Re: [tram] Review of TURNbis-11
Marc Petit-Huguenin <petithug@acm.org> Fri, 02 March 2018 21:33 UTC
Return-Path: <petithug@acm.org>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2520120227 for <tram@ietfa.amsl.com>; Fri, 2 Mar 2018 13:33:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.442
X-Spam-Level:
X-Spam-Status: No, score=-0.442 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_SOFTFAIL=0.665] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sVkBB-Fb1FSW for <tram@ietfa.amsl.com>; Fri, 2 Mar 2018 13:33:52 -0800 (PST)
Received: from implementers.org (unknown [92.243.22.217]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EB321200E5 for <tram@ietf.org>; Fri, 2 Mar 2018 13:33:52 -0800 (PST)
Received: from [IPv6:2601:648:8301:730f:b138:267a:383f:dbfc] (unknown [IPv6:2601:648:8301:730f:b138:267a:383f:dbfc]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id 2175FAE814; Fri, 2 Mar 2018 22:33:49 +0100 (CET)
To: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, "tram@ietf.org" <tram@ietf.org>
References: <325ddd79-ef98-c8ce-de50-1ef3878cd433@acm.org> <DM5PR16MB17882606F7602CEE66009903EAF20@DM5PR16MB1788.namprd16.prod.outlook.com> <c7716d08-f265-9ce9-ed2a-513ea0ddade6@acm.org> <DM5PR16MB1788777DA4671DD256BBE230EAF20@DM5PR16MB1788.namprd16.prod.outlook.com>
From: Marc Petit-Huguenin <petithug@acm.org>
Message-ID: <d496aa92-6c68-53f4-efca-34ac2880cfbc@acm.org>
Date: Fri, 02 Mar 2018 13:33:48 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <DM5PR16MB1788777DA4671DD256BBE230EAF20@DM5PR16MB1788.namprd16.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="8i7WYX3y9rPsrDofusTkfVvS9mPLRZ4s8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/EINRn8dHF1FtSNFt-FvwnF0a100>
Subject: Re: [tram] Review of TURNbis-11
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Mar 2018 21:33:54 -0000
As suggested by Brandon, I reviewed turnbis-14 for the modifications agreed on below, and found one discrepancy. See inline. On 02/09/2018 05:45 AM, Konda, Tirumaleswar Reddy wrote: >> -----Original Message----- >> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Marc Petit- >> Huguenin >> Sent: Friday, February 9, 2018 6:54 PM >> To: Konda, Tirumaleswar Reddy >> <TirumaleswarReddy_Konda@McAfee.com>; tram@ietf.org >> Subject: Re: [tram] Review of TURNbis-11 >> >> Hi, >> >> My responses inline. >> >> On 02/09/2018 03:53 AM, Konda, Tirumaleswar Reddy wrote: >>> Hi Marc, >>> >>> Please see inline >>> >>>> -----Original Message----- >>>> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Marc Petit- >>>> Huguenin >>>> Sent: Sunday, October 22, 2017 10:16 PM >>>> To: tram@ietf.org >>>> Subject: [tram] Review of TURNbis-11 >>>> >>>> This is the second part of my review of TURNbis-11, i.e. everything >>>> but the dual allocation part. >>>> >>>> - Section 2.1, last paragraph: >>>> >>>> May be a reference to RFC 5764 and RFC 7983 can be useful here. Same >>>> in section 4, second paragraph and following. Same at the beginning >>>> of section 11. Again in section 11.6 (if multiplexed, the message in >>>> the reserved range is not necessarily discarded). >>> >>> Even if the same host transport address is used for other protocols, >> incoming packets to the TURN channel can be identified by just examining >> the source address of the packet. >>> May be I am missing something, I did not get a problem ? >> >> It was just an attempt to make TURN implementers aware of the demux >> issues. > > Got it, added the following line: > The algorithm of demultiplexing packets received from > multiple protocols is discussed in [RFC7983]. > >> >>> >>>> >>>> - Section 2.2, first paragraph: >>>> >>>> I think that an informative reference to RFC 7635 may be useful >>>> there, as alternative to the STUN authentication mechanism. >>> >>> Yes, updated. >>> >>>> >>>> - Section 2.9: >>>> >>>> The whole 2.9 section and subsections looks normative and so should >>>> be moved after section 3, perhaps on their own top level section. >>> >>> Done. >>> >>>> >>>> - Section 4, 4th paragraph: >>>> >>>> I would replace "For each allocation..." by "For each Allocate >>>> request...", because of the dual allocation feature. >>> >>> Fixed. >>> >>>> >>>> - Section 4, 12th paragraph: >>>> >>>> Should make clear clear that UDP covers also DTLS. >>> >>> Yes, updated. I cannot find this update in turn-14. >>> >>>> >>>> - Section 6.1, 2nd paragraph: >>>> >>>> If the port is multiplexed with other protocols (RTP, WebRtc, etc..) >>>> then it has to reuse an existing socket. The document should explain this. >>> >>> It's already covered in Section 2.1 (last paragraph). >>> >>>> >>>> - Section 6.2, 3th paragraph: >>>> >>>> Is it time to recommend DTLS instead of UDP? In that case we need to >>>> make DTLS mandatory in section 4 paragraph 11 (and I support that >> change). >>> >>> No, DTLS has both advantages (e.g. dictionary attack) and disadvantages >> (e.g. double encryption of application data). >> >> OK. >> >>> >>>> >>>> - Section 6.4, second bullet: >>>> >>>> Replace "...SRV procedures)." with "...DNS resolution procedures)." >>> >>> Any specific reason for the replacement ? >> >> This is to not exclude NPATR procedures (RFC 5928). > > Updated second bullet. > > Cheers, > -Tiru > >> >>> >>>> >>>> - Sections 14, 15 and 16: >>>> >>>> These are no longer new methods and attributes. See also the next >>>> comment. >>> >>> Fixed. >>> >>>> >>>> - Section 19: >>>> >>>> Here you need to update the existing methods, attributes and error >>>> code so the IANA registries point to the RFC-to-be, then you request >>>> allocation for the new attributes. See section 17 of STUNbis on a >>>> way to do that (that was done following a discussion with the IANA >> representative at an IETF meeting). >>> >>> Thanks, updated draft. >>> >>>> >>>> Note that ICMP should be comprehension-mandatory, not optional, as >> we >>>> do not want an old client to reject a Data indication with an ICMP attribute. >>> >>> If the indication contains unknown comprehension-required attributes, the >> behavior is the indication is discarded and processing ceases. >>> >>>> >>>> Also, I do not know what this SendErr method is. >>> >>> Removed SendErr (stale entry from a previous version of the draft). >>> >>>> >>>> >>>> Nits >>>> ---- >>>> >>>> Section 1: >>>> >>>> s/connection to the Internet ./connection to the Internet./ >>>> >>>> Section 2.4, first paragraph: >>>> >>>> The text switches between the words "mechanisms" and "way". Choose >>>> one. >>>> >>>> Section 6.2, item 8: >>>> >>>> s/ADDITIONAL- ADDRESS-FAMILY/ADDITIONAL-ADDRESS-FAMILY/ >>>> >>>> Section 12.1, "Preferred Behavior" >>>> >>>> s/Label Field[RFC3697]/Label Field [RFC3697]/ >>>> >>>> Section 21: >>>> >>>> s/ADDRESS-ERRR-CODE/ADDRESS-ERR-CODE/ >>>> >>>> Section 22: >>>> >>>> s/orginal/original/ >>> >>> Thanks, fixed all above nits. >>> -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: https://marc.petit-huguenin.org Profile: https://www.linkedin.com/in/petithug
- [tram] Review of TURNbis-11 Marc Petit-Huguenin
- Re: [tram] Review of TURNbis-11 Marc Petit-Huguenin
- Re: [tram] Review of TURNbis-11 Marc Petit-Huguenin
- Re: [tram] Review of TURNbis-11 Konda, Tirumaleswar Reddy
- Re: [tram] Review of TURNbis-11 Konda, Tirumaleswar Reddy
- Re: [tram] Review of TURNbis-11 Marc Petit-Huguenin
- Re: [tram] Review of TURNbis-11 Konda, Tirumaleswar Reddy
- Re: [tram] Review of TURNbis-11 Brandon Williams
- Re: [tram] Review of TURNbis-11 Marc Petit-Huguenin