Re: [rtcweb] WGLC Review of draft-ietf-ice-rfc5245bis-12

Harald Alvestrand <harald@alvestrand.no> Tue, 17 October 2017 14:36 UTC

Return-Path: <harald@alvestrand.no>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76956132D54; Tue, 17 Oct 2017 07:36:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id narFCoWZ8FxV; Tue, 17 Oct 2017 07:36:20 -0700 (PDT)
Received: from mork.alvestrand.no (mork.alvestrand.no [IPv6:2001:700:1:2::117]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D74BA132F3F; Tue, 17 Oct 2017 07:36:18 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mork.alvestrand.no (Postfix) with ESMTP id 4D15B7C32DB; Tue, 17 Oct 2017 16:36:17 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at alvestrand.no
Received: from mork.alvestrand.no ([127.0.0.1]) by localhost (mork.alvestrand.no [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ljrEFhhFiV7n; Tue, 17 Oct 2017 16:36:16 +0200 (CEST)
Received: from [IPv6:2001:470:de0a:1::5ea] (unknown [IPv6:2001:470:de0a:1::5ea]) by mork.alvestrand.no (Postfix) with ESMTPSA id 0004B7C0AF4; Tue, 17 Oct 2017 16:36:15 +0200 (CEST)
To: Christer Holmberg <christer.holmberg@ericsson.com>, "ice@ietf.org" <ice@ietf.org>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
References: <66220024-e08b-aa61-ffe2-3c279c377a34@alvestrand.no> <D60A5C84.23E43%christer.holmberg@ericsson.com>
From: Harald Alvestrand <harald@alvestrand.no>
Message-ID: <f4da1671-f7bd-e153-04da-a0462316798d@alvestrand.no>
Date: Tue, 17 Oct 2017 16:36:15 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0
MIME-Version: 1.0
In-Reply-To: <D60A5C84.23E43%christer.holmberg@ericsson.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/a_fRNVcH4oQ1XGUnAToZ7E7OWfE>
Subject: Re: [rtcweb] WGLC Review of draft-ietf-ice-rfc5245bis-12
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Oct 2017 14:36:22 -0000

Den 16. okt. 2017 12:02, skrev Christer Holmberg:
> Hi Harald,
> 
> Some feedback on your comments.
> 
>> Most important points:
>>
>> * The protocol has been designed and revised to be usable with non-media
>> data, but the introduction and abstract do not reflect this. Expunging
>> the media bias from the body of the document is probably not worth it,
>> but the intro and abstract should mention it.
> 
> We COULD do a search/replace operation, and replace ³media² with ³data².
> We would end up with terms like ³data stream², ³data packets² etc, but I
> guess that it would be ok.
> 
> In the ³data definition² we would then describe that data includes both
> RTP and non-RTP data.

I would like that! I was proposing a smaller change because it's so late
in the cycle, but better is better!

> 
>> * Security considerations should mention the problem that ICE reveals
>> addresses that might otherwise remain hidden, and that this is a privacy
>> concern.
> 
> I would be glad if someone could provide text for that, to make sure we
> get it right.

The paragraph I suggested in the PDF was:

“The process of probing for candidates reveals the source addresses of
the client and its peer to any on-network listening attacker, and the
process of exchanging candidates reveals the addresses to any attacker
that is able to see the negotiation. Some addresses, such as the server
reflexive addresses gathered through the local interface of VPN users,
may be sensitive information. If these potential attacks can’t be
mitigated, the implementation may want to institute controls for which
addresses are revealed to the negotiation and/or probing process. Such
controls need to be specified as part of the ICE usage.”

Of course, that's only my suggestion.

> 
>> * The document has removed all the SDP specific parts (good), but the
>> requirements it places on the negotiation mechanism aren¹t collectively
>> documented anywhere. A section describing this would help comprehension
>> for people developing signalling protocols for use with ICE.
> 
> I can think of the following requirements:
> 
> REQ: There MUST be a mechanism for ICE agents to determine whether the
> remote peer supports ICE
> 
> 
> REQ: There MUST be a mechanism for ICE agents to exchange candidate
> information
> 
> REQ: There MUST be a mechanism for ICE agents to indicate an ICE restart
> to the remote peer

I was thinking of something like:

The exchange of information MUST result in the following information
being available to the ICE agent:

- Whether the remote peer supports ICE at all
- What ICE options, if any, are supported
- Whether the remote peer is Lite or Full
- Whether the remote peer thinks it's the Initiating Agent or not
- What candidates the remote peer wishes to make available
- Whether an ICE restart is desired

> 
> 
>> * The definition of ³component² talks about a component having one
>> address. I believe that in current usage, it should be defined to have
>> an address pair. (non-symmetric RTP is dead).
> 
> Or, should we say ³having one candidate pair²?
> 
> <t hangText="Component:"> A component is a piece of a data stream
> requiring a candidate pair; a data stream may require
> multiple components, each of which has to work for the data stream as
> a whole to work.  For media streams based on RTP, unless RTP and RTCP
> are multiplexed in the same port, there are two components per media
> stream -- one for RTP, and one for RTCP.</t>

This works for me!

> 
> 
> Regarding non-symmetric RTP, the spec says that the selected candidate
> pair MUST be used for sending and receiving media, so I guess that means
> symmetric RTP. Perhaps it would be good to point that out.

Can't harm.

> 
> Regards,
> 
> Christer
>