Re: [tram] Suresh Krishnan's Discuss on draft-ietf-tram-stun-path-data-03: (with DISCUSS and COMMENT)
"Pal Martinsen (palmarti)" <palmarti@cisco.com> Thu, 21 April 2016 07:16 UTC
Return-Path: <palmarti@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DF6012DF24; Thu, 21 Apr 2016 00:16:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.517
X-Spam-Level:
X-Spam-Status: No, score=-15.517 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C3P0rPm06GyD; Thu, 21 Apr 2016 00:16:06 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98F5012DF1C; Thu, 21 Apr 2016 00:16:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5162; q=dns/txt; s=iport; t=1461222966; x=1462432566; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-id:content-transfer-encoding: mime-version; bh=W9ct+8PncwvR4MD746rCejXrTHc5OQZUw2y2jbswlHM=; b=fP97q9X6tZLiL4OToHbjtc7sJedtXTrBQY2GxvWDbQ4SkowljWCE2K8N iESWb2vRTXP2JvbF2ck5T9cb4epSUnurXeFcbjfkwRg+5bXCDDVQwi8yS 8ak1TL9f55l1oc6kL7rMBazr5VwYCvJNh/NQJdfB7sHrK6rpT3xnZc+Iz o=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AQBQBvfRhX/49dJa1egzhTfQa5doFyFwuFbAIcgSY5EwEBAQEBAQFlJ4RBAQEBAwEBAQEgEToLBQsCAQgYAgIfBwICAiULFRACBA4FiCIIDq1fkRIBAQEBAQEBAQEBAQEBAQEBAQEBAQERBHyFJYF1CIJOhA8RAQYWgwIrgisFh3SFX4o8AYV6gnWFJIFmhE2IXY8sASICPoIzgTVsAYcSNn4BAQE
X-IronPort-AV: E=Sophos;i="5.24,512,1454976000"; d="scan'208";a="99721624"
Received: from rcdn-core-7.cisco.com ([173.37.93.143]) by rcdn-iport-1.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Apr 2016 07:16:05 +0000
Received: from XCH-RTP-018.cisco.com (xch-rtp-018.cisco.com [64.101.220.158]) by rcdn-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id u3L7G5NM004357 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 21 Apr 2016 07:16:05 GMT
Received: from xch-rtp-019.cisco.com (64.101.220.159) by XCH-RTP-018.cisco.com (64.101.220.158) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Thu, 21 Apr 2016 03:16:04 -0400
Received: from xch-rtp-019.cisco.com ([64.101.220.159]) by XCH-RTP-019.cisco.com ([64.101.220.159]) with mapi id 15.00.1104.009; Thu, 21 Apr 2016 03:16:04 -0400
From: "Pal Martinsen (palmarti)" <palmarti@cisco.com>
To: Suresh Krishnan <suresh.krishnan@ericsson.com>
Thread-Topic: [tram] Suresh Krishnan's Discuss on draft-ietf-tram-stun-path-data-03: (with DISCUSS and COMMENT)
Thread-Index: AQHRm1gzKpoD+dVfgUKAqJDVRvrrjJ+UR7cA
Date: Thu, 21 Apr 2016 07:16:04 +0000
Message-ID: <86EAFAE4-CB79-4E4B-8117-B7ED21B55048@cisco.com>
References: <20160420225843.780.83631.idtracker@ietfa.amsl.com>
In-Reply-To: <20160420225843.780.83631.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.61.97.4]
Content-Type: text/plain; charset="utf-8"
Content-ID: <DD45BF2B38EE1C4692485EA6307EB950@emea.cisco.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/xKq1GS3sVP6SUR_OJO6nw5DCDeU>
Cc: "draft-ietf-tram-stun-path-data@ietf.org" <draft-ietf-tram-stun-path-data@ietf.org>, Simon Perreault <sperreault@jive.com>, "tram-chairs@ietf.org" <tram-chairs@ietf.org>, The IESG <iesg@ietf.org>, tram mailing list <tram@ietf.org>
Subject: Re: [tram] Suresh Krishnan's Discuss on draft-ietf-tram-stun-path-data-03: (with DISCUSS and COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Apr 2016 07:16:08 -0000
> On 21 Apr 2016, at 00:58, Suresh Krishnan <suresh.krishnan@ericsson.com> wrote: > > Suresh Krishnan has entered the following ballot position for > draft-ietf-tram-stun-path-data-03: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-tram-stun-path-data/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > The RespTransCnt mechanism seems to be a bit fragile and error prone > possibly leading to wrong conclusions on the client (please see my > example below). If you agree with my assessment, it is probably useful to > evaluate whether the added complexity of this RespTransCnt mechanism is > worth it for the potentially unreliable results it produces. > > Consider the following two cases (copy paste with a monospace font for > better readability) > > Case 1: Upstream loss of first "re"transmission > > | Upstream loss | > | Client Server | > +-+-+-+-+-+-+-+-+-+ > | 1 x | > | | > | 2 2,1 | > | 2,1 | > > Case 2: Downstream loss of response to first "re"transmission with > re-ordering > > | Downstream loss | > | Client Server | > +-+-+-+-+-+-+-+-+-+ > | 1 1,2 | > | x | > | 2 2,1 | > | 2,1 | > > How does the client differentiate between these two cases? > So the problem is that the first retransmit (second transmit) of the STUN request arrives before the initial transmit and the response to the initial request is lost downstream. This means not able to distinguish between upstream reordering and downstream loss. I do not think adding complexity to solve this is worth it. If ICE is using this, it is still valuable information. And once (s)RTP starts flowing the reordering will quickly be discovered by out of orer packets. The draft needs to clearly spell out this limitation. My main worry now is the RTT calculation. Am I right if I assume that the packets usually are delayed when reorder, and not magically put in front of the queue? If that is the case the RTT measurement should still be ok > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Section 5: IANA Considerations > > Shouldn't the range for this option be in the 0x8000-0xBFFF range instead > of the 0x8000-0xFFFF range as currently stated by the draft? Yes. We want it to be part of the IETF Review comprehension-optional range. > > Section 6: > > I think this requirement is backwards and needs to be reworded. > > "Unauthenticated STUN message MUST NOT include the PATH-CHARACTERISTIC > attribute in order to prevent on-path attacker from influencing > decision-making." > > Suggest rewording to. > > "The PATH-CHARACTERISTIC attribute MUST NOT be included in > unauthenticated STUN messages in order to prevent an on-path attacker > from influencing decision-making.” > +1 > I also agree with Alissa about the vagueness of the attribute name. > > +1 .-. Pål-Erik > _______________________________________________ > tram mailing list > tram@ietf.org > https://www.ietf.org/mailman/listinfo/tram
- Re: [tram] Suresh Krishnan's Discuss on draft-iet… Spencer Dawkins at IETF
- Re: [tram] Suresh Krishnan's Discuss on draft-iet… Suresh Krishnan
- Re: [tram] Suresh Krishnan's Discuss on draft-iet… Spencer Dawkins at IETF
- [tram] Suresh Krishnan's Discuss on draft-ietf-tr… Suresh Krishnan
- Re: [tram] Suresh Krishnan's Discuss on draft-iet… Pal Martinsen (palmarti)
- Re: [tram] Suresh Krishnan's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)