Re: [sipcore] draft-ietf-sipcore-keep - New draft version
Paul Kyzivat <pkyzivat@cisco.com> Mon, 09 August 2010 22:34 UTC
Return-Path: <pkyzivat@cisco.com>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4D51328C148 for <sipcore@core3.amsl.com>; Mon, 9 Aug 2010 15:34:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.502
X-Spam-Level:
X-Spam-Status: No, score=-110.502 tagged_above=-999 required=5 tests=[AWL=0.097, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1+fKicqCs7CX for <sipcore@core3.amsl.com>; Mon, 9 Aug 2010 15:33:04 -0700 (PDT)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id 8EC343A6878 for <sipcore@ietf.org>; Mon, 9 Aug 2010 15:31:17 -0700 (PDT)
Authentication-Results: rtp-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAL4eYExAZnwM/2dsb2JhbACgUXGoQptfhToEiTs
X-IronPort-AV: E=Sophos;i="4.55,345,1278288000"; d="scan'208";a="145472574"
Received: from rtp-core-1.cisco.com ([64.102.124.12]) by rtp-iport-1.cisco.com with ESMTP; 09 Aug 2010 22:31:50 +0000
Received: from [161.44.174.142] (dhcp-161-44-174-142.cisco.com [161.44.174.142]) by rtp-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o79MVoN7006139; Mon, 9 Aug 2010 22:31:50 GMT
Message-ID: <4C6081DB.6000504@cisco.com>
Date: Mon, 09 Aug 2010 18:31:55 -0400
From: Paul Kyzivat <pkyzivat@cisco.com>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: Christer Holmberg <christer.holmberg@ericsson.com>
References: <7F2072F1E0DE894DA4B517B93C6A05850B5C23@ESESSCMS0356.eemea.ericsson.se> <7F2072F1E0DE894DA4B517B93C6A05850CA572@ESESSCMS0356.eemea.ericsson.se>, <4C5821D6.6030907@cisco.com> <7F2072F1E0DE894DA4B517B93C6A05850B5C3B@ESESSCMS0356.eemea.ericsson.se>, <4C583887.8030700@cisco.com> <7F2072F1E0DE894DA4B517B93C6A05850B5C3E@ESESSCMS0356.eemea.ericsson.se> <4C583FD3.6060901@cisco.com> <7F2072F1E0DE894DA4B517B93C6A05850CA84A@ESESSCMS0356.eemea.ericsson.se>
In-Reply-To: <7F2072F1E0DE894DA4B517B93C6A05850CA84A@ESESSCMS0356.eemea.ericsson.se>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: SIPCORE <sipcore@ietf.org>, Peter Musgrave <peter.musgrave@magorcorp.com>
Subject: Re: [sipcore] draft-ietf-sipcore-keep - New draft version
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2010 22:34:29 -0000
Christer,
[speaking as individual]
I have reviewed the new version. The change in use of upstream and
downstream has worked out well - it now seems understandable and not
upside down. *Except* I think you missed changing one place - in 1.1:
In some cases a User Agent Client (UAC) does not register itself
before it establishes a session, but in order to maintain NAT
bindings open during the session it still needs to be able to
negotiate sending of keep-alives towards its adjacent upstream SIP
entity. A typical example is an emergency call, where a registration
is not always required in order to make the call.
In that "upstream" should be "donwstream".
But I still think there are problems with the rules for routing messages
so as to take advantage of the keep-alives while avoiding doing anything
improper.
The intro lists three cases, but I think two of them (1.1 and 1.3) are
describing the same situation. So we get two cases from there:
WITH-OUTBOUND:
no register, dialog establishing request, outbound *is* in use.
There is need of negotiating keep-alive use that isn't negotiated
as part of outbound
WITHOUT-OUTBOUND:
outbound is not supported and so not used, but keep-alives still
desired. Includes both REGISTER and Dialog-establishing sub-cases.
In the WITH-OUTBOUND case:
outbound results in the negotiation of keep-alives on the last hop to
the UA. So IIUC, the use of keep is to negotiate keep-alives on other
hops along the path. 5626 specifies the procedures for selecting/reusing
the flow for subsequent requests in dialog for the hop it is concerned
with. It does not do so for any other hop. keep-05 has text added to 4.4
for this case, but I don't think it is right.
This is a case that could be covered, in part, by 5923 (connect-reuse).
In the TLS case where 5923 allows bidirectional use of a connection, the
keep-alive mechanism is complementary. But that is no good for TCP or
UDP. The security concerns that prevented 5923 from permitting
bidirectional use of TCP are also reasons it can't in general be used here.
It should arguably be ok to use TCP and UDP bidirectionally here as long
as the usage is restricted to in-dialog requests. But its going to take
some additional text to limit it this way and explain the reason that
security is not compromised.
In the WITHOUT-OUTBOUND case:
You can't fall back on outbound to give any guidance on when to use a
flow and when not.
In the dialog-establishing case, the rules that apply to the non-last
hops in the WITH-OUTBOUND case should also apply here, even to the last hop.
In the REGISTER case it gets harder. The problem is that you want to
support new outbound out-of-dialog requests. If you have a TLS
connection, then 5923 tells you when you can do it. Without that, the
reuse of the flow must be tied to the registration in some way. I know
you want this for IMS which has its own form of secure connection. But
you are going to have to find some way to specify it here that will
survive security considerations scrutiny. I don't know what that might be.
In any case, I suspect you need to reinstate the references to 5923 to
make this all work.
I'm still hoping to get comments from an outbound expert here. They
might be able to put all this stuff in context better than I can.
Thanks,
Paul
Christer Holmberg wrote:
> (Private)
>
> Hi,
>
> Based on your WGLC comments/discussions, I have put together a new version draft.
>
> It can be found at:
>
> http://users.piuha.net/cholmber/drafts/draft-ietf-sipcore-keep-05pre.txt
>
> Please check whether your issues have been addressed.
>
> Please note that I have now "switched" downstream and upstream, and suggested definition text for those.
>
> Please also note that I for now have removed section 6, regarding overlapping with the connect-reuse spec.
>
> Regards,
>
> Christer
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Peter Musgrave
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Peter Musgrave
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Paul Kyzivat
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Paul Kyzivat
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Paul Kyzivat
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - New draft… Paul Kyzivat