Re: [rtcweb] OPS-Dir review of draft-ietf-rtcweb-stun-consent-freshness-13

"Ram Mohan R (rmohanr)" <> Fri, 29 May 2015 02:59 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 978EF1A8789; Thu, 28 May 2015 19:59:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id r9p9CGvs762k; Thu, 28 May 2015 19:59:40 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A36EA1A876D; Thu, 28 May 2015 19:59:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=31902; q=dns/txt; s=iport; t=1432868379; x=1434077979; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=QLPF7q7AdEUejGb6rEwQ7VlBoBdypyDq7BRZGgilhKs=; b=gO63Co/5E6KH/EUkmODvrsvLvnFlRwzPeErbaiHfBrVf+uLg45NkNtC8 g/tgimkxqMv13Ajo6MBcG9qGwtn+no5vipPz6b5VRKTyPKSFBo+/VK1pd T81Z83xID7TN12GKdOg3vQyn/DtRaMzRHADb+UWbqE//0t9n3T63tgjl/ k=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.13,514,1427760000"; d="scan'208,217";a="154290433"
Received: from ([]) by with ESMTP; 29 May 2015 02:59:29 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id t4T2xTl4000972 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 29 May 2015 02:59:29 GMT
Received: from ([]) by ([]) with mapi id 14.03.0195.001; Thu, 28 May 2015 21:59:29 -0500
From: "Ram Mohan R (rmohanr)" <>
To: Christer Holmberg <>, "Tirumaleswar Reddy (tireddy)" <>, Ted Hardie <>, "Black, David" <>
Thread-Topic: [rtcweb] OPS-Dir review of draft-ietf-rtcweb-stun-consent-freshness-13
Thread-Index: AQHQmbt6Bo1mJR1ZV0+0h6pSyJVumw==
Date: Fri, 29 May 2015 02:59:29 +0000
Message-ID: <>
References: <> <> <> <> <> <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
user-agent: Microsoft-MacOutlook/
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_D18DD3D531978rmohanrciscocom_"
MIME-Version: 1.0
Archived-At: <>
Cc: joel jaeggli <>, "" <>, "" <>, "" <>
Subject: Re: [rtcweb] OPS-Dir review of draft-ietf-rtcweb-stun-consent-freshness-13
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 29 May 2015 02:59:42 -0000

I am fine with the below proposed text from Christer. It indicates that  consent document does NOT update RFC 5245 which was the confusion we have with the existing text in the draft.


From: Christer Holmberg <<>>
Date: Friday, 29 May 2015 7:36 am
To: "Tirumaleswar Reddy (tireddy)" <<>>, Ted Hardie <<>>, "Black, David" <<>>
Cc: joel jaeggli <<>>, "<>" <<>>, "<>" <<>>, "<>" <<>>
Subject: Re: [rtcweb] OPS-Dir review of draft-ietf-rtcweb-stun-consent-freshness-13


>Good point. We discuss the following point in section 4.1 of the draft about keepalives:
>   An endpoint that is not sending any application data does not need to
>   maintain consent.  However, not sending any traffic could cause NAT
>   or firewall mappings to expire.  Furthermore, having one peer unable
>   to send is detrimental to many protocols.  Absent better information
>   about the network, if an endpoint needs to ensure its NAT or firewall
>   mappings do not expire, it can be done using keepalive or other
>   techniques (see Section 10 of [RFC5245]<> and see [RFC6263<>]).
> So there is no need to send keepalives because of the media traffic as it is pointed out in Section 20.2.3 of RFC 5245
> irrespective of whether consent is used or not. I think we can remove the following line in “If consent is performed then
> there is no need to send keepalive messages." and avoid the confusion of updating RFC 5245.

I agree that the current text can confuse people, but I still think it would be good to have explicit text saying that keepalives are not sent. Perhaps something like:

“From a keepalive perspective, consent requests are considered media traffic. Because of that, dedicated keepalives (e.g. STUN binding requests) are not sent on candidate pairs where consent requests are sent, in accordance with Section 20.2.3 of [RFC5245].”



From: rtcweb [] On Behalf Of Christer Holmberg
Sent: Friday, May 29, 2015 6:54 AM
To: Ted Hardie; Black, David
Cc: joel jaeggli;<>;<>;<>
Subject: Re: [rtcweb] OPS-Dir review of draft-ietf-rtcweb-stun-consent-freshness-13


Section 20.2.3 of RFC 5245 says:

“STUN keepalives (in the form of STUN Binding Indications) are sent in
              the middle of a media session.  However, they are sent only in the
              absence of actual media traffic.”

So, in the consent draft we could say that, from a keepalive perspective, consent requests are considered media traffic. That would then implicitly mean that actual keepalives aren’t sent when consent is used. That way, the consent spec would be compliant to 5245, and there would be no need for any update etc…



From: rtcweb [] On Behalf Of Ted Hardie
Sent: 28 May 2015 23:26
To: Black, David
Cc:<>; joel jaeggli;<>;<>
Subject: Re: [rtcweb] OPS-Dir review of draft-ietf-rtcweb-stun-consent-freshness-13

Hi David,

On Thu, May 28, 2015 at 12:36 PM, Black, David <<>>

I'd expect that even overriding RFC 5245 counts as an Update,
because the result would be that the original RFC 5245 "MUST" requirement
is no longer globally applicable to all uses of RFC 5245.  In other words,
overriding RFC 5245 effectively rewrites the "MUST" to become "MUST, except
as further specified by the consent RFC."

​So I agree with you that this must be called out, but I think "Updates" is wrong for the draft's current intent.  I think what Martin has said amounts to "We have chosen to follow RFC 5245 except as detailed in sections X and Y, where we use a different set of messages to optimize the combination of heartbeat and consent."  We are not updating RFC 5245 thereby, because we are neither changing its core semantics nor offering to add a new, general semantic to RFC 5245 (we could have made that choice, but are not doing so now).  Instead of updating RFC 5245, in other words, we are limiting our reference to it.
That should be done explicitly, and I think it should be called it suffiiciently that a new spin of the draft likely needs a new round of review.  But I don't think we are required to update RFC 5245 to get that done.
I've referred the matter to our friendly AD, and we await her reading on next steps on this.  In either approach, however, this will get called out.
Ted HArdie​