IETF Logo Mail Archive

Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-consent-freshness-08.txt - Some additional questions

Martin Thomson <martin.thomson@gmail.com> Fri, 21 November 2014 01:33 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEBFE1ACFF2 for <rtcweb@ietfa.amsl.com>; Thu, 20 Nov 2014 17:33:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qd98Ot-cLgzn for <rtcweb@ietfa.amsl.com>; Thu, 20 Nov 2014 17:33:55 -0800 (PST)
Received: from mail-oi0-x22d.google.com (mail-oi0-x22d.google.com [IPv6:2607:f8b0:4003:c06::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F36721ACFE8 for <rtcweb@ietf.org>; Thu, 20 Nov 2014 17:33:54 -0800 (PST)
Received: by mail-oi0-f45.google.com with SMTP id a141so2964626oig.4 for <rtcweb@ietf.org>; Thu, 20 Nov 2014 17:33:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=YPtFIS73aeCiMoCIC5Hk+rmTderit/qSimCVoXSH/DI=; b=zl8s2xtwPXx0ApukBvAXLE1Ih3lGzp3lRknXscXWXeN5n2z/4cDGA8dXYlAExnBEaJ +MTQ7pnUDEV4bwEEQNSODO52mIh/7tTHV57C5UKnhmC80nIXSZLt4WD6YEDb8CWCETUR 6C64w8I78aV33qY801lsAbuoVETyZOt60PJngljMMmA4Qk6JEnpspYTc8P2M+D06/Ygq hlwBfg+pfzgbmKoLUpvoDnG9vxjoiCZc7xh9M5utxNfh6Mfj00yZWYFQ9AbodsCOq9Lu FB8DAnHUkUE7cIUWcOABQd5z+XTJD9J7zt2301J4rRt6xSKee2saGO8B/k3vGqvaKADJ Id3g==
MIME-Version: 1.0
X-Received: by 10.182.104.40 with SMTP id gb8mr137103obb.61.1416533634316; Thu, 20 Nov 2014 17:33:54 -0800 (PST)
Received: by 10.202.115.4 with HTTP; Thu, 20 Nov 2014 17:33:54 -0800 (PST)
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1D52C623@ESESSMB209.ericsson.se>
References: <7594FB04B1934943A5C02806D1A2204B1D4CE861@ESESSMB209.ericsson.se> <D0898477.19024%rmohanr@cisco.com> <7594FB04B1934943A5C02806D1A2204B1D525F52@ESESSMB209.ericsson.se> <D0936AAE.19A4C%rmohanr@cisco.com> <CABkgnnU-Cxj5CUR-BQM9o-FeOCWWdOqcViWovwBDV_sdcVTi-Q@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D52C623@ESESSMB209.ericsson.se>
Date: Thu, 20 Nov 2014 15:33:54 -1000
Message-ID: <CABkgnnUa6_h8kcj11F42QsJh--oQoeaWpFopp_MD1TDE1Y1DrA@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/awJydduvhu5Pi8pRfVTKfUwV_eI
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-consent-freshness-08.txt - Some additional questions
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Nov 2014 01:33:57 -0000

On 20 November 2014 06:28, Christer Holmberg
<christer.holmberg@ericsson.com> wrote:
> I agree that we don't need to specify application behaviour. But, I think we do need to be clear regarding the impacts on the transport/ICE layer, when/if/how it can be later re-used etc.

How is my response unclear exactly?  IF NOT connectivity check, then
NO DON'T SEND.

> My question is how/if the consent lost impacts "normal" ICE (STUN keep-alives etc), transport layer heartbeats etc.

I don't understand this concern.  You can't use the credentials (see
above), and you can't send anything else.  That's a terminal
condition.

> Also, as the entity may still receive media on the 5-tuple, that also means it still have to respond to incoming STUN requests etc.

This is one of those "application layer" things.  If you want to cease
your own consent in response to losing consent, that's your choice.
We already say that connectivity check responses (connectivity checks
as a whole, actually) aren't subject to consent.

Though there is a real mistake in the draft here:

OLD:
   An endpoint MUST NOT send paced STUN connectivity checks toward any
   transport address unless the receiving endpoint consents to receive
   data.  That is, no application data (e.g., RTP or DTLS) can be sent
NEW:
   An endpoint MUST NOT send data other than paced STUN connectivity
checks or responses toward any
   transport address unless the receiving endpoint consents to receive
   data.  That is, no application data (e.g., RTP or DTLS) can be sent

I'll generate a PR if my co-authors don't get to it.  I don't know how
that happened.

> What about DTLS heartbeats, and other information sent on the transport layer? I ASSUME the entity will maintain those, as it still may receive media

That is unquestionably application-layer data.

The upshot here is that you will probably break RTP because you can't
generate an RR.  You can't generate SCTP acknowledgements either.
Fact is, virtually all protocols are bidirectional and will break if
one party can't send.

v2.23.0 | Report a Bug | By Email