Re: [sipcore] draft-ietf-sipcore-keep - New draft version
Paul Kyzivat <pkyzivat@cisco.com> Mon, 09 August 2010 22:34 UTC
Return-Path: <pkyzivat@cisco.com>
X-Original-To: sipcore@core3.amsl.com
Delivered-To: sipcore@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4D51328C148 for <sipcore@core3.amsl.com>; Mon, 9 Aug 2010 15:34:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.502
X-Spam-Level:
X-Spam-Status: No, score=-110.502 tagged_above=-999 required=5 tests=[AWL=0.097, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1+fKicqCs7CX for <sipcore@core3.amsl.com>; Mon, 9 Aug 2010 15:33:04 -0700 (PDT)
Received: from rtp-iport-1.cisco.com (rtp-iport-1.cisco.com [64.102.122.148]) by core3.amsl.com (Postfix) with ESMTP id 8EC343A6878 for <sipcore@ietf.org>; Mon, 9 Aug 2010 15:31:17 -0700 (PDT)
Authentication-Results: rtp-iport-1.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAL4eYExAZnwM/2dsb2JhbACgUXGoQptfhToEiTs
X-IronPort-AV: E=Sophos;i="4.55,345,1278288000"; d="scan'208";a="145472574"
Received: from rtp-core-1.cisco.com ([64.102.124.12]) by rtp-iport-1.cisco.com with ESMTP; 09 Aug 2010 22:31:50 +0000
Received: from [161.44.174.142] (dhcp-161-44-174-142.cisco.com [161.44.174.142]) by rtp-core-1.cisco.com (8.13.8/8.14.3) with ESMTP id o79MVoN7006139; Mon, 9 Aug 2010 22:31:50 GMT
Message-ID: <4C6081DB.6000504@cisco.com>
Date: Mon, 09 Aug 2010 18:31:55 -0400
From: Paul Kyzivat <pkyzivat@cisco.com>
User-Agent: Thunderbird 2.0.0.24 (Windows/20100228)
MIME-Version: 1.0
To: Christer Holmberg <christer.holmberg@ericsson.com>
References: <7F2072F1E0DE894DA4B517B93C6A05850B5C23@ESESSCMS0356.eemea.ericsson.se> <7F2072F1E0DE894DA4B517B93C6A05850CA572@ESESSCMS0356.eemea.ericsson.se>, <4C5821D6.6030907@cisco.com> <7F2072F1E0DE894DA4B517B93C6A05850B5C3B@ESESSCMS0356.eemea.ericsson.se>, <4C583887.8030700@cisco.com> <7F2072F1E0DE894DA4B517B93C6A05850B5C3E@ESESSCMS0356.eemea.ericsson.se> <4C583FD3.6060901@cisco.com> <7F2072F1E0DE894DA4B517B93C6A05850CA84A@ESESSCMS0356.eemea.ericsson.se>
In-Reply-To: <7F2072F1E0DE894DA4B517B93C6A05850CA84A@ESESSCMS0356.eemea.ericsson.se>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: SIPCORE <sipcore@ietf.org>, Peter Musgrave <peter.musgrave@magorcorp.com>
Subject: Re: [sipcore] draft-ietf-sipcore-keep - New draft version
X-BeenThere: sipcore@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: SIP Core Working Group <sipcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/sipcore>
List-Post: <mailto:sipcore@ietf.org>
List-Help: <mailto:sipcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sipcore>, <mailto:sipcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Aug 2010 22:34:29 -0000
Christer, [speaking as individual] I have reviewed the new version. The change in use of upstream and downstream has worked out well - it now seems understandable and not upside down. *Except* I think you missed changing one place - in 1.1: In some cases a User Agent Client (UAC) does not register itself before it establishes a session, but in order to maintain NAT bindings open during the session it still needs to be able to negotiate sending of keep-alives towards its adjacent upstream SIP entity. A typical example is an emergency call, where a registration is not always required in order to make the call. In that "upstream" should be "donwstream". But I still think there are problems with the rules for routing messages so as to take advantage of the keep-alives while avoiding doing anything improper. The intro lists three cases, but I think two of them (1.1 and 1.3) are describing the same situation. So we get two cases from there: WITH-OUTBOUND: no register, dialog establishing request, outbound *is* in use. There is need of negotiating keep-alive use that isn't negotiated as part of outbound WITHOUT-OUTBOUND: outbound is not supported and so not used, but keep-alives still desired. Includes both REGISTER and Dialog-establishing sub-cases. In the WITH-OUTBOUND case: outbound results in the negotiation of keep-alives on the last hop to the UA. So IIUC, the use of keep is to negotiate keep-alives on other hops along the path. 5626 specifies the procedures for selecting/reusing the flow for subsequent requests in dialog for the hop it is concerned with. It does not do so for any other hop. keep-05 has text added to 4.4 for this case, but I don't think it is right. This is a case that could be covered, in part, by 5923 (connect-reuse). In the TLS case where 5923 allows bidirectional use of a connection, the keep-alive mechanism is complementary. But that is no good for TCP or UDP. The security concerns that prevented 5923 from permitting bidirectional use of TCP are also reasons it can't in general be used here. It should arguably be ok to use TCP and UDP bidirectionally here as long as the usage is restricted to in-dialog requests. But its going to take some additional text to limit it this way and explain the reason that security is not compromised. In the WITHOUT-OUTBOUND case: You can't fall back on outbound to give any guidance on when to use a flow and when not. In the dialog-establishing case, the rules that apply to the non-last hops in the WITH-OUTBOUND case should also apply here, even to the last hop. In the REGISTER case it gets harder. The problem is that you want to support new outbound out-of-dialog requests. If you have a TLS connection, then 5923 tells you when you can do it. Without that, the reuse of the flow must be tied to the registration in some way. I know you want this for IMS which has its own form of secure connection. But you are going to have to find some way to specify it here that will survive security considerations scrutiny. I don't know what that might be. In any case, I suspect you need to reinstate the references to 5923 to make this all work. I'm still hoping to get comments from an outbound expert here. They might be able to put all this stuff in context better than I can. Thanks, Paul Christer Holmberg wrote: > (Private) > > Hi, > > Based on your WGLC comments/discussions, I have put together a new version draft. > > It can be found at: > > http://users.piuha.net/cholmber/drafts/draft-ietf-sipcore-keep-05pre.txt > > Please check whether your issues have been addressed. > > Please note that I have now "switched" downstream and upstream, and suggested definition text for those. > > Please also note that I for now have removed section 6, regarding overlapping with the connect-reuse spec. > > Regards, > > Christer
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Peter Musgrave
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Peter Musgrave
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Paul Kyzivat
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Paul Kyzivat
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Paul Kyzivat
- Re: [sipcore] draft-ietf-sipcore-keep - Peter's c… Christer Holmberg
- Re: [sipcore] draft-ietf-sipcore-keep - New draft… Paul Kyzivat