Re: [rtcweb] Review comments on draft-ietf-rtcweb-data-protocol-03

Michael Tuexen <Michael.Tuexen@lurchi.franken.de> Tue, 25 February 2014 22:25 UTC

Return-Path: <Michael.Tuexen@lurchi.franken.de>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A8C31A02BF for <rtcweb@ietfa.amsl.com>; Tue, 25 Feb 2014 14:25:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.506
X-Spam-Level:
X-Spam-Status: No, score=-0.506 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_03_06=1.592, HELO_EQ_DE=0.35, RP_MATCHES_RCVD=-0.547, SPF_HELO_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Mrrh7f5Ki_I9 for <rtcweb@ietfa.amsl.com>; Tue, 25 Feb 2014 14:25:28 -0800 (PST)
Received: from mail-n.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa]) by ietfa.amsl.com (Postfix) with ESMTP id B1D611A0298 for <rtcweb@ietf.org>; Tue, 25 Feb 2014 14:25:27 -0800 (PST)
Received: from [192.168.1.103] (p508F31B7.dip0.t-ipconnect.de [80.143.49.183]) (Authenticated sender: macmic) by mail-n.franken.de (Postfix) with ESMTP id B7E381C1042E2; Tue, 25 Feb 2014 23:25:24 +0100 (CET)
Content-Type: text/plain; charset="iso-8859-1"
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Michael Tuexen <Michael.Tuexen@lurchi.franken.de>
In-Reply-To: <530B740E.4090707@ericsson.com>
Date: Tue, 25 Feb 2014 18:07:26 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <B163D4A9-AC33-454B-8F93-CC619AFB7A6F@lurchi.franken.de>
References: <530B740E.4090707@ericsson.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
X-Mailer: Apple Mail (2.1510)
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/uPd7wY2Yhax0Bwd5T3Umwi1Nbjw
Cc: draft-ietf-rtcweb-data-protocol@tools.ietf.org, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Review comments on draft-ietf-rtcweb-data-protocol-03
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2014 22:25:31 -0000

On Feb 24, 2014, at 5:32 PM, Magnus Westerlund <magnus.westerlund@ericsson.com> wrote:

> Hi,
> (as individual)
Hi Magnus,

thank you very much for the detailed review. Please see my comments in-line.

Best regards
Michael
> 
> I have reviewed the WebRTC Data Channel Establishment protocol
> (draft-ietf-rtcweb-data-protocol-03) and have some comments:
> 
> 1. Section 4:
> Shouldn't this section discuss the priority field?
I added in the list of consistent properties:

<t>the priority of the data Channel.</t>

and in the text below that enumeration:

??????
> 
> 2. Section 4:
> 
> The method
>   used to determine which side uses odd or even is based on the
>   underlying DTLS connection role when used in WebRTC, with the side
>   acting as the DTLS client using even stream identifiers.
> 
> Isn't this unnecessary using the vague word of WebRTC instead of simply
> pointing to the DTLS roles of the established data channel?
The point is that in the WebRTC you use DCEP/SCTP/DTLS/UDP and therefore
you can refer to the DTLS role. However, you could use DCEP/SCTP/IP
or DCEP/SCTP/UDP/IP or DCEP/SCTP over something not involving DTLS.
In that case DTLS is not used and you can not refer to the DTLS role.
That is why the restriction is used.
> 
> 3. Section 5.1:
>      DATA_CHANNEL_PARTIAL_RELIABLE_TIMED (0x02):  The channel provides
>         a partial reliable in-order bi-directional Communication
>         channel.  User messages might not be transmitted or
>         retransmitted after a specified life-time given in milli-
>         seconds in the Reliability Parameter.  This life-time starts
>         when providing the user message to the Javascript engine.
> 
> I think the use of "Javascript engine" in the last sentence is unclear.
> Can we provide a implementation neutral definition, like "This life-time
> starts when requesting transmission of the user message."?
This comment was already made on the list and I changed the text to

This life-time starts when providing the user message to the protocol stack.

OK?
> 
> 4. Section 5.1:
>   Label: Variable Length (sequence of characters)
>      The name of the channel.  This may be an empty string.
> 
>   Protocol: Variable Length (sequence of characters)
>      The protocol for the channel.  If this is an empty string the
>      protocol us unspecified.  If it is an non-empty string, it
>      specifies an IANA-registered protocol (see Section 8.4).
> 
> Both of these fields are strings, shouldn't a particular encoding be
> specified here? Like UTF-8. Secondly, what values are allowed, the full
> set of Unicode?
You are right. Any need for restrictions? We only need to be able to
transform it to a DomString.
So I changed it to:

<t hangText='Label: Variable Length (sequence of characters)'>
<vspace blankLines='0'/>
The name of the channel as a UTF-8 encoded string.
This may be an empty string.</t>

<t hangText='Protocol: Variable Length (sequence of characters)'>
<vspace blankLines='0'/>
The protocol for the channel as a UTF-8 encoded string.
If this is an empty string the protocol us unspecified.
If it is an non-empty string, it specifies an IANA-registered protocol
(see <xref target='iana_protocol'/>).</t>
> 
> 5. Section 6:
> All Data Channel Establishment Protocol messages MUST be sent
>   requesting ordered delivery and using reliable transmission.
> 
> I wonder of the use of requesting ordered delivery and using reliable
> transmission, from an SCTP stream perspective, wouldn't using in both
> places be appropriate? Or is how object which has been requested to be
> transmitted unordered interact in SCTP with the ordered ones?
I'm sorry, I don't understand what you are asking...

The reason of this restriction is that this restriction combined with

However, before the DATA_CHANNEL_ACK message or any other message has been
received on a data channel, all other messages containing user data and
belonging to this data channel MUST be sent ordered, no matter whether the
data channel is ordered or not.

makes sure that the SCTP at the peer delivers the DATA_CHANNEL_OPEN message
first on a stream.


> 6. Section 7:
> 
> I think this section can be beefed up a bit. First make clear that the
> Data Channel's required usage of DTLS ensures that the message integrity
> and possible source authentication as well as confidentiality. Then
> going over any security risks with a malicous peer using this protocol.
> Can a malicous side screw up the peer using this protocol? What are the
> implications?
Just to double check: Aren't the referenced documents the ones which
discuss all security stuff in one place?
> 
> 7. Section 8.2:
> 
> This registry reserves 0xff without any motivation, please add one.
I added:

The value 0xff has been reserved for future extensibility.

> 
> 8. Section 8.3:
> If I define a channel behavior that allows mixed ordered and unordered,
> how would I register this?
You can't. For SCTP properties like ordered/unordered delivery are
on a per message base. In RTCWeb it was decided to make per channel
base. So you can't have a data channel supporting a mixtures of
ordered and unordered messages.
> 
> 9. Section 8.4:
> 
> I have a suggestion for this registries name, instead of "Protocol
>   Registry" I propose  "DCEP Protocol Identification Registry"
The problem I have with this definition is the following:
Your name suggests that the use of this entity is restricted to
DCEP. But isn't the protocol a property of a data channel, no matter
whether negotiated by used DCEP or not?
> 
> 10. Section 8.4:
> 
> There is missing any specification of what type of strings I may
> register. Also, no length limitation, although the protocol allows at
> maximum of 255 octets of encoded characters.
I don't understand the limitation to 255 octets. The length field
is 16 bit, so you can have up to 65535 octets. Therefore I changed:
<t>A name for the protocol;</t>
to
<t>A name for the protocol which length is smaller than 65536 when using
an UTF-8 encoding;</t>
> 
> 11. This comments concerns the relation to the Data Channel
> specification. So my interpretation is that the WebRTC Data channel
> draft has become both the base for this specification as well as the one
> that specifies that the DCEP shall be implemented and supported. For
> WebRTC I don't think this matters much, but if someone likes to re-use
> the basic Data Channel specification, this structure makes it more
> difficult and have no need for the bi-directional negotiated parameter
> settings that the DCEP provides. In that case one have to sub-set the
I think the data channel draft discusses the data channels independent
how they are opened. This covers data parameters, user data transmission
and closing of data channels. The data channel protocol draft discusses
an in-band protocol for setting up data channels.
> data channel specification. I wonder if it would be better to move some
> normative statements around, so that the chain of implementation
> requirement goes draft-ietf-rtcweb-transports ->
> draft-ietf-rtcweb-data-protocol -> draft-ietf-rtcweb-data-channel thus
> providing a cleaner and more modular build up of the protocols.
I think you can implement draft-ietf-rtcweb-data-channel without
draft-ietf-rtcweb-data-protocol, but not vice versa.

So you don't like the statement:

   A simple protocol for internal negotiation is specified in
   [I-D.ietf-rtcweb-data-protocol] and MUST be supported.

from draft-ietf-rtcweb-data-channel. What would you suggest?
> 
> This a suggestion based on that it looks like others, like CLUE is going
> to use the Data Channel specification, but I am uncertain if they want
> DCEP or not.
Understood.
> 
> Cheers
> 
> Magnus Westerlund
> 
> ----------------------------------------------------------------------
> Services, Media and Network features, Ericsson Research EAB/TXM
> ----------------------------------------------------------------------
> Ericsson AB                 | Phone  +46 10 7148287
> Färögatan 6                 | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb
>