Re: [rtcweb] JSEP nit: Size of <sess-id> in the o= line

Harald Alvestrand <harald@alvestrand.no> Sat, 03 November 2018 23:04 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B35CF128766 for <rtcweb@ietfa.amsl.com>; Sat, 3 Nov 2018 16:04:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ex7l9mo1wMop for <rtcweb@ietfa.amsl.com>; Sat, 3 Nov 2018 16:04:19 -0700 (PDT)
Received: from mork.alvestrand.no (mork.alvestrand.no [IPv6:2001:700:1:2::117]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3F8C129619 for <rtcweb@ietf.org>; Sat, 3 Nov 2018 16:04:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mork.alvestrand.no (Postfix) with ESMTP id 60CC67C575C; Sun, 4 Nov 2018 00:04:16 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at alvestrand.no
Received: from mork.alvestrand.no ([127.0.0.1]) by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dDNWt-7JarL8; Sun, 4 Nov 2018 00:04:13 +0100 (CET)
Received: from [172.20.18.215] (110-170-235-6.static.asianet.co.th [110.170.235.6]) by mork.alvestrand.no (Postfix) with ESMTPSA id F2E957C392F; Sun, 4 Nov 2018 00:04:12 +0100 (CET)
To: Justin Uberti <juberti@google.com>
Cc: RTCWeb IETF <rtcweb@ietf.org>
References: <75f60e2f-d4c9-8d48-1f71-2ca3b733edee@alvestrand.no> <CAOJ7v-1hKAUkVScAVNR0R-F322Ma1QF0yY8Gi+whANTemYbTQw@mail.gmail.com>
From: Harald Alvestrand <harald@alvestrand.no>
Openpgp: preference=signencrypt
Autocrypt: addr=harald@alvestrand.no; prefer-encrypt=mutual; keydata= xsFNBFRpbhYBEADXu8uE7LDQgrEB/zclYiwWRb50FnuJjIdK5Q7t68tSxx+LU8HTfxwOgHo9 vMyQvntoRBOHQZDJzvdAnZj/7vtl9RDfWvhUz+o9jSMyORzrt0kiW2QNICVkOkc0ZbI14Rn8 EjFRinK5m5+PXrng3PwZgK+sQJ1nzUxjE9oGTWClsAEqJw62z7JmzNqaEwAyHoHAZ1JAptSP ak91dUxjueJ2R+rFUBl6ParRZ2de7QKr3rN5Jbu/ikjHsAeTSo0R0BPKbzU23tXXxQ/dADvM V/PZp3hRFmXT7x05Q82O6k6hsGd5fJToBDRrlsC3jwWWhDhFhsWcdYKxFbYUsJVetPrWDtD4 6sjrbsQ+7kWRYgQWvL2EJ0s7QGpLxitopoISUEt0MlCcJhq7ZxiWhGnwM3GgADn+9W+aqwuk Y1tlUbdw0qdHyU0WM0k/yPd/eOghk3PLtlOizg4Q22VqfzNRXd3pwUmVjPYHQS0PwIjzuTEI em03qlVeJ8xn0X9W90E8PEnxZmREZBI90qCcUrxWOywEcLq21eLXurRzwnbY3oi6NxmSedcL xDWFdrVTHfPNNqh8zqXV/z9Ezz+7kSwgRygpG5+/sHfFq/YivoSHJdkL8xDzlNiqYCs8EL4A ipQWlKIuFH1F/pXLmXZlcDExw6aTlAP2rR+rw4Lc7kENZlMMMwARAQABzS9IYXJhbGQgQWx2 ZXN0cmFuZCAoMjAxNCkgPGhhcmFsZEBhbHZlc3RyYW5kLm5vPsLBfgQTAQIAKAUCVO3uHAIb IwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQawFW3omifDRKiA/+KtWpGwNa EaMMjxuVhdvMkQ6cS362iWydVbha03TBf/7HM380nO+2/t4S0kiSRtX89bY9lvrjS5oHd0tZ qS14vwBn8ZKbZl+k/NRiFlNNxhBx1PDRni1lfh/lU4xJraKI17h2h9mVJbMGk0kFuLqDUwMc 18mZZcfJEeUxSVUCndFMab4LQWSvRaqcwGrpDXuCxmWzMxtRjZzS2vkNX0oiBO7/NuEdQZL8 /CM3/GTqEd6kqY5Rkddvhr21KqhDyNT0NYRLgQ4yToTRDeXrHkjDD8cIQJhOHSNm6/3tuHB1 Bunxg1If3oEZxZirTGiuNZfBUAuXXJa//wEqhS+28/iQc6RE4bQXh2TyqtHs1mn3VDeKqbp7 lp31FfQ6GVGUaVfKfhg6UPSeczHTKWG3vX5UL7SOLXyaSniuYDkPIV/YR46GFPNhSsQ9YccU 5zAbn8ZhyONwO7524WjhIHgITiPVnCiSIHQKOw0S3+Ns0/5TIUgEc6+M97vsJTxTOqKfPthj xkHckF7VUFzu9ee6IMupJJp1wxVjpPQpJTjUG2aDnWk+E2OArulIjHER2dj0DEiOuqjjwTQH CKfrsWUMIs6TJ9jIKEfOSVOz5opGKLimQaOJ8Y1NYZKOy7fyJjofcC+dkAIpYBRzQTdDXm0A 4eryQBqLSpRldX4rvnU77i2/ryHOwU0EVGluFgEQAK2r1cmzqfJzOIielYx4OGVWlh3TmGdI mPgYI8yx/W8Uyvwknto7Qm5HaBBy9/33usNiovygYLFr7X5U/+ynXClkpAHaPOzS+bMCybpd UsS9Yq/jPmyq0Tlqn6b1tjSjFwysTiUVRS6nHufRlHQEOyxlYAjmePfjJI85g9J3iOa3eY87 +YSlF/rzhPrlvW0yD1YBGBmtuDdRnd4qSof8pcVmiN91QylbnTO5+/VtQtZydk2couaBHkf+ h0eDlJLB7igJ6Ks0ae2UoUNOBv2F1roQ1jZC8yMPScXygmjsoBSuTUirHatyR7AUiCHNymB+ EdhK4Vl+ZVHdCY9l269g5ocw0y6BZofHpqhE9K3RGBWQjWKTXuOk1fVjLfAum3wQqztYEhlD uKZgfEn7reDuzBq4cqzUe7CI6lZwCU7DnA0Dz2vBaqBhrZb7eKfTqmXddNm/dXmPn1nB554N fxWoxb3L8fHXwLgJiBgxLM6OYhJM51PxwW1qoQM1ax6gu+H101uEE4ZZq+s7c301HqwFwGMi SMmn1oJ7/+OquMkYHjeVAhxRE6blcRH2cmqxFSrpHsHgpXMVyWgTZRZsMmQathzCTUWKf5hC EOzwb4rp/UvU1LUHo1uPqbBafW62VB+iUaFp/zOg69Wo8/Z6urM5m+ldiWTbx+ivxKlPQDEA 332dABEBAAHCwWUEGAECAA8FAlRpbhYCGwwFCQlmAYAACgkQawFW3omifDRKhg//eHcjvxcA ENNe66f5R3ULi5pMbrHGLMGirVX9pHTRf5+5OFaGr8bwXeYkCHpptpxr2Kk/PUzpUWOL2uvL lh7QhPw3+GoEWubXOAgHiQW5iIzkA9wYw/nctZ+5veHN7InVqJ7djhtTN7K9Luj4nDR1T7Vf 61zpCKLlEW6W5MAp4slRVzRiFfaMfMYkxLm6MBxC961j8Lrqx2XNMGugaYh1QzcFYTbFmGKX 5SY4EQsETiB0PeE3IBVtXfiabrk8YX2IuL9BrEgD6GngXTd78hUMnZeqjvnS772bjRgwLCz7 Hab6hQESrFCNXfxzb39y5DLHwXtB/HruYqVD48XvPnNV0UNsWcS+7rtPFMmkd3MTvoAOWjkV zeQHpvF71IlwWginXbkf9aR/QsAbMIQDZWhsd+ma67V6g6KH41r6mNXAgK2JlA1CqgblM7iB hl01vL0V5bkbInZq2sB505Hn1DSc4NoP2WHlwe8Bm8vVG5oyfyPw9ReS9WLVY9w7fK4EKOgk VnOsIQuE0WIPT0Ak+hJ0UigOduuCX7s7NIVaOgWQe1q4Xytgj1RHjg9qlA6eQiTUrAx7Mu7s eliWCFuWsQXoaktVEDjoWVbP9dgozanL5kwWh/sJNtHVQbgu3IG4w8D3QvvOE83+jAdzgOzv pqHJkrqlWu+R9ZqBucZLqjQvQZk=
Message-ID: <08f6a3a1-e73d-83d2-78e4-233a95c538ed@alvestrand.no>
Date: Sun, 04 Nov 2018 00:04:06 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <CAOJ7v-1hKAUkVScAVNR0R-F322Ma1QF0yY8Gi+whANTemYbTQw@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------E150589786EFB5A1682804D0"
Content-Language: en-GB
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/aJNazYB0HhyVZlUPCCdEkrNd8Uw>
Subject: Re: [rtcweb] JSEP nit: Size of <sess-id> in the o= line
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Nov 2018 23:04:22 -0000

On 11/03/2018 06:17 PM, Justin Uberti wrote:
> Agreed. Suggested new text:

Suggested addition: "As stated in RFC 3264, ...." - these are not new
requirements, they're repeating old requirements.
>
>       The sess-id MUST be representable by a 64-bit signed
>       integer, and the value MUST be less than (2**63)-1, to prevent
>       negatives.  It is RECOMMENDED that the sess-id be
>       constructed by generating a 64-bit quantity with the highest
>       bit set to zero and the remaining 63 bits being
>       cryptographically random.

Suggested addition:

  The sess-version MUST be less than (2**62) - 1, to avoid overflow when
incrementing.

>
> On Sat, Nov 3, 2018 at 1:39 AM Harald Alvestrand <harald@alvestrand.no
> <mailto:harald@alvestrand.no>> wrote:
>
>     JSEP -24 currently says:
>
>           The sess-id MUST be representable by a 64-bit signed
>           integer, and the initial value MUST be less than (2**62)-1, as
>           required by [RFC3264 <https://tools.ietf.org/html/rfc3264>].  It is RECOMMENDED that the sess-id be
>           constructed by generating a 64-bit quantity with the two highest
>           bits being set to zero and the remaining 62 bits being
>           cryptographically random.
>
>     There are two problems here:
>
>     - RFC 3264 actually doesn't place that restriction on the sess-id,
>     that's the restriction on the version field.
>
>     - Deployed code (libwebrtc) generates sess-ids that are larger
>     than 2^62-1
>
>     Quote from RFC 3264:
>
>        The offer (and answer) MUST be a valid SDP message, as defined by RFC <https://tools.ietf.org/html/rfc2327>
>        2327 <https://tools.ietf.org/html/rfc2327> [1 <https://tools.ietf.org/html/rfc3264#ref-1>], with one exception.  RFC 2327 <https://tools.ietf.org/html/rfc2327> mandates that either an e or
>        a p line is present in the SDP message.  This specification relaxes
>        that constraint; an SDP formulated for an offer/answer application
>        MAY omit both the e and p lines.  The numeric value of the session id
>        and version in the o line MUST be representable with a 64 bit signed
>        integer.  The initial value of the version MUST be less than
>        (2**62)-1, to avoid rollovers.  Although the SDP specification allows
>        for multiple session descriptions to be concatenated together into a
>        large SDP message, an SDP message used in the offer/answer model MUST
>        contain exactly one session description.
>
>     So what's easiest to change, deployed code or JSEP?
>
>     This note is also filed as
>     https://github.com/rtcweb-wg/jsep/issues/855
>
>     -- 
>     Surveillance is pervasive. Go Dark.
>
>     _______________________________________________
>     rtcweb mailing list
>     rtcweb@ietf.org <mailto:rtcweb@ietf.org>
>     https://www.ietf.org/mailman/listinfo/rtcweb
>

-- 
Surveillance is pervasive. Go Dark.