IETF Logo Mail Archive

Re: [rtcweb] AD evaluation: draft-ietf-rtcweb-stun-consent-freshness-11

"Ram Mohan R (rmohanr)" <rmohanr@cisco.com> Thu, 14 May 2015 03:18 UTC

Return-Path: <rmohanr@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6B961B32B8 for <rtcweb@ietfa.amsl.com>; Wed, 13 May 2015 20:18:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E8XBibpO1EXY for <rtcweb@ietfa.amsl.com>; Wed, 13 May 2015 20:18:31 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C27FA1B32BC for <rtcweb@ietf.org>; Wed, 13 May 2015 20:18:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=11622; q=dns/txt; s=iport; t=1431573511; x=1432783111; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=8f+Z7LWH6Lrn7dD/JjEun412aTUc+tqji03BuTrGj4M=; b=a+IyoP/toZ72maAivuj11zaOCuEKuRQhN8rTaAiVbJq2lWvsS9AjYJOc OiWOdWirzrLMmNJDj1WhYI7HGEotg3q0ppY5HPi8RZraOf334P4cv6zsI J0x6C7Y9dnXc/ROJJxmxjWfZHfsAMmK+V1h+glR/RPp4OxbE+jqPJixHC k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AlBQAaE1RV/4cNJK1cgw9UXgaDGMMdDIU1TgIcgRxMAQEBAQEBgQuEIAEBAQQBAQExEycXBAIBCBEDAQEBAQQjBQICHwYLFAkIAgQBEogXAxINmHOcfwaFGZoDDYR8AQEBAQEBAQEBAQEBAQEBAQEBAQEBF4Ebih+CTYIFOgaCXIFLBZJbhCeEdYFVgSU+gyWKeIZ2I4FmghFvgUWBAQEBAQ
X-IronPort-AV: E=Sophos;i="5.13,425,1427760000"; d="scan'208";a="419640212"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-4.cisco.com with ESMTP; 14 May 2015 03:18:29 +0000
Received: from xhc-aln-x08.cisco.com (xhc-aln-x08.cisco.com [173.36.12.82]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id t4E3ITQd004154 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 14 May 2015 03:18:29 GMT
Received: from xmb-aln-x05.cisco.com ([169.254.11.121]) by xhc-aln-x08.cisco.com ([173.36.12.82]) with mapi id 14.03.0195.001; Wed, 13 May 2015 22:18:29 -0500
From: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
To: Alissa Cooper <alissa@cooperw.in>, Christer Holmberg <christer.holmberg@ericsson.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: [rtcweb] AD evaluation: draft-ietf-rtcweb-stun-consent-freshness-11
Thread-Index: AQHQjfSlNRq6SQBuQUqpM992EE341A==
Date: Thu, 14 May 2015 03:18:28 +0000
Message-ID: <D17A103F.2F093%rmohanr@cisco.com>
References: <3B27E16C-2AD7-427B-864C-741F38575B97@cooperw.in> <CABkgnnU=NeP7MzqxE1Mg+ZN8EZf=3FtayyLP1Q-z=6vaPUtAuA@mail.gmail.com> <3BE7E012-A474-4CEA-889A-B611EEFC4AEC@cooperw.in> <7594FB04B1934943A5C02806D1A2204B1D7EA1AE@ESESSMB209.ericsson.se> <D170E03C.2DAC3%rmohanr@cisco.com> <7594FB04B1934943A5C02806D1A2204B1D7EB649@ESESSMB209.ericsson.se> <913383AAA69FF945B8F946018B75898A47833F10@xmb-rcd-x10.cisco.com> <7594FB04B1934943A5C02806D1A2204B1D7EBB8D@ESESSMB209.ericsson.se> <D1712C03.2DDBA%rmohanr@cisco.com> <7594FB04B1934943A5C02806D1A2204B1D7EBCDD@ESESSMB209.ericsson.se> <D8BB2A42-3840-4C60-A7AC-503E359F8662@cooperw.in> <D176B223.2E5DC%rmohanr@cisco.com>
In-Reply-To: <D176B223.2E5DC%rmohanr@cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.7.141117
x-originating-ip: [10.65.78.73]
Content-Type: text/plain; charset="euc-kr"
Content-ID: <195EF8E033082F42924A596451B771BC@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/dEH3WGzpS03ynMzoDuXPa3a3EIY>
Subject: Re: [rtcweb] AD evaluation: draft-ietf-rtcweb-stun-consent-freshness-11
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 May 2015 03:18:34 -0000

Hi Alissa/All,

I just published the revision that address below comments. Link -
https://datatracker.ietf.org/doc/draft-ietf-rtcweb-stun-consent-freshness/
Diff - 
https://www.ietf.org/rfcdiff?url2=draft-ietf-rtcweb-stun-consent-freshness

Regards,
Ram

-----Original Message-----
From: Cisco Employee <rmohanr@cisco.com>
Date: Monday, 11 May 2015 7:24 pm
To: Alissa Cooper <alissa@cooperw.in>, Christer Holmberg
<christer.holmberg@ericsson.com>, Martin Thomson <martin.thomson@gmail.com>
Cc: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>, "rtcweb@ietf.org"
<rtcweb@ietf.org>
Subject: Re: [rtcweb] AD evaluation:
draft-ietf-rtcweb-stun-consent-freshness-11

>Attached is the diffs with comment from Christer incorporated. Please let
>me know if any one else has comments. If not I will publish this diff as a
>new revision.
>
>Regards,
>Ram
>
>-----Original Message-----
>From: Alissa Cooper <alissa@cooperw.in>
>Date: Friday, 8 May 2015 6:41 pm
>To: Christer Holmberg <christer.holmberg@ericsson.com>
>Cc: Cisco Employee <rmohanr@cisco.com>, "Tirumaleswar Reddy (tireddy)"
><tireddy@cisco.com>, Martin Thomson <martin.thomson@gmail.com>,
>"rtcweb@ietf.org" <rtcweb@ietf.org>
>Subject: Re: [rtcweb] AD evaluation:
>draft-ietf-rtcweb-stun-consent-freshness-11
>
>>Ok with me.
>>Alissa
>>
>>On May 7, 2015, at 2:49 AM, Christer Holmberg
>><christer.holmberg@ericsson.com> wrote:
>>
>>> Hi,
>>> 
>>> The text looks ok, but I think we can simplify/clarify it a little.
>>> 
>>> For example, the usage of "flow" is a little strange, since we
>>>explicitly say that no media is sent :)
>>> 
>>> Also, "failure" is the wrong wording in my opinion, because there is no
>>>failure.
>>> 
>>> What about:
>>> 
>>>   An endpoint that is not sending any application data does not need to
>>>   maintain consent. However, not sending any traffic could cause NAT or
>>>   firewall mappings to expire.  Furthermore, having one peer unable to
>>>send 
>>>   is detrimental to many protocols.  Absent better information about
>>>the 
>>>   network, if an endpoint needs to ensure its NAT or firewall mappings
>>>do
>>>   not expire, it can be done using keepalive or  other techniques (see
>>>   Section 10 of [RFC5245] and see [RFC6263]).
>>> 
>>> Regards,
>>> 
>>> Christer
>>> 
>>> 
>>> -----Original Message-----
>>> From: Ram Mohan R (rmohanr) [mailto:rmohanr@cisco.com]
>>> Sent: 7. toukokuuta 2015 12:19
>>> To: Christer Holmberg; Tirumaleswar Reddy (tireddy); Alissa Cooper;
>>>Martin Thomson
>>> Cc: rtcweb@ietf.org
>>> Subject: Re: [rtcweb] AD evaluation:
>>>draft-ietf-rtcweb-stun-consent-freshness-11
>>> 
>>> Hi Christer,
>>> 
>>> How about the below text. Does it sound better ?
>>> 
>>> OLD:
>>> 
>>>   An endpoint that is not sending any application data does not need to
>>>   maintain consent.  However, failure to send could cause any NAT or
>>>   firewall mappings for the flow to expire.  Furthermore, having one
>>>   peer unable to send is detrimental to many protocols.  Absent better
>>>   information about the network, an endpoint SHOULD maintain consent if
>>>   there is any possibility that a flow might be needed again.
>>> 
>>> NEW:
>>> 
>>>   An endpoint that is not sending any application data does not need to
>>>   maintain consent. However, failure to send could cause any NAT or
>>>   firewall mappings for the flow to expire.  Furthermore, having one
>>>   peer unable to send is detrimental to many protocols.  Absent better
>>>   information about the network, if an endpoint needs to ensure its NAT
>>>   or firewall mappings persist which can be done using keepalive or
>>>   other techniques (see Section 10 of [RFC5245] and see [RFC6263]).
>>> 
>>> 
>>> 
>>> Ram
>>> 
>>> -----Original Message-----
>>> From: Christer Holmberg <christer.holmberg@ericsson.com>
>>> Date: Thursday, 7 May 2015 2:40 pm
>>> To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>, Cisco Employee
>>><rmohanr@cisco.com>, Alissa Cooper <alissa@cooperw.in>, Martin Thomson
>>><martin.thomson@gmail.com>
>>> Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
>>> Subject: RE: [rtcweb] AD evaluation:
>>> draft-ietf-rtcweb-stun-consent-freshness-11
>>> 
>>>> Hi,
>>>> 
>>>>>>> Martin¹s statement says SHOULD here and does not mandate. ICE
>>>>>>> keepalives could also be used to keep the NAT state
>>>>>> 
>>>>>> There needs to be a good justification for a SHOULD, and consent was
>>>>>> never intended for NAT keep-alives.
>>>>>> 
>>>>>> Also keep in mind that, with the "virtual connection" concept, there
>>>>>> might be a big number of ICE connections - some of which you may
>>>>>> never use. Why send consent on those, if there is no media?
>>>>> 
>>>>> ICE keepalives or consent is only required for candidate pairs
>>>>> selected for media,
>>>> 
>>>> Correct. But, you may have multiple candidate pairs "selected for
>>>> media", but that doesn't mean you are sending media on all of them.
>>>> Very likely you are, at any given time, only sending media on one of
>>>>them.
>>>> 
>>>>> http://tools.ietf.org/html/rfc5245#section-10 mandates sending
>>>>> keepalives if no packet is sent on the candidate pair ICE is using
>>>>>for 
>>>>> a media component for Tr seconds. STUN Binding Indication or consent
>>>>> can be used for keepalives.
>>>> 
>>>> Correct. My issue is why there should be a "SHOULD send consent" on
>>>> candidate pairs currently not used for sending media. In such case,
>>>> only the NAT bindings need to be maintained, and the keep-alives take
>>>> care of that.
>>>> 
>>>> Regards,
>>>> 
>>>> Christer
>>>> 
>>>> 
>>>> 
>>>>> -----Original Message-----
>>>>> From: Christer Holmberg <christer.holmberg@ericsson.com>
>>>>> Date: Wednesday, 6 May 2015 12:23 pm
>>>>> To: Alissa Cooper <alissa@cooperw.in>, Martin Thomson
>>>>> <martin.thomson@gmail.com>
>>>>> Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
>>>>> Subject: Re: [rtcweb] AD evaluation:
>>>>> draft-ietf-rtcweb-stun-consent-freshness-11
>>>>> 
>>>>>> Hi,
>>>>>> 
>>>>>> I don't think you need to continue doing consent because of NAT
>>>>>> issues, if you are sending normal STUN keep-alives.
>>>>>> 
>>>>>> Regards,
>>>>>> 
>>>>>> Christer
>>>>>> 
>>>>>> -----Original Message-----
>>>>>> From: rtcweb [mailto:rtcweb-bounces@ietf.org] On Behalf Of Alissa
>>>>>> Cooper
>>>>>> Sent: 2. toukokuuta 2015 2:20
>>>>>> To: Martin Thomson
>>>>>> Cc: rtcweb@ietf.org
>>>>>> Subject: Re: [rtcweb] AD evaluation:
>>>>>> draft-ietf-rtcweb-stun-consent-freshness-11
>>>>>> 
>>>>>> 
>>>>>> On May 1, 2015, at 9:54 AM, Martin Thomson
>>>>> <martin.thomson@gmail.com>
>>>>>> wrote:
>>>>>> 
>>>>>>> On 30 April 2015 at 17:32, Alissa Cooper <alissa@cooperw.in> wrote:
>>>>>>>> "An endpoint that is not sending any application data does not
>>>>>>>> need
>>>>> to
>>>>>>>>  maintain consent.  However, failure to send could cause any NAT
>>>>>>>>or
>>>>>>>>  firewall mappings for the flow to expire.  Furthermore, having
>>>>>>>>one
>>>>>>>>  peer unable to send is detrimental to many protocols."
>>>>>>>> 
>>>>>>>> It sounds like the unstated implication here is that if you are
>>>>>>>> such an endpoint, you should keep doing consent checks anyway to
>>>>>>>> maintain consent. Should that be stated explicitly, or am I
>>>>> misunderstanding?
>>>>>>> 
>>>>>>> Can you tell that this is my text?
>>>>>>> 
>>>>>>> Yep, the unspoken implication is that if you stop maintaining
>>>>>>> consent, a flow is highly likely to break.  I'm OK with making
>>>>>>> that
>>>>> explicit.
>>>>>>> 
>>>>>>> ... .  Absent better information about the network, an endpoint
>>>>>>> SHOULD maintain consent if there is any possibility that a flow
>>>>>>> might be needed again.
>>>>>> 
>>>>>> WFM
>>>>>> 
>>>>>>> 
>>>>>>> (Thanks for the suggestion on Sec7.  I wasn't happy with it
>>>>>>> before.)
>>>>>> 
>>>>>> _______________________________________________
>>>>>> rtcweb mailing list
>>>>>> rtcweb@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/rtcweb
>>>>>> 
>>>>>> _______________________________________________
>>>>>> rtcweb mailing list
>>>>>> rtcweb@ietf.org
>>>>>> https://www.ietf.org/mailman/listinfo/rtcweb
>>>>> 
>>>>> _______________________________________________
>>>>> rtcweb mailing list
>>>>> rtcweb@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/rtcweb
>>> 
>>
>

v2.23.0 | Report a Bug | By Email