Re: [rtcweb] JSEP: Why always offer actpass?

Christer Holmberg <christer.holmberg@ericsson.com> Sat, 29 November 2014 05:01 UTC

Return-Path: <christer.holmberg@ericsson.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6956E1A002C for <rtcweb@ietfa.amsl.com>; Fri, 28 Nov 2014 21:01:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZpBxezprmxBy for <rtcweb@ietfa.amsl.com>; Fri, 28 Nov 2014 21:01:23 -0800 (PST)
Received: from sessmg23.ericsson.net (sessmg23.ericsson.net [193.180.251.45]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5892F1A002B for <rtcweb@ietf.org>; Fri, 28 Nov 2014 21:01:23 -0800 (PST)
X-AuditID: c1b4fb2d-f79fc6d000001087-12-547953202960
Received: from ESESSHC008.ericsson.se (Unknown_Domain [153.88.253.124]) by sessmg23.ericsson.net (Symantec Mail Security) with SMTP id 6B.2B.04231.02359745; Sat, 29 Nov 2014 06:01:21 +0100 (CET)
Received: from ESESSMB209.ericsson.se ([169.254.9.189]) by ESESSHC008.ericsson.se ([153.88.183.42]) with mapi id 14.03.0195.001; Sat, 29 Nov 2014 06:01:20 +0100
From: Christer Holmberg <christer.holmberg@ericsson.com>
To: Roman Shpount <roman@telurix.com>
Thread-Topic: [rtcweb] JSEP: Why always offer actpass?
Thread-Index: AdAH/G6saC/Ce4vxTgqv23nLTon8JADE6FaAAAJOeiAAECRyAAANRj6g
Date: Sat, 29 Nov 2014 05:01:20 +0000
Message-ID: <7594FB04B1934943A5C02806D1A2204B1D54BB03@ESESSMB209.ericsson.se>
References: <1447FA0C20ED5147A1AA0EF02890A64B1D0D579E@ESESSMB209.ericsson.se> <CAOJ7v-1ztXies0-W3B2=zWaydeLTuR8tU7v15nqyTw+MwGE+rw@mail.gmail.com> <1447FA0C20ED5147A1AA0EF02890A64B1D0D5A4B@ESESSMB209.ericsson.se> <E1FE4C082A89A246A11D7F32A95A17828E63C45B@US70UWXCHMBA02.zam.alcatel-lucent.com> <1447FA0C20ED5147A1AA0EF02890A64B1D0D5FB6@ESESSMB209.ericsson.se> <E1FE4C082A89A246A11D7F32A95A17828E63C90D@US70UWXCHMBA02.zam.alcatel-lucent.com> <1447FA0C20ED5147A1AA0EF02890A64B1D0D86B9@ESESSMB209.ericsson.se> <CAD5OKxskhmnHO6rLB4t7vM6Y=fVf0PwYPXsfONJjM=wzx8vHoA@mail.gmail.com> <7594FB04B1934943A5C02806D1A2204B1D53F719@ESESSMB209.ericsson.se> <CAD5OKxt+3Tn1SiHu7u_t7AixBVS1ev0Z=vdZg0mMwmm-Tg74yA@mail.gmail.com>
In-Reply-To: <CAD5OKxt+3Tn1SiHu7u_t7AixBVS1ev0Z=vdZg0mMwmm-Tg74yA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [153.88.183.149]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrOLMWRmVeSWpSXmKPExsUyM+Jvja5icGWIwb2PfBYzLkxltlj7r53d gcljyZKfTB63phQEMEVx2aSk5mSWpRbp2yVwZfyY9pip4IJ0xcOZCQ2MX6S6GDk5JARMJCZ1 LmKHsMUkLtxbzwZiCwkcYZSYeriui5ELyF7CKPFk2WbmLkYODjYBC4nuf9ogNSICqhJ/v09m ArGZBcokbpw+xQhiCwuYSryfe4QZosZMYuHJCYwQtpvEh/UPWUHGsAD1blodABLmFfCVePRs JyvE2husEru3cILYnAKBEs/2HgJrZQQ67fupNVCrxCVuPZnPBHGygMSSPeeZIWxRiZeP/7FC 2EoSaw9vZwFZxSygKbF+lz5Eq6LElO6H7BBrBSVOznzCMoFRbBaSqbMQOmYh6ZiFpGMBI8sq RtHi1OLi3HQjY73Uoszk4uL8PL281JJNjMCYObjlt+4OxtWvHQ8xCnAwKvHwFshWhAixJpYV V+YeYpTmYFES5110bl6wkEB6YklqdmpqQWpRfFFpTmrxIUYmDk6pBkZWCfF7tsYaGYYHPvxR 9oubHFF044xK94OpCw8lHu7+8ubGso2LWIt6ReSyyya6q5w/oeFctHmirNnmrSbu/WFhHtW2 XwN2OMVsbr10mG9R9fXJLzdJCYlazYno4d1s9H5K8Y62SRenzrla6HQqwTfKdGrJUu+ZnG9/ PNq2+c3ZDbmvHNwDJY4osRRnJBpqMRcVJwIAVed6ZXoCAAA=
Archived-At: http://mailarchive.ietf.org/arch/msg/rtcweb/xp5yBRu_GP2vuBjvB8fOjv7c3dk
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] JSEP: Why always offer actpass?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 29 Nov 2014 05:01:25 -0000

Hi,

>>RFC 7345 (UDPTL-DTLS) says the following:
>>
>>        "Once an offer/answer exchange has been completed, either endpoint MAY
>>        send a new offer in order to modify the session.  The endpoints can
>>        reuse the existing DTLS association if the key fingerprint values and
>>        transport parameters indicated by each endpoint are unchanged.
>>        Otherwise, following the rules for the initial offer/answer exchange,
>>        the endpoints can negotiate and create a new DTLS association and,
>>        once created, delete the previous DTLS association, following the
>>        same rules for the initial offer/answer exchange.  Each endpoint
>>        needs to be prepared to receive data on both the new and old DTLS
>>        associations as long as both are alive."
>>
>> So, I guess that can be read in a way that the setup attribute as such does not impact previously 
>> negotiated TLS roles - unless the key fingerprint values and/or transport parameters are modified.
>>
>> The SCTP-SDP draft currently says that a subsequent offer must not change the previously negotiated roles. But, I guess 
>> we could say something similar as in RFC 7345.
>
> I have struggled with this language quite a bit from the implementation perspective. I think we need to explicitly state 
> that endpoints MUST reuse the existing association if the key fingerprint values and transport parameters indicated 
> by each endpoint are unchanged.

We could take such general approach.

However, for ‘SCTP/DTLS’ (DTLS over SCTP), I assume that the DTLS connection will also be re-established if the underlying SCTP association is re-established - even if no transport parameters etc are changed.

Also, RFC 6083 says:

                “Each DTLS connection MUST be established and terminated within the same SCTP association.”


> The way this language reads to me is that endpoints can reuse the existing association if they want to, but they can create a new one if they don't. Also, when this new 
> association is created, it is unclear if old setup roles MUST be preserved or if they MUST be selected based on the current offer/answer exchange. It seems the current 
> specification language is not strong or clear enough on this topic.

In my opinion, IF a new DTLS connection needs to be established (for whatever reasons), the current roles should be used.

BTW, I think this whole discussion belongs to MMUSIC, as it is Offer/Answer related :)

Regards,

Christer