (PST)
X-AuditID: c1b4fb25-b7f038e000005d01-d4-53161052523e
Received: from ESESSHC019.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw2.ericsson.se (Symantec Mail Security) with SMTP id 68.D8.23809.25016135; Tue, 4 Mar 2014 18:41:38 +0100 (CET)
Received: from ESESSMB307.ericsson.se ([169.254.7.220]) by ESESSHC019.ericsson.se ([153.88.183.75]) with mapi id 14.02.0387.000; Tue, 4 Mar 2014 18:41:37 +0100
From: John Mattsson <john.mattsson@ericsson.com>
To: "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: comments on draft-ietf-rtcweb-stun-consent-freshness-00
Thread-Index: AQHPN9D9VQxOZ2H5PkqUHhzonfyQng==
Date: Tue, 4 Mar 2014 17:41:36 +0000
Message-ID: <CF3BC0D0.F115%john.mattsson@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
x-originating-ip: [153.88.183.154]
Content-Type: text/plain; charset="utf-8"
Content-ID: <E47A0961D05E9F479759AF8E9D2274D5@ericsson.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFjrALMWRmVeSWpSXmKPExsUyM+JvjW6QgFiwwaEF0hZr/7WzOzB6LFny kymAMYrLJiU1J7MstUjfLoEr482jycwF/4QrVn26xdLAuEe4i5GTQ0LARGL9/w52CFtM4sK9 9WxdjFwcQgKHGCUOTD8HlhASWMwocX2mNIjNJmAgMXdPAxuILSKgLnH54QWwGmEBB4kpn/ay QMRdJaZt3gpl60n0XL3DCGKzCKhI9Hx/DVbPK2AmcevyN7A4I9Di76fWMIHYzALiEreezGeC OEhAYsme88wQtqjEy8f/WEFsUaCZ9x7NZYGIK0ksuv0ZqJ4DqFdTYv0ufYgx1hKrzu5khLAV JaZ0P4RaKyhxcuYTlgmMorOQbJuF0D0LSfcsJN2zkHQvYGRdxciem5iZk15utIkRGAsHt/xW 3cF455zIIUZpDhYlcd4Pb52DhATSE0tSs1NTC1KL4otKc1KLDzEycXBKNTBqJcT3me6r5pmx qevKkhaLj4KyIeGTP/7gOy267snz9XNvHbc+WbPTIqf/xZUPk6vO2/6+wcy4pJe7nLWfi7Xt 0FvF/PhyLq2Lol9cLiTOyp3p+O7z/HUW9xSXa1Zv57C03r2+eJUGR9vX1szV+VUxH49H/rY1 NJDb37XO+PLxk902v9LfiWYosRRnJBpqMRcVJwIAqacwAVMCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/5MD-ha4NNJwl-SDeRiw-Fs3V164
Subject: [rtcweb] comments on draft-ietf-rtcweb-stun-consent-freshness-00
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Mar 2014 17:41:47 -0000

I read through draft-ietf-rtcweb-stun-consent-freshness-00. I mostly have
editorial comments.

Cheers
John


-“A consent timer, Tc, whose value is determined by the browser. This
value MUST be 15 seconds.”

I would delete “whose value is determined by the browser” as it’s
determined by the specification.

-I think the session liveness mechanism needs more details:
Does "start liveness test" mean that it stays on until JavaScript says
"stop liveness test”, does is stop after Tr, or does it stop after
notification?
If liveness test stays on after notification, shouldn't the javascript be
informed of renewed connectivity?
If liveness test stays on after notification, Is the timer reset, or does
the browser keep checking (e.g. every 500 ms)


Editorial comments:

- "This document describes a new STUN usage with a request and response
which verifies the remote peer consents to receive traffic, and detects
loss of liveness."
   
Should be rephrased make it cleareer that "STUN usage" does not detect
loss of liveness.

-"Transport Address"
Not used, delete definition

-Put space between number and unit, i.e. “500ms” -> “500 ms” (preferably
non-breaking)

"uses three values"
Seem to use four values as 500 ms is used as well. Should maybe consider
trating "Tc" and "500 ms" in the same way. I.e. either writing out 15
seconds or introducing Tx for "500 ms".



--------------------------------------------------------------------------
JOHN MATTSSON
MSc Engineering Physics, MSc Business Administration and Economics
Ericsson IETF Security Coordinator
Senior Researcher, Security

Ericsson AB
Security Research
Färögatan 6
SE-164 80 Stockholm, Sweden
Phone +46 10 71 43 501
SMS/MMS +46 76 11 53 501
john.mattsson@ericsson.com
www.ericsson.com <http://www.ericsson.com/>