Re: [rtcweb] JSEP: Why always offer actpass?

Christer Holmberg <christer.holmberg@ericsson.com> Thu, 04 December 2014 16:45 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE7311AD4EB for <rtcweb@ietfa.amsl.com>; Thu, 4 Dec 2014 08:45:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.901
X-Spam-Level:
X-Spam-Status: No, score=-3.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nja5azc5I-Cw for <rtcweb@ietfa.amsl.com>; Thu, 4 Dec 2014 08:45:19 -0800 (PST)
Received: from sessmg22.ericsson.net (sessmg22.ericsson.net [193.180.251.58]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADE581AD4F3 for <rtcweb@ietf.org>; Thu, 4 Dec 2014 08:45:06 -0800 (PST)
X-AuditID: c1b4fb3a-f79116d000000fec-a2-54808f901cc9
Received: from ESESSHC008.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg22.ericsson.net (Symantec Mail Security) with SMTP id 81.86.04076.09F80845; Thu, 4 Dec 2014 17:45:04 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.189]) by ESESSHC008.ericsson.se ([153.88.183.42]) with mapi id 14.03.0195.001; Thu, 4 Dec 2014 17:45:04 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: "Makaraju, Maridi Raju (Raju)" <Raju.Makaraju@alcatel-lucent.com>, Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>, Justin Uberti <juberti@google.com>
Thread-Topic: [rtcweb] JSEP: Why always offer actpass?
Thread-Index: AdAH/G6saC/Ce4vxTgqv23nLTon8JAH1cz+AAAO23YA=
Date: Thu, 04 Dec 2014 16:45:03 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D57A684@ESESSMB209.ericsson.se>
References: <1447FA0C20ED5147A1AA0EF02890A64B1D0D579E@ESESSMB209.ericsson.se> <CAOJ7v-1ztXies0-W3B2=zWaydeLTuR8tU7v15nqyTw+MwGE+rw@mail.gmail.com> <1447FA0C20ED5147A1AA0EF02890A64B1D0D5A4B@ESESSMB209.ericsson.se> <E1FE4C082A89A246A11D7F32A95A17828E63C45B@US70UWXCHMBA02.zam.alcatel-lucent.com> <1447FA0C20ED5147A1AA0EF02890A64B1D0D5FB6@ESESSMB209.ericsson.se> <E1FE4C082A89A246A11D7F32A95A17828E63C90D@US70UWXCHMBA02.zam.alcatel-lucent.com> <1447FA0C20ED5147A1AA0EF02890A64B1D0D86B9@ESESSMB209.ericsson.se> <CAD5OKxskhmnHO6rLB4t7vM6Y=fVf0PwYPXsfONJjM=wzx8vHoA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D53F719@ESESSMB209.ericsson.se> <CAD5OKxt+3Tn1SiHu7u_t7AixBVS1ev0Z=vdZg0mMwmm-Tg74yA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D54BB03@ESESSMB209.ericsson.se> <E1FE4C082A89A246A11D7F32A95A17828E64233E@US70UWXCHMBA02.zam.alcatel-lucent.com> <1447FA0C20ED5147A1AA0EF02890A64B1D0E3909@ESESSMB209.ericsson.se> <E1FE4C082A89A246A11D7F32A95A17828E6423CC@US70UWXCHMBA02.zam.alcatel-lucent.com> <1447FA0C20ED5147A1AA0EF02890A64B1D0E39A9@ESESSMB209.ericsson.se> <CAOJ7v-191C=Jsf0vuBomgKXMYGRakatP9QS+mMYG1Try59yYrg@mail.gmail.com> <1447FA0C20ED5147A1AA0EF02890A64B1D0EE2BC@ESESSMB209.ericsson.se> <7594FB04B1934943A5C02806D1A2204B1D577322@ESESSMB209.ericsson.se> <CAOJ7v-2d0qMaWhNThW=ywfmBMp-7LMJNhi-fj8USk5D0=2RwCA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D577B77@ESESSMB209.ericsson.se> <CAOJ7v-3u6nL5J8wYpWN9SS8DboMh4WNYznJS-24TepZRweJz0w@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D577CB5@ESESSMB209.ericsson.se> <7594FB04B1934943A5C02806D1A2204B1D578C4D@ESESSMB209.ericsson.se> <1447FA0C20ED5147A1AA0EF02890A64B1D0EE9AC@ESESSMB209.ericsson.se> <7594FB04B1934943A5C02806D1A2204B1D578E30@ESESSMB209.ericsson.se> <1447FA0C20ED5147A1AA0EF02890A64B1D0EEA4E@ESESSMB209.ericsson.se> <E1FE4C082A89A246A11D7F32A95A17828E64D612@US70UWXCHMBA02.zam.alcatel-lucent.com>
In-Reply-To: <E1FE4C082A89A246A11D7F32A95A17828E64D612@US70UWXCHMBA02.zam.alcatel-lucent.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.148]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGLMWRmVeSWpSXmKPExsUyM+Jvje6E/oYQgw+zdCy2ThWyaNh4hdVi 7b92dgdmj9Zne1k9Fmwq9Viy5CdTAHMUl01Kak5mWWqRvl0CV0bvuy3sBa+4Kz41/mNsYDzE 2cXIySEhYCIxo28KC4QtJnHh3no2EFtI4AijxLkvVl2MXED2YkaJK3tnsXYxcnCwCVhIdP/T BomLCOxglJj/eiETSAOzgLrEncXn2EFsYQFTifdzjzCD2CICZhILT05ghLCtJJ7e+QO2gEVA ReLom49gcV4BX4nL938zQiybxC9x6tpesGZOgViJX1OngxUxAl33/dQaqGXiEreezGeCuFpA Ysme88wQtqjEy8f/WCFsJYnGJU9YIer1JG5MncIGYWtLLFv4mhlisaDEyZlPWCYwis1CMnYW kpZZSFpmIWlZwMiyilG0OLW4ODfdyEgvtSgzubg4P08vL7VkEyMwog5u+W21g/Hgc8dDjAIc jEo8vAbn6kOEWBPLiitzDzFKc7AoifMuPDcvWEggPbEkNTs1tSC1KL6oNCe1+BAjEwenVANj 9+G84KDpUp9P/+juYHXy93Q9wsOQ0c/4lFnWslzxh17pZ/9r5zLtfV80bU+JWmzbKPq7TfCD kXWmwUXOyD1zHBe4nNIOz8r3t+2Wku1l/vlVbsXprKOP/7/7zOd7LlzrAPNRL+G/VTkfoyeK tesq3mWLjBC82/TmQfefKpFKH1/NRRsNdiixFGckGmoxFxUnAgDRSqB7iQIAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/Cy7SJUToTl0XB8PzrpF9GwXMOVo
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] JSEP: Why always offer actpass?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Dec 2014 16:45:25 -0000

Hi,

>>>>> Once a DTLS connection has been established, if the 
>>>>> 'active/passive' status of the endpoints change during a session, 
>>>>> a new DTLS connection MUST be established.  Therefore, endpoints 
>>>>> SHOULD NOT change the 'active/passive' status in subsequent offers 
>>>>> and answers,
>>>>
>>>> Did not the discussion (for rtcweb) conclude that subsequent offers 
>>>> should offer actpass, but that subsequent answers must say the same 
>>>> as the previous answer?
>>>
>>> In the Offer/Answer section, I can define more details regarding the 
>>> values (actpass etc) to use.
>>>
>>> BUT, the question is whether we want to allow the endpoints to 
>>> trigger a new DTLS connection by changing the active/passive status 
>>> or not. The text above says SHOULD NOT change the active/passive 
>>> status.
>> 
>> OK, makes sense to me.
>
> <Raju>
> I am ok with it as well.
>
> The strength "SHOULD NOT" seems intentional and I think that is right; so it is still allowed but not recommended.

Yes.

> May be obvious, but please be sure to mention that, independent of last offer/answer direction, new 
> offerer SHOULD include actpass and answerer SHOULD answer with previously negotiated role.

Yes.

Of course, if the fingerprint and/or transport parameters change, a new DTLS connections MUST be established. And, in that case I guess it doesn't matter if the TLS roles are also re-negotiated?

Regards,

Christer