[rtcweb] Comments on draft-ietf-rtcweb-data-channel-07
Magnus Westerlund <magnus.westerlund@ericsson.com> Fri, 21 February 2014 16:27 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2395C1A04B6 for <rtcweb@ietfa.amsl.com>; Fri, 21 Feb 2014 08:27:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.851
X-Spam-Level:
X-Spam-Status: No, score=-3.851 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aJHXXuHeFgg3 for <rtcweb@ietfa.amsl.com>; Fri, 21 Feb 2014 08:27:45 -0800 (PST)
Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id E7C4C1A048B for <rtcweb@ietf.org>; Fri, 21 Feb 2014 08:27:44 -0800 (PST)
X-AuditID: c1b4fb2d-b7f5d8e000002a7b-06-53077e7c81a7
Received: from ESESSHC009.ericsson.se (Unknown_Domain [153.88.253.124]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id 55.32.10875.C7E77035; Fri, 21 Feb 2014 17:27:40 +0100 (CET)
Received: from [127.0.0.1] (153.88.183.153) by smtp.internal.ericsson.com (153.88.183.47) with Microsoft SMTP Server id 14.2.347.0; Fri, 21 Feb 2014 17:27:39 +0100
Message-ID: <53077E7B.1070900@ericsson.com>
Date: Fri, 21 Feb 2014 17:27:39 +0100
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: "rtcweb@ietf.org" <rtcweb@ietf.org>, draft-ietf-rtcweb-data-channel@tools.ietf.org
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrNJMWRmVeSWpSXmKPExsUyM+JvjW5NHXuwQcstMYurM5YwW6z9187u wOSxZMlPJo8vlz+zBTBFcdmkpOZklqUW6dslcGX0925nLtjkULFkcj97A+M/oy5GDg4JAROJ 3j/VXYycQKaYxIV769m6GLk4hAQOMUrseHSFGcJZzijRsn4nG0gVr4C2xKd1RxhBbBYBVYkr Vz8zg9hsAhYSN380gtWICgRL7DzwmxGiXlDi5MwnLCC2iECUxLT3t8HiwgJmEht2TWOCOEJc oqcxCCTMLKAnMeVqCyOELS/RvHU22HghoLUNTR2sExj5ZyGZOgtJyywkLQsYmVcxsucmZuak lxtuYgQG2MEtv3V3MJ46J3KIUZqDRUmc98Nb5yAhgfTEktTs1NSC1KL4otKc1OJDjEwcnFIN jA73QibaPWMXnyHNsHhO9vyqu8GZBnmmk/os91wMSlupfP9j++95r06XssSdTvn48Wl3UM6p 1NOFnGX/dJZ0H+zKbFyQIpxhsGTnabd5YU23vz6ymi50fMLk73O1dA90SRdO6NMoWFa8tu9+ wfZfVRk3LuutnyI0614crwxD8lP9e4eWVjYpKiqxFGckGmoxFxUnAgDBRM73/gEAAA==
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/uzsHvuJp85MQI1wvXw3D3TjxvAI
Subject: [rtcweb] Comments on draft-ietf-rtcweb-data-channel-07
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2014 16:27:48 -0000
Hi, (as individual) I have reviewed the WebRTC Data Channels draft (draft-ietf-rtcweb-data-channel-07) and have some comments. 1. Section 1: Non-media data types in the context of WebRTC are handled by using SCTP [RFC4960] encapsulated in DTLS [RFC6347]. There are many places in this draft where "media data" is a reference to the RTP transport media. I would suggest to review this and consider to change this to "RTP Transport media", or "RTP media". The reason is that I expect also real-time media to flow over the data channel. 2. Section 1: As the other SCTP extensions are discussed in the introduction, I wonder why NADA and PR-Policy isn't. 3. Section 1: Section 5 arguments SCTP over DTLS over UDP; "arguments" looks strange in the above sentence fragment. 4. Section 3.1: Note that at any time there may be no media channels, or all media channels may be inactive, and that there may also be reliable data channels in use. "no media channels" is a bit strange here as we not really call anything regarding RTP channels. I would suggest to change this to "RTP Packet Streams" or "RTP Stream". 5. Section 3.2: U-C 7: Proxy browsing, where a browser uses data channels of a PeerConnection to send and receive HTTP/HTTPS requests and data, for example to avoid local Internet filtering or monitoring. >From a data channel perspective this doesn't look strange at all, however I get the shivers from the security implications of this. To my understanding Peer A using Peer B to proxy browse must have B fetch all elements that A needs into its sandbox and then transfer it to A over the PeerConnections Data Channel. Thus, all you do are revealed to B, massive privacy consideration. Or am I missing someway that A can tunnel its HTTP request through B without having B see the content of those requests, I am especially concerned with HTTPS. If this use case is going to stay, I do want some security consideration discussion around it. 6. Section 5: " o The congestion control is modifiable for integration with media stream congestion control." As this statement is only partial correct. There is no current mechanism to negotiate congestion control, nor does it exist any alternative defined SCTP congestion control. Thus, I would like to have this sentence modified. I am however not certain to what the authors consider important. It is the fact that it is possible in the future to define a new CC algorithm and use that? 7. Section 5: o provides privacy for the SCTP control information. Is "privacy" really the right word here? Either being explicit, "source authentication, integrity and confidentiality" or something like "security"? 8. section 5: DTLS implementations used for this stack SHOULD support controlling fields of the IP layer like the Don't Fragment (DF)-bit in case of IPv4 and the Differentiated Services Code Point (DSCP) field required for supporting [I-D.ietf-rtcweb-qos]. First of all this reference must be changed. What I am currently uncertain of is what it should point on, most likely draft-dhesikan-tsvwg-rtcweb-qos-04. But, I am not yet certain how the scope is going to be divided between that document and draft-ietf-rtcweb-transports. 9. Section 5: The initial Path MTU at the IP layer MUST NOT exceed 1200 bytes for IPv4 and 1280 for IPv6. I have to say that I think MUST NOT in the above is to strict. I think SHOULD NOT is appropriate. The reason is that a deployment may actually know that a larger initial MTU is better. This value may also change due to how the networks develop in the future. 10. Section 5: Since SCTP does not support the negotiation of a congestion control algorithm yet, alternate congestion controls SHOULD either only require a different sender side behavior using existing information carried in the association or need also specify a negotiation of of a congestion control algorithm. First of all I don't like the SHOULD in this sentence. Secondly, I think we need to get a good agreement and statement what to do with SCTP's congestion control algorithm in the future. I don't like this statement saying basically agree on anything and use that. I think the IETF specification should specify something to use that we know is safe to deploy. Thus, I would strongly prefer this to simply to be changed to say that: We know we want a new congestion control that better can handle interaction the the RTP packet streams and its congestion control, but that will not be initially available. Thus use the specified congestion control and consider these issues. And if a new CC algo becomes available that can be used and should be negotiated between the endpoints somehow. 11. Section 6.1: Once support for message interleaving as currently being discussed in [I-D.ietf-tsvwg-sctp-ndata] is available, it SHOULD be supported. I don't know why you have formulated this, so awkward? NDATA is currently listed as a normative reference. This document is going to hand in the RFC-editor queue until it becomes available or an AD orders some rewriting. Thus, why not simply write a simpler statement making clear that one SHOULD support it. I would also note that there are disagreement between this and the text in Section 6.6.: To overcome this limitation, [I-D.ietf-tsvwg-sctp-ndata] defines an extension to support message interleaving. Once this extension is available, it MUST be used. Thus pick the level of requirement and then simply state that with the motivation why. Personally I think SHOULD would be acceptable. There are clear motivation why (in 6.6) why one SHOULD implelement it, and the basic functionality is still there if it is not supported and its usage will be negotiated as SCTP association creation. 12. Section 6.2: Additionally, the negotiation SHOULD include some type of congestion control selection. Another congestion control statement that I am not happy with. See issue 10. There is no default and it is also not clear on what to really negotiate. 13. Section 6.3: SCTP defines a stream as a unidirectional logical channel existing within an SCTP association one to another SCTP endpoint. The "one" looks spurious. 14. Section 6.4: These priorities MUST NOT be strict priorities. Ok, this is one part of the agreement from the earlier meeting. There was also agreement on using weighted fair queuing to solve the priorities. The inter stream priority handling needs much firmer specification. 15. Section 6.5: "This can be based on the DTLS role (the client picks even stream identifiers, the server odd stream identifiers) or done in a different way." This is very unclear and you can't know what will happen. I think it would be better to say: Unless otherwise defined or negotiated, the streams are picked based on th DTLS role. ... 16. Section 6.5: "In addition to choosing a stream, the application SHOULD also inform the protocol of the options to use for sending messages." So what is the application, and what is the protocol in this sentence? 17. Section 7. I find this insufficient. I would this section to answer the following questions: 1. Any security issues that arise from the combination of mechanism. 2. Any significant issue that one needs to know about the behavior of the mechanisms, any of the normative specs that should be highlighted? 3. Clarification on what security properties one achieve with the defined mechanism. Cheers Magnus Westerlund ---------------------------------------------------------------------- Services, Media and Network features, Ericsson Research EAB/TXM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [rtcweb] Comments on draft-ietf-rtcweb-data-chann… Magnus Westerlund
- [rtcweb] Comments on draft-ietf-rtcweb-data-chann… Paul Kyzivat
- Re: [rtcweb] Comments on draft-ietf-rtcweb-data-c… Barry Dingle
- Re: [rtcweb] Comments on draft-ietf-rtcweb-data-c… Magnus Westerlund
- Re: [rtcweb] Comments on draft-ietf-rtcweb-data-c… Barry Dingle
- Re: [rtcweb] Comments on draft-ietf-rtcweb-data-c… Randell Jesup
- Re: [rtcweb] Comments on draft-ietf-rtcweb-data-c… Michael Tuexen
- Re: [rtcweb] Comments on draft-ietf-rtcweb-data-c… Michael Tuexen
- Re: [rtcweb] Comments on draft-ietf-rtcweb-data-c… Michael Tuexen
- Re: [rtcweb] Comments on draft-ietf-rtcweb-data-c… Michael Tuexen