Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-consent-freshness-08.txt - Some additional questions
"Ram Mohan R (rmohanr)" <rmohanr@cisco.com> Wed, 12 November 2014 16:16 UTC
Return-Path: <rmohanr@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32F341A8716 for <rtcweb@ietfa.amsl.com>; Wed, 12 Nov 2014 08:16:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.095
X-Spam-Level:
X-Spam-Status: No, score=-15.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.594, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2Dn9MW54e6fU for <rtcweb@ietfa.amsl.com>; Wed, 12 Nov 2014 08:16:23 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CDCF71A86F6 for <rtcweb@ietf.org>; Wed, 12 Nov 2014 08:16:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6172; q=dns/txt; s=iport; t=1415808983; x=1417018583; h=from:to:subject:date:message-id:references:in-reply-to: content-id:content-transfer-encoding:mime-version; bh=eoBesrnqAy8ZxF4mrQMzZcK7+/xQbTPBAazQRmWgxrM=; b=itUcxczjs3LAbE5ZkVnCohAEVziki+PthNPvF4t8IWsH3kqygKGLrpDi VxWQVEVtDngh9lbgHZ2QF4XGf3OC5MhMmYRKh4RVEftd7W1rPDfqzKu2Q N4l8ncY1wFPTDR+0qsCmsaqNCAH+i/ZX5su2LUE2U6lBHCnc/lnm0ezV+ 0=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AoYIABSHY1StJA2J/2dsb2JhbABcgw6BLQSDAtB9Ahx/FgEBAQEBfYQCAQEBBDRRBAIBCBEDAQIFHwkCAjAdCAIEARKIQZwqnFcGllUBAQEBAQEBAQEBAQEBAQEBARuBJ490BoJrgVoFkjqLd4E0g0+NWoQKgjaBRm2BSIEDAQEB
X-IronPort-AV: E=Sophos;i="5.07,369,1413244800"; d="scan'208";a="95941055"
Received: from alln-core-4.cisco.com ([173.36.13.137]) by alln-iport-2.cisco.com with ESMTP; 12 Nov 2014 16:16:22 +0000
Received: from xhc-aln-x10.cisco.com (xhc-aln-x10.cisco.com [173.36.12.84]) by alln-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id sACGGMcO012833 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 12 Nov 2014 16:16:22 GMT
Received: from xmb-aln-x05.cisco.com ([169.254.11.222]) by xhc-aln-x10.cisco.com ([173.36.12.84]) with mapi id 14.03.0195.001; Wed, 12 Nov 2014 10:16:21 -0600
From: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
To: Christer Holmberg <christer.holmberg@ericsson.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-consent-freshness-08.txt - Some additional questions
Thread-Index: AQHP/pP/dBCMjI/UmUKzOsZcpo+Fkg==
Date: Wed, 12 Nov 2014 16:16:21 +0000
Message-ID: <D0898477.19024%rmohanr@cisco.com>
References: <7594FB04B1934943A5C02806D1A2204B1D4CE861@ESESSMB209.ericsson.se>
In-Reply-To: <7594FB04B1934943A5C02806D1A2204B1D4CE861@ESESSMB209.ericsson.se>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.3.140616
x-originating-ip: [10.65.77.107]
Content-Type: text/plain; charset="euc-kr"
Content-ID: <0B903C97A3B31746B36610D3ED2ABAEA@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/kPKntqBGErylPg3tu3vMVHeB7tQ
Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-consent-freshness-08.txt - Some additional questions
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Nov 2014 16:16:26 -0000
Hi Christer, Thanks for your review. Please see inline -----Original Message----- From: Christer Holmberg <christer.holmberg@ericsson.com> Date: Monday, 27 October 2014 11:40 pm To: Cisco Employee <rmohanr@cisco.com>, "rtcweb@ietf.org" <rtcweb@ietf.org> Subject: RE: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-consent-freshness-08.txt - Some additional questions >Hi, > >Thanks for putting together the new version! It makes a number of things >more clear :) > >I do still have a few comments/questions (hopefully editorial ones), >though: > >Q1: >----- > >I think it would be good to explicitly clarify that, when consent expires >on a 5-tuple/candidate pair, it does not affect other 5-tuples within the >session. I have received questions on that, so I think some words would >be useful to make it more clear. > >(Of course, one CAN choose to terminate the whole session if consent >expires on a candidate pair, but that depends on application policy). Section 4.1 5th paragraph currently has this text: "if a valid STUN binding response corresponding to any STUN request sent in the last 30 seconds has not been received from the remote peer's transport address, the endpoint MUST cease transmission on that 5-tuple.² When Consent expires it is up to the application policy to decide on what to do. As you said it can choose to terminate the whole session or continue sending data on other 5-tuples. In this draft we should just say that the endpoint stops transmission on that 5-tuple for which consent failed which is what the above text in the draft says. IMO that is sufficient. > > >Q2: >----- > >If consent expires, and I stop sending application data, will I still >send STUN keep-alives etc, to keep the candidate pair, NAT bindings etc >alive? > >There IS text saying: > > "An endpoint that is not sending any application data does not need to > maintain consent. However, the endpoint needs to ensure its NAT or > firewall mappings persist which can be done using keepalive or other > techniques (see Section 10 of [RFC5245] and see [RFC6263])." > >However, that seems to be more related to cases where I don't intend to >send application data to begin with. > >So, perhaps the text above can be modified, to clarify that keepalives >etc will still be sent if consent expires. Applications can continues to do what they were doing as part of STUN/ICE (like sending STUN binding indications for NAT/FW keepalives or whatever). If some application wants to act on Consent expiry and do some thing it can do so however such a thing is not in the scope of this draft. So IMO this is outside scope of this draft and is a application policy. > > >Q3: >----- > >Section 4.1. says: > > "If the endpoint wants to send application data, it needs to first obtain > consent if its consent has expired." > >If my consent has expired, is the a time period before I can try to >obtain consent again? Can I just continue sending STUN binding requests >even if my consent expires, and wait to obtain consent again? After consent fails, browser notifies the java script and there should be no mechanism available for java script to again tell the browser to start all over again (consider a malicious java script); IMO consent can be only be re-started with ICE-restart. > >(I obviously won't send any application data until I obtain consent >again.) > > >Q4: >----- > >When my consent expires, is it considered an error if I also choose to >not receive any data? If not, I think it would be good to indicate that >one may choose to also stop receiving data in case consent expires. Consent check only deals with whether to send media or not. If Consent fails it is up the application to decide on what other actions it need to take (like stopping receiving media e.t.c) > > >Q5: >----- > >Assuming I send RTP and RTCP on separate 5-tuples, and consent expires on >one of the 5-tuples. I assume that will impact both 5-tuples, and in that >case I think it would be good to clarify. Again this is application specific behaviour. If consent fails for one 5-tuple, the application can choose to stop data on related 5-tuples as well. Don’t see a need to have such a text in this draft. We will have to document several such application behaviours if we start to do. Regards, Ram > >Thanks! > >Regards, > >Christer >
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-c… Christer Holmberg
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-c… Ram Mohan R (rmohanr)
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-c… Christer Holmberg
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-c… Ram Mohan R (rmohanr)
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-c… Martin Thomson
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-c… Christer Holmberg
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-c… Christer Holmberg
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-c… Martin Thomson
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-c… Martin Thomson
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-c… Christer Holmberg
- Re: [rtcweb] I-D Action: draft-ietf-rtcweb-stun-c… Ram Mohan R (rmohanr)