IETF Logo Mail Archive

Re: [Tsv-art] [tram] Tsvart last call review of draft-ietf-tram-turnbis-25

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Tue, 18 June 2019 13:05 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 513D112000F; Tue, 18 Jun 2019 06:05:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.298
X-Spam-Level:
X-Spam-Status: No, score=-4.298 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2MwfJgbW_igN; Tue, 18 Jun 2019 06:05:42 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FB7F120047; Tue, 18 Jun 2019 06:05:40 -0700 (PDT)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1560862496; h=From: To:CC:Subject:Thread-Topic:Thread-Index:Date: Message-ID:References:In-Reply-To:Accept-Language: Content-Language:X-MS-Has-Attach:X-MS-TNEF-Correlator: dlp-product:dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-CrossTenant-userprincipalname: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Threshold: X-NAI-Spam-Score:X-NAI-Spam-Version; bh=S dJeTkbxEGk1OmqR8xKhGJB1SLIQoLlajveflwY0yC 8=; b=KDzsoq0YOvl+vHqJIquZ6wgpVn0p3VIcevnt/LBTWdMa k8ddheK0SCl21hs0szn56k47CqfGnrPadjCZ1RLZXJ7HliKvX1 5yuh2RiWyC9AguqlDZcznSBr5glal1CWFSEhd2yk/W6Bbq+dYp 9k3DQqiqy2w2dh57QjMTwI4RGO0=
Received: from DNVEXAPP1N04.corpzone.internalzone.com (unknown [10.44.48.88]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 6d30_ca3a_96cd2083_8742_4634_b5f5_2c8ad48f5da4; Tue, 18 Jun 2019 06:54:55 -0600
Received: from DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) by DNVEXAPP1N04.corpzone.internalzone.com (10.44.48.88) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 18 Jun 2019 07:03:54 -0600
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Tue, 18 Jun 2019 07:03:54 -0600
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (10.44.176.242) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 18 Jun 2019 07:03:52 -0600
Received: from DM5PR16MB1705.namprd16.prod.outlook.com (10.172.44.147) by DM5PR16MB1532.namprd16.prod.outlook.com (10.173.211.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1987.10; Tue, 18 Jun 2019 13:03:51 +0000
Received: from DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::3d0a:95ec:9842:68f7]) by DM5PR16MB1705.namprd16.prod.outlook.com ([fe80::3d0a:95ec:9842:68f7%9]) with mapi id 15.20.1987.014; Tue, 18 Jun 2019 13:03:51 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>, Joe Touch <touch@strayalpha.com>
CC: "tsv-art@ietf.org" <tsv-art@ietf.org>, "draft-ietf-tram-turnbis.all@ietf.org" <draft-ietf-tram-turnbis.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, Brandon Williams <brandon.williams@akamai.com>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: [tram] [Tsv-art] Tsvart last call review of draft-ietf-tram-turnbis-25
Thread-Index: AQHVJcj7wQLWsq8/z0688y9BM+yA9aahXUgw
Date: Tue, 18 Jun 2019 13:03:51 +0000
Message-ID: <DM5PR16MB1705E3EF8260B456A9B02C10EAEA0@DM5PR16MB1705.namprd16.prod.outlook.com>
References: <155971464360.28104.6837263931145163343@ietfa.amsl.com> <F306B122-79F3-4C7A-8CE2-1C094D9F0FCC@strayalpha.com> <DM5PR16MB1705A4C370C4405AFFD63546EA100@DM5PR16MB1705.namprd16.prod.outlook.com> <5F2F8A3B-2887-4107-81E2-B4E222A4044E@strayalpha.com> <DM5PR16MB1705BD4E31370D2F5A179F17EA130@DM5PR16MB1705.namprd16.prod.outlook.com> <2C6B5776-CB95-4607-8D0C-07FDE2F6D515@strayalpha.com> <DM5PR16MB1705638AD29F3288E4AC0952EAED0@DM5PR16MB1705.namprd16.prod.outlook.com> <HE1PR0701MB252250AE4E7C158F985B0CC895ED0@HE1PR0701MB2522.eurprd07.prod.outlook.com> <D9A01E28-F9FB-4C86-AFD3-A2BA8D89C340@strayalpha.com> <a3bbeb17-e768-9ab2-9f34-3d179fa8fe38@akamai.com> <E41C125D-F3B4-475E-8AD0-124F531F1DC9@strayalpha.com> <DM5PR16MB170564C0438321CC3FDD0ACFEAEF0@DM5PR16MB1705.namprd16.prod.outlook.com> <4C41A2BC-0CBC-42D5-B313-22F9A9D51F6E@strayalpha.com> <DM5PR16MB1705874C023145D26DCB58E6EAEE0@DM5PR16MB1705.namprd16.prod.outlook.com> <edcd66c2-0dfb-8f89-d6a3-53482c433d4e@strayalpha.com> <DM5PR16MB17057CCD4D2543D84254EFD1EAEB0@DM5PR16MB1705.namprd16.prod.outlook.com> <HE1PR0701MB2522DCB2459055A6319C439B95EA0@HE1PR0701MB2522.eurprd07.prod.outlook.com>
In-Reply-To: <HE1PR0701MB2522DCB2459055A6319C439B95EA0@HE1PR0701MB2522.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.3.0.8
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [49.37.200.198]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 6da890b4-2e51-4842-a756-08d6f3ed6940
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020); SRVR:DM5PR16MB1532;
x-ms-traffictypediagnostic: DM5PR16MB1532:
x-ms-exchange-purlcount: 2
x-microsoft-antispam-prvs: <DM5PR16MB1532ECEC938B3FF6AA4EF2D6EAEA0@DM5PR16MB1532.namprd16.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 007271867D
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(39860400002)(366004)(396003)(376002)(346002)(32952001)(189003)(199004)(236005)(74316002)(476003)(76176011)(4326008)(52536014)(6506007)(11346002)(6246003)(53546011)(53936002)(33656002)(72206003)(7696005)(186003)(14454004)(8936002)(71200400001)(71190400001)(81166006)(790700001)(86362001)(446003)(3846002)(486006)(229853002)(110136005)(6116002)(64756008)(73956011)(66556008)(66446008)(2906002)(66476007)(81156014)(256004)(99286004)(68736007)(8676002)(478600001)(316002)(26005)(25786009)(9686003)(5660300002)(66066001)(14444005)(5024004)(55016002)(54896002)(6306002)(54906003)(76116006)(7736002)(102836004)(6436002)(66946007)(80792005)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:DM5PR16MB1532; H:DM5PR16MB1705.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: JCFcdRnhtMsDkySSTu00/3PjHXHqRb0k0/yj9vb4EyVOvdszOiXRF7p2bShvVxAmak0GBGeWb/ggXmtY34oEc2WhYnY1ENgendRwiGX1qcFzyBsZcX+aga6YRnYtD0XlCaaAWrRRAf0/zEnMt9miMpImJ9zpqGak81Gu6TiZvIP92P5kPUTaO6CUpKMc2HrcfsjxUZkJc4hXj5T5JiY7LpAMKd7n98OQqOHVG0eQMVbCFsK2lDMYfyJNLlvI3iV2Bat76bBG5wvz+OWqn/06+XMXmQqkI6Heaax5jgf7YDOO6Zkn4SJ8X23iRaHL9hJhsn4bnUa0GYc3mTJ3pLEp8ngTo9up5bD3r6jeXh8VYVSBHGaIhsD6NiGVl2/4lcgGhH/TFDNVdSzmUfi8tyBRPisGf5JIgntvldIrB2xG+M0=
Content-Type: multipart/alternative; boundary="_000_DM5PR16MB1705E3EF8260B456A9B02C10EAEA0DM5PR16MB1705namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 6da890b4-2e51-4842-a756-08d6f3ed6940
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Jun 2019 13:03:51.6926 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TirumaleswarReddy_Konda@McAfee.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR16MB1532
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6570> : inlines <7107> : streams <1824847> : uri <2857393>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/ax5AJRotSsjMyIPjlW9ai5Vw-U8>
Subject: Re: [Tsv-art] [tram] Tsvart last call review of draft-ietf-tram-turnbis-25
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2019 13:05:46 -0000

HI Magnus,

Please see inline [TR]

From: tram <tram-bounces@ietf.org> On Behalf Of Magnus Westerlund
Sent: Tuesday, June 18, 2019 4:57 PM
To: Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>; Joe Touch <touch@strayalpha.com>
Cc: tsv-art@ietf.org; draft-ietf-tram-turnbis.all@ietf.org; ietf@ietf.org; Brandon Williams <brandon.williams@akamai.com>; tram@ietf.org
Subject: Re: [tram] [Tsv-art] Tsvart last call review of draft-ietf-tram-turnbis-25


CAUTION: External email. Do not click links or open attachments unless you recognize the sender and know the content is safe.

________________________________
On 2019-06-17 12:44, Konda, Tirumaleswar Reddy wrote:

You need to address these issues - e.g., by a version of the response above.

[TR1] Okay, will add the following lines:

TCP multi-path [RFC6824] is not supported by this version of TURN because TCP multi-path is not used by both SIP and WebRTC protocols [RFC7478] for media and non-media data. If the TCP connection between the TURN client and server uses TCP-AO [RFC5925], the client must secure application data (e.g. using SRTP) to provide confidentially, message authentication and replay protection to protect the application data relayed from the server to the peer using UDP.  Note that TCP-AO option obsoletes TCP MD5 option.  Unlike UDP, TCP without the TCP Fast Open extension [RFC7413] does not support 0-RTT session resumption. The TCP user timeout [RFC5482] equivalent for application data relayed by TURN is the use of RTP control protocol (RTCP). As a reminder,  RTCP is a fundamental and integral part of RTP.



Sorry, I find this very confusing. On the Client to TURN Server leg if that is using a TCP connection, then there are no issues with using either TCP-MP or TCP-AO options on that leg. They will have no impact on the TURN messages carried inside the TCP connection or how its outgoing IP/UDP packet. So from my perspective there are no necessity to discuss these as not supported.

[TR] The comment from Joe is : if TCP-AO is used, application data is authenticated in the TCP leg but the data can be faked when relayed from the server to the peer using UDP. I tried to address this comment by saying if secure application data (SRTP) is used message authentication is available at the application layer even if UDP does not support authentication option.

What is discussed in this document are the options for the IP/UDP packet being sent or received by the turn server to the peer. Those IP/UDP Fields that can be controlled and have meaning are discussed here. Like the DSCP, where TCP will force the use of a single one, when UDP to UDP can support many as the field value is taken from the packet on the client to server leg, rather than an internal TURN message field.

I guess the issue here is that there is a lack of requirement making clear that for a number of the fields in the IP/UDP handled on the server to peer leg that needs to handling rules for the client to server transport.

I think what Section 14 and 15 talks about should be labeled relaying and not translation. And thus focus on how one avoid information or intent loss in the relay process. I understand why section 13 is called translation, but when we get down to it, it is the same here, but a focus on how the relay process maintain information of the IP layer, especially in the face of address family differences.

[TR] Agreed, replaced translation with relaying in both sections 14 and 15.

-Tiru

Cheers



Magnus Westerlund



----------------------------------------------------------------------

Network Architecture & Protocols, Ericsson Research

----------------------------------------------------------------------

Ericsson AB                 | Phone  +46 10 7148287

Torshamnsgatan 23           | Mobile +46 73 0949079

SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com<mailto:magnus.westerlund@ericsson.com>

----------------------------------------------------------------------

v2.23.0 | Report a Bug | By Email