IETF Logo Mail Archive

Re: [tram] Review of TURNbis-11

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Sun, 04 March 2018 12:50 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28AC412AF83 for <tram@ietfa.amsl.com>; Sun, 4 Mar 2018 04:50:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.311
X-Spam-Level:
X-Spam-Status: No, score=-4.311 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AK0zK7eIUwro for <tram@ietfa.amsl.com>; Sun, 4 Mar 2018 04:50:29 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAC5612D779 for <tram@ietf.org>; Sun, 4 Mar 2018 04:50:28 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1520167828; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-microsoft-exchange-diagnostics: x-ms-exchange-antispam-srfa-diagnostics:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-microsoft-antispam-prvs:x-exchange-antispam-report-test: x-exchange-antispam-report-cfa-test:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-microsoft-antispam-message-info: spamdiagnosticoutput:spamdiagnosticmetadata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=b UUMlyADf+ZTIkj+3ae8dBf+fcRytWxNRMQU/Dqw0b o=; b=Rrk0owOFBn3xZHLYVhb6FZTywSq/2UY4o3XNVoSZtGZO iudwU8fCqk8wNTIYiRvaNLgnUm30BRDLEtJNDM0rM3GraTXMMK l5tbDfV7Mng2Gk0Kg1n5iNO8xDev5OopeGjOlsJHAb+f/qO9dE TGQWDoCfzcf5T2bQMe10tmP5qpg=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 1c82_be2f_7392b191_fec0_466e_b34a_ff4f9a8895d9; Sun, 04 Mar 2018 06:50:27 -0600
Received: from DNVEXUSR1N11.corpzone.internalzone.com (10.44.48.84) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Sun, 4 Mar 2018 05:50:26 -0700
Received: from DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) by DNVEXUSR1N11.corpzone.internalzone.com (10.44.48.84) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Sun, 4 Mar 2018 05:50:25 -0700
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1347.2 via Frontend Transport; Sun, 4 Mar 2018 05:50:25 -0700
Received: from NAM01-SN1-obe.outbound.protection.outlook.com (10.44.176.241) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Sun, 4 Mar 2018 05:50:24 -0700
Received: from BN6PR16MB1425.namprd16.prod.outlook.com (10.172.207.19) by BN6PR16MB1699.namprd16.prod.outlook.com (10.172.28.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.548.13; Sun, 4 Mar 2018 12:50:23 +0000
Received: from BN6PR16MB1425.namprd16.prod.outlook.com ([10.172.207.19]) by BN6PR16MB1425.namprd16.prod.outlook.com ([10.172.207.19]) with mapi id 15.20.0548.014; Sun, 4 Mar 2018 12:50:23 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Marc Petit-Huguenin <petithug@acm.org>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: [tram] Review of TURNbis-11
Thread-Index: AQHTS1VEMV/cplA80E+CbiTeE9FOmaOcXoOggABdRYCAAAT7EIAhhN4AgAKSMoA=
Date: Sun, 04 Mar 2018 12:50:23 +0000
Message-ID: <BN6PR16MB14253E401210DF0235668335EADB0@BN6PR16MB1425.namprd16.prod.outlook.com>
References: <325ddd79-ef98-c8ce-de50-1ef3878cd433@acm.org> <DM5PR16MB17882606F7602CEE66009903EAF20@DM5PR16MB1788.namprd16.prod.outlook.com> <c7716d08-f265-9ce9-ed2a-513ea0ddade6@acm.org> <DM5PR16MB1788777DA4671DD256BBE230EAF20@DM5PR16MB1788.namprd16.prod.outlook.com> <d496aa92-6c68-53f4-efca-34ac2880cfbc@acm.org>
In-Reply-To: <d496aa92-6c68-53f4-efca-34ac2880cfbc@acm.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.0.200.100
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [122.167.17.10]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR16MB1699; 7:KqPSAHs2wGbyqA3Ya2C7i4Voah7y0jVi2tw6EbX2enuAMhs2H9u5pwbuYzS9B0TR1980DpklV1zjCTZHjqrMZBLChAMn7wOwM4jqp28eLk6gkPTA899EETmVV0hd2SbmAYyu3aPitG/WjRG/fU89sfTx9ggzwfoEJKHf5EZLsC0Jdcffef9ejKP1GMFDVuzlmQsq5xpyKzQKsK6jdqHBfkDAzAW0OSshZUUqfiEdk6XV3LW15NuYhyzAqUZz4a6k
x-ms-exchange-antispam-srfa-diagnostics: SSOS;
x-ms-office365-filtering-correlation-id: 003d3c42-017a-4c7b-29bf-08d581ce7f07
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(4534165)(4627221)(201703031133081)(201702281549075)(5600026)(4604075)(3008032)(2017052603307)(7153060)(7193020); SRVR:BN6PR16MB1699;
x-ms-traffictypediagnostic: BN6PR16MB1699:
x-microsoft-antispam-prvs: <BN6PR16MB16993BA5DD3E9D1751AD3CB6EADB0@BN6PR16MB1699.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(788757137089)(128460861657000)(213716511872227)(81160342030619)(123452027830198);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040501)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(3231220)(944501244)(52105095)(6041288)(20161123562045)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123560045)(6072148)(201708071742011); SRVR:BN6PR16MB1699; BCL:0; PCL:0; RULEID:; SRVR:BN6PR16MB1699;
x-forefront-prvs: 060166847D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(396003)(39380400002)(39830400003)(366004)(346002)(376002)(51444003)(13464003)(252514010)(199004)(189003)(32952001)(229853002)(6246003)(966005)(93886005)(97736004)(99286004)(55016002)(478600001)(305945005)(7736002)(6436002)(6116002)(2950100002)(80792005)(3846002)(110136005)(53936002)(6306002)(2501003)(14454004)(76176011)(3660700001)(9686003)(72206003)(74316002)(7696005)(45080400002)(59450400001)(81166006)(81156014)(8676002)(26005)(2906002)(102836004)(316002)(86362001)(8936002)(6506007)(186003)(53546011)(106356001)(3280700002)(5660300001)(2900100001)(66066001)(105586002)(77096007)(33656002)(68736007)(25786009)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BN6PR16MB1699; H:BN6PR16MB1425.namprd16.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: rprYmiLh1rioQ/HtiE5dRCHYI/tM/io1JoFXQ1NbN/volIIbD6+vM9/HlWnybybjM805IUbYS/hAOC6jBMoTo/ywyLFxWMMXTEdaRf7VrEXynxYsd6ZJV0vpxLKYFmp/UgS6sxYQ+qjDtZ1qN1AB/KunGSxKWHXBCicCHAJFgVQv6bG/krilLzJZFcEXJgZUxVwGL5DnQJgYCM3PjVL1/RO14kpUucpfVI8kOPYNx6e690+iZNwlobI1LHTN4GdIBtVdzfx8lEm7BFAqgakLB4TBePzENYNSpZ90J1TCG2XRworUVMtrEX5fIRAAIXY/TirY+qVQb6bFTvb+IRDgzQ==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 003d3c42-017a-4c7b-29bf-08d581ce7f07
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Mar 2018 12:50:23.5965 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR16MB1699
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6234> : inlines <6449> : streams <1780501> : uri <2602170>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/X7UOsBw-Zn5GDyYpQJQZM_qJMzI>
Subject: Re: [tram] Review of TURNbis-11
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Mar 2018 12:50:38 -0000

Thanks Marc, fixed the discrepancy.

-Tiru

> -----Original Message-----
> From: Marc Petit-Huguenin [mailto:petithug@acm.org]
> Sent: Saturday, March 3, 2018 3:04 AM
> To: Konda, Tirumaleswar Reddy
> <TirumaleswarReddy_Konda@McAfee.com>; tram@ietf.org
> Subject: Re: [tram] Review of TURNbis-11
> 
> As suggested by Brandon, I reviewed turnbis-14 for the modifications agreed
> on below, and found one discrepancy.  See inline.
> 
> On 02/09/2018 05:45 AM, Konda, Tirumaleswar Reddy wrote:
> >> -----Original Message-----
> >> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Marc Petit-
> >> Huguenin
> >> Sent: Friday, February 9, 2018 6:54 PM
> >> To: Konda, Tirumaleswar Reddy
> >> <TirumaleswarReddy_Konda@McAfee.com>; tram@ietf.org
> >> Subject: Re: [tram] Review of TURNbis-11
> >>
> >> Hi,
> >>
> >> My responses inline.
> >>
> >> On 02/09/2018 03:53 AM, Konda, Tirumaleswar Reddy wrote:
> >>> Hi Marc,
> >>>
> >>> Please see inline
> >>>
> >>>> -----Original Message-----
> >>>> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Marc Petit-
> >>>> Huguenin
> >>>> Sent: Sunday, October 22, 2017 10:16 PM
> >>>> To: tram@ietf.org
> >>>> Subject: [tram] Review of TURNbis-11
> >>>>
> >>>> This is the second part of my review of TURNbis-11, i.e. everything
> >>>> but the dual allocation part.
> >>>>
> >>>> - Section 2.1, last paragraph:
> >>>>
> >>>> May be a reference to RFC 5764 and RFC 7983 can be useful here.
> >>>> Same in section 4, second paragraph and following.  Same at the
> >>>> beginning of section 11.  Again in section 11.6 (if multiplexed,
> >>>> the message in the reserved range is not necessarily discarded).
> >>>
> >>> Even if the same host transport address is used for other protocols,
> >> incoming packets to the TURN channel can be identified by just
> >> examining the source address of the packet.
> >>> May be I am missing something, I did not get a problem ?
> >>
> >> It was just an attempt to make TURN implementers aware of the demux
> >> issues.
> >
> > Got it, added the following line:
> > The algorithm of demultiplexing packets received from multiple
> > protocols is discussed in [RFC7983].
> >
> >>
> >>>
> >>>>
> >>>> - Section 2.2, first paragraph:
> >>>>
> >>>> I think that an informative reference to RFC 7635 may be useful
> >>>> there, as alternative to the STUN authentication mechanism.
> >>>
> >>> Yes, updated.
> >>>
> >>>>
> >>>> - Section 2.9:
> >>>>
> >>>> The whole 2.9 section and subsections looks normative and so should
> >>>> be moved after section 3, perhaps on their own top level section.
> >>>
> >>> Done.
> >>>
> >>>>
> >>>> - Section 4, 4th paragraph:
> >>>>
> >>>> I would replace "For each allocation..." by "For each Allocate
> >>>> request...", because of the dual allocation feature.
> >>>
> >>> Fixed.
> >>>
> >>>>
> >>>> - Section 4, 12th paragraph:
> >>>>
> >>>> Should make clear clear that UDP covers also DTLS.
> >>>
> >>> Yes, updated.
> 
> I cannot find this update in turn-14.
> 
> >>>
> >>>>
> >>>> - Section 6.1, 2nd paragraph:
> >>>>
> >>>> If the port is multiplexed with other protocols (RTP, WebRtc,
> >>>> etc..) then it has to reuse an existing socket.  The document should
> explain this.
> >>>
> >>> It's already covered in Section 2.1 (last paragraph).
> >>>
> >>>>
> >>>> - Section 6.2, 3th paragraph:
> >>>>
> >>>> Is it time to recommend DTLS instead of UDP?  In that case we need
> >>>> to make DTLS mandatory in section 4 paragraph 11 (and I support
> >>>> that
> >> change).
> >>>
> >>> No, DTLS has both advantages (e.g. dictionary attack)  and
> >>> disadvantages
> >> (e.g. double encryption of application data).
> >>
> >> OK.
> >>
> >>>
> >>>>
> >>>> - Section 6.4, second bullet:
> >>>>
> >>>> Replace "...SRV procedures)." with "...DNS resolution procedures)."
> >>>
> >>> Any specific reason for the replacement ?
> >>
> >> This is to not exclude NPATR procedures (RFC 5928).
> >
> > Updated second bullet.
> >
> > Cheers,
> > -Tiru
> >
> >>
> >>>
> >>>>
> >>>> - Sections 14, 15 and 16:
> >>>>
> >>>> These are no longer new methods and attributes.  See also the next
> >>>> comment.
> >>>
> >>> Fixed.
> >>>
> >>>>
> >>>> - Section 19:
> >>>>
> >>>> Here you need to update the existing methods, attributes and error
> >>>> code so the IANA registries point to the RFC-to-be, then you
> >>>> request allocation for the new attributes.  See section 17 of
> >>>> STUNbis on a way to do that (that was done following a discussion
> >>>> with the IANA
> >> representative at an IETF meeting).
> >>>
> >>> Thanks, updated draft.
> >>>
> >>>>
> >>>> Note that ICMP should be comprehension-mandatory, not optional, as
> >> we
> >>>> do not want an old client to reject a Data indication with an ICMP
> attribute.
> >>>
> >>> If the indication contains unknown comprehension-required
> >>> attributes, the
> >> behavior is the indication is discarded and processing ceases.
> >>>
> >>>>
> >>>> Also, I do not know what this SendErr method is.
> >>>
> >>> Removed SendErr (stale entry from a previous version of the draft).
> >>>
> >>>>
> >>>>
> >>>> Nits
> >>>> ----
> >>>>
> >>>> Section 1:
> >>>>
> >>>> s/connection to the Internet ./connection to the Internet./
> >>>>
> >>>> Section 2.4, first paragraph:
> >>>>
> >>>> The text switches between the words "mechanisms" and "way".
> Choose
> >>>> one.
> >>>>
> >>>> Section 6.2, item 8:
> >>>>
> >>>> s/ADDITIONAL- ADDRESS-FAMILY/ADDITIONAL-ADDRESS-FAMILY/
> >>>>
> >>>> Section 12.1, "Preferred Behavior"
> >>>>
> >>>> s/Label Field[RFC3697]/Label Field [RFC3697]/
> >>>>
> >>>> Section 21:
> >>>>
> >>>> s/ADDRESS-ERRR-CODE/ADDRESS-ERR-CODE/
> >>>>
> >>>> Section 22:
> >>>>
> >>>> s/orginal/original/
> >>>
> >>> Thanks, fixed all above nits.
> >>>
> 
> --
> Marc Petit-Huguenin
> Email: marc@petit-huguenin.org
> Blog: https://marc.petit-huguenin.org
> Profile: https://www.linkedin.com/in/petithug

v2.23.0 | Report a Bug | By Email