IETF Logo Mail Archive

Re: [tram] Review of TURNbis-11

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Fri, 09 February 2018 13:45 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 74EA4129C53 for <tram@ietfa.amsl.com>; Fri, 9 Feb 2018 05:45:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.331
X-Spam-Level:
X-Spam-Status: No, score=-4.331 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A4qEUlPbPe5R for <tram@ietfa.amsl.com>; Fri, 9 Feb 2018 05:45:51 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5A3B126579 for <tram@ietf.org>; Fri, 9 Feb 2018 05:45:50 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1518183945; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-exchange-antispam-report-test: x-exchange-antispam-report-cfa-test:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=V mlw7KBDnf8W5BczXqOlvrteFauGSQhV8uPemKXzcr c=; b=XHf0ylZejeqzqs92OY07ouBnqvIkwayEmnERvncTZuti f2vqzQGNByU34UU7KzHYquTfvHcdjtJ0k1Es2m0H8IVOElrrSz rX2cuvAsVyRP1uqqfxdQSLXEY7DzHfLWGI/fxjpgrn8W4jDV+d oNsZiCWuf9qR+AUYQc+bUgGBCE0=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (unknown [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 63fe_ac17_e0d8166c_2d1a_4fbb_a197_5da28f039d9b; Fri, 09 Feb 2018 07:45:45 -0600
Received: from DNVEXUSR1N08.corpzone.internalzone.com (10.44.48.81) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 9 Feb 2018 06:45:41 -0700
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXUSR1N08.corpzone.internalzone.com (10.44.48.81) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Fri, 9 Feb 2018 06:45:41 -0700
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (10.44.176.243) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 9 Feb 2018 06:45:39 -0700
Received: from DM5PR16MB1788.namprd16.prod.outlook.com (10.172.44.144) by DM5PR16MB1497.namprd16.prod.outlook.com (10.173.211.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.485.10; Fri, 9 Feb 2018 13:45:39 +0000
Received: from DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) by DM5PR16MB1788.namprd16.prod.outlook.com ([10.172.44.144]) with mapi id 15.20.0464.017; Fri, 9 Feb 2018 13:45:39 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Marc Petit-Huguenin <petithug@acm.org>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: [tram] Review of TURNbis-11
Thread-Index: AQHTS1VEMV/cplA80E+CbiTeE9FOmaOcXoOggABdRYCAAAT7EA==
Date: Fri, 09 Feb 2018 13:45:39 +0000
Message-ID: <DM5PR16MB1788777DA4671DD256BBE230EAF20@DM5PR16MB1788.namprd16.prod.outlook.com>
References: <325ddd79-ef98-c8ce-de50-1ef3878cd433@acm.org> <DM5PR16MB17882606F7602CEE66009903EAF20@DM5PR16MB1788.namprd16.prod.outlook.com> <c7716d08-f265-9ce9-ed2a-513ea0ddade6@acm.org>
In-Reply-To: <c7716d08-f265-9ce9-ed2a-513ea0ddade6@acm.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.200.100
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DM5PR16MB1497; 7:bk17Kr6bH9Rj1w7TP8XkUnBy7TlhnCUk+aSk9iRqctQmxfkyeYiLNyK6+GQvlib3uiJWYW/XUMntDvV7NXU1B1OVybPxRXXYv1mogrJ0dhK+ffratDcdn1/MyoHjAERcRqu3FZUVWPWzlClk0gfxYcFOeTUuDM9uiAZT3Azkfq9TpW0a/Kx0BLcu/Pa8lbWOz63AdJtpIRiW2LQxFWhdynrBjeirDL4MQhaSFH8XMTScnt861mFwdWzSYwL0ZNPu
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: a98d8ea1-ecc8-44f1-b918-08d56fc367c9
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:DM5PR16MB1497;
x-ms-traffictypediagnostic: DM5PR16MB1497:
x-microsoft-antispam-prvs: <DM5PR16MB1497A9C8371E7F6F654352BFEAF20@DM5PR16MB1497.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(788757137089)(128460861657000)(81160342030619)(123452027830198);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040501)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231101)(2400082)(944501161)(3002001)(10201501046)(6041288)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123558120)(20161123564045)(6072148)(201708071742011); SRVR:DM5PR16MB1497; BCL:0; PCL:0; RULEID:; SRVR:DM5PR16MB1497;
x-forefront-prvs: 057859F9C5
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(346002)(39380400002)(396003)(366004)(13464003)(199004)(189003)(32952001)(252514010)(51444003)(55016002)(316002)(81156014)(66066001)(8936002)(6246003)(8676002)(53936002)(81166006)(5660300001)(2906002)(478600001)(106356001)(33656002)(3846002)(72206003)(6436002)(105586002)(9686003)(966005)(45080400002)(110136005)(7696005)(6116002)(6306002)(99286004)(68736007)(59450400001)(6506007)(97736004)(3280700002)(76176011)(2501003)(80792005)(229853002)(3660700001)(2950100002)(53546011)(86362001)(26005)(77096007)(25786009)(186003)(74316002)(2900100001)(102836004)(7736002)(305945005)(14454004)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1497; H:DM5PR16MB1788.namprd16.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: agLZjNZqNnehwvn8Z2xbq/yhwxotONCYmtkzCxs7TPOg47blTiDaitmuQ72KFDATTkSGq1gBidBWM4YY4//uSQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: a98d8ea1-ecc8-44f1-b918-08d56fc367c9
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Feb 2018 13:45:39.2278 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1497
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6219> : inlines <6384> : streams <1778482> : uri <2589758>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/V6zYcKCFC7kIb-kVgc19a483g2M>
Subject: Re: [tram] Review of TURNbis-11
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Feb 2018 13:45:53 -0000

> -----Original Message-----
> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Marc Petit-
> Huguenin
> Sent: Friday, February 9, 2018 6:54 PM
> To: Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@McAfee.com>; tram@ietf.org
> Subject: Re: [tram] Review of TURNbis-11
> 
> Hi,
> 
> My responses inline.
> 
> On 02/09/2018 03:53 AM, Konda, Tirumaleswar Reddy wrote:
> > Hi Marc,
> >
> > Please see inline
> >
> >> -----Original Message-----
> >> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Marc Petit-
> >> Huguenin
> >> Sent: Sunday, October 22, 2017 10:16 PM
> >> To: tram@ietf.org
> >> Subject: [tram] Review of TURNbis-11
> >>
> >> This is the second part of my review of TURNbis-11, i.e. everything
> >> but the dual allocation part.
> >>
> >> - Section 2.1, last paragraph:
> >>
> >> May be a reference to RFC 5764 and RFC 7983 can be useful here.  Same
> >> in section 4, second paragraph and following.  Same at the beginning
> >> of section 11.  Again in section 11.6 (if multiplexed, the message in
> >> the reserved range is not necessarily discarded).
> >
> > Even if the same host transport address is used for other protocols,
> incoming packets to the TURN channel can be identified by just examining
> the source address of the packet.
> > May be I am missing something, I did not get a problem ?
> 
> It was just an attempt to make TURN implementers aware of the demux
> issues.

Got it, added the following line:
The algorithm of demultiplexing packets received from
multiple protocols is discussed in [RFC7983].

> 
> >
> >>
> >> - Section 2.2, first paragraph:
> >>
> >> I think that an informative reference to RFC 7635 may be useful
> >> there, as alternative to the STUN authentication mechanism.
> >
> > Yes, updated.
> >
> >>
> >> - Section 2.9:
> >>
> >> The whole 2.9 section and subsections looks normative and so should
> >> be moved after section 3, perhaps on their own top level section.
> >
> > Done.
> >
> >>
> >> - Section 4, 4th paragraph:
> >>
> >> I would replace "For each allocation..." by "For each Allocate
> >> request...", because of the dual allocation feature.
> >
> > Fixed.
> >
> >>
> >> - Section 4, 12th paragraph:
> >>
> >> Should make clear clear that UDP covers also DTLS.
> >
> > Yes, updated.
> >
> >>
> >> - Section 6.1, 2nd paragraph:
> >>
> >> If the port is multiplexed with other protocols (RTP, WebRtc, etc..)
> >> then it has to reuse an existing socket.  The document should explain this.
> >
> > It's already covered in Section 2.1 (last paragraph).
> >
> >>
> >> - Section 6.2, 3th paragraph:
> >>
> >> Is it time to recommend DTLS instead of UDP?  In that case we need to
> >> make DTLS mandatory in section 4 paragraph 11 (and I support that
> change).
> >
> > No, DTLS has both advantages (e.g. dictionary attack)  and disadvantages
> (e.g. double encryption of application data).
> 
> OK.
> 
> >
> >>
> >> - Section 6.4, second bullet:
> >>
> >> Replace "...SRV procedures)." with "...DNS resolution procedures)."
> >
> > Any specific reason for the replacement ?
> 
> This is to not exclude NPATR procedures (RFC 5928).

Updated second bullet.

Cheers,
-Tiru

> 
> >
> >>
> >> - Sections 14, 15 and 16:
> >>
> >> These are no longer new methods and attributes.  See also the next
> >> comment.
> >
> > Fixed.
> >
> >>
> >> - Section 19:
> >>
> >> Here you need to update the existing methods, attributes and error
> >> code so the IANA registries point to the RFC-to-be, then you request
> >> allocation for the new attributes.  See section 17 of STUNbis on a
> >> way to do that (that was done following a discussion with the IANA
> representative at an IETF meeting).
> >
> > Thanks, updated draft.
> >
> >>
> >> Note that ICMP should be comprehension-mandatory, not optional, as
> we
> >> do not want an old client to reject a Data indication with an ICMP attribute.
> >
> > If the indication contains unknown comprehension-required attributes, the
> behavior is the indication is discarded and processing ceases.
> >
> >>
> >> Also, I do not know what this SendErr method is.
> >
> > Removed SendErr (stale entry from a previous version of the draft).
> >
> >>
> >>
> >> Nits
> >> ----
> >>
> >> Section 1:
> >>
> >> s/connection to the Internet ./connection to the Internet./
> >>
> >> Section 2.4, first paragraph:
> >>
> >> The text switches between the words "mechanisms" and "way".  Choose
> >> one.
> >>
> >> Section 6.2, item 8:
> >>
> >> s/ADDITIONAL- ADDRESS-FAMILY/ADDITIONAL-ADDRESS-FAMILY/
> >>
> >> Section 12.1, "Preferred Behavior"
> >>
> >> s/Label Field[RFC3697]/Label Field [RFC3697]/
> >>
> >> Section 21:
> >>
> >> s/ADDRESS-ERRR-CODE/ADDRESS-ERR-CODE/
> >>
> >> Section 22:
> >>
> >> s/orginal/original/
> >
> > Thanks, fixed all above nits.
> >
> > Cheers,
> > -Tiru
> >
> >>
> 
> 
> 
> --
> Marc Petit-Huguenin
> Email: marc@petit-huguenin.org
> Blog: https://marc.petit-huguenin.org
> Profile: https://www.linkedin.com/in/petithug

v2.23.0 | Report a Bug | By Email