IETF Logo Mail Archive

Re: [Tsv-art] [tram] Tsvart last call review of draft-ietf-tram-turnbis-25

Brandon Williams <brandon.williams@akamai.com> Tue, 11 June 2019 19:47 UTC

Return-Path: <brandon.williams@akamai.com>
X-Original-To: tsv-art@ietfa.amsl.com
Delivered-To: tsv-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 533E6120176; Tue, 11 Jun 2019 12:47:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 348as7r0bRTO; Tue, 11 Jun 2019 12:47:35 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0BB01201A1; Tue, 11 Jun 2019 12:47:27 -0700 (PDT)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.27/8.16.0.27) with SMTP id x5BJlIts013647; Tue, 11 Jun 2019 20:47:23 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=subject : to : cc : references : from : message-id : date : mime-version : in-reply-to : content-type : content-transfer-encoding; s=jan2016.eng; bh=0b+wKnAqcXenUY5xEg3tH6PubmG4v1S6bE2S1yjOn5k=; b=oWT+hoAx5hrIxltTIHZtiYitmAuhTlGnkKESfZ+mtJu8/PN60hjjjTOqlrlXkQ8KNFrt FF4scAEr8KMqBQpqHzeVvyA/fxsRiDw1hJ8NjluMgpIo5B8ilUxRnQqBs1IPUAPtEUPc 599dfQSWPugxEceMwUaC3Ehe01ROZUXoaCzBSTVt77iRZRNUkoZXzfFF5vEQz5rh9Ckf A0+uriC/cLW6iv9k+UOWWj93TF5OlIoewqwkORxxubk4k9HRWp6IhuXoktg/BKOC+d8U 57hL29q9TvvldQE+uuEahJq5gPSnDd1ft0mNoKaCl+VZpkrhqW6Ph9jTCuUlRiaNoKq3 jw==
Received: from prod-mail-ppoint4 (prod-mail-ppoint4.akamai.com [96.6.114.87] (may be forged)) by m0050096.ppops.net-00190b01. with ESMTP id 2t1q0swmpn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 11 Jun 2019 20:47:23 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x5BJXXf7013067; Tue, 11 Jun 2019 15:47:22 -0400
Received: from prod-mail-relay10.akamai.com ([172.27.118.251]) by prod-mail-ppoint4.akamai.com with ESMTP id 2t08bxm6hw-1; Tue, 11 Jun 2019 15:47:21 -0400
Received: from [172.29.177.158] (bowill.kendall.corp.akamai.com [172.29.177.158]) by prod-mail-relay10.akamai.com (Postfix) with ESMTP id F110B1FCDD; Tue, 11 Jun 2019 19:47:20 +0000 (GMT)
To: Joe Touch <touch@strayalpha.com>, Magnus Westerlund <magnus.westerlund@ericsson.com>
Cc: "tsv-art@ietf.org" <tsv-art@ietf.org>, "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>, "tram@ietf.org" <tram@ietf.org>, "draft-ietf-tram-turnbis.all@ietf.org" <draft-ietf-tram-turnbis.all@ietf.org>, "ietf@ietf.org" <ietf@ietf.org>
References: <155971464360.28104.6837263931145163343@ietfa.amsl.com> <DM5PR16MB170560F51A9F7C281A9BC752EA170@DM5PR16MB1705.namprd16.prod.outlook.com> <F306B122-79F3-4C7A-8CE2-1C094D9F0FCC@strayalpha.com> <DM5PR16MB1705A4C370C4405AFFD63546EA100@DM5PR16MB1705.namprd16.prod.outlook.com> <5F2F8A3B-2887-4107-81E2-B4E222A4044E@strayalpha.com> <DM5PR16MB1705BD4E31370D2F5A179F17EA130@DM5PR16MB1705.namprd16.prod.outlook.com> <2C6B5776-CB95-4607-8D0C-07FDE2F6D515@strayalpha.com> <DM5PR16MB1705638AD29F3288E4AC0952EAED0@DM5PR16MB1705.namprd16.prod.outlook.com> <HE1PR0701MB252250AE4E7C158F985B0CC895ED0@HE1PR0701MB2522.eurprd07.prod.outlook.com> <D9A01E28-F9FB-4C86-AFD3-A2BA8D89C340@strayalpha.com>
From: Brandon Williams <brandon.williams@akamai.com>
Message-ID: <a3bbeb17-e768-9ab2-9f34-3d179fa8fe38@akamai.com>
Date: Tue, 11 Jun 2019 15:47:15 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <D9A01E28-F9FB-4C86-AFD3-A2BA8D89C340@strayalpha.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-06-11_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906110125
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-06-11_10:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1906110127
Archived-At: <https://mailarchive.ietf.org/arch/msg/tsv-art/wgSmQNULkrqfkLIA8xoHPpjcgWY>
Subject: Re: [Tsv-art] [tram] Tsvart last call review of draft-ietf-tram-turnbis-25
X-BeenThere: tsv-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Transport Area Review Team <tsv-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tsv-art/>
List-Post: <mailto:tsv-art@ietf.org>
List-Help: <mailto:tsv-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tsv-art>, <mailto:tsv-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jun 2019 19:47:39 -0000

Hi Joe,

First, some clarification ... You stated.

> Finally, I’m quite bothered by the glib idea that transport packets
> simply be translated into each other either between two TCP
> connections or between TCP and UDP. The notion is simply false; TCP
> doesn’t preserve message boundaries and TCP segments are not
> guaranteed to match application message boundaries.

There is no TCP-to-TCP relay case here. The side opposite the TURN
client is always UDP, even if the remote client is also connected to a
TURN server. The two TURN servers would use UDP in between, and the two
TURN servers would not even know that the other one is there.

Also, the spec does not relay "packets" between TCP and UDP. TURN does
not rely on TCP to maintain message boundaries. Instead, a TURN TCP
connection frames messages within the stream and that message framing
allows the TURN server to maintain message boundaries when sending the
messages within UDP datagrams.

> Overall, the point is that simply ignoring this issue is insufficient
> - at a minimum, this doc needs to clearly state that this issue is
> being ignored and why, as well as addressing that issue in the
> security sections.

Acknowledging that TCP options are being ignored when messages are
relayed could be OK. I'm not entirely certain what you're suggesting
relative to the security considerations though. Are you just pointing to
the fact that security built into TCP (e.g., tcp-ao, tcp-eno, tcp-crypt)
cannot be used to provide end-to-end security? In the same way that
(D)TLS cannot be used for this purpose either? If not that, what else do
you have in mind?

Regarding UDP options, I agree with Magnus that it's probably better to
rely on tsvwg to state something about UDP option relay makes more
sense, considering that the UDP options draft isn't published yet. It's
unclear what could be said meaningfully in the TURN draft. If you have a
suggestion that might help.

Thanks,
--Brandon


On 6/11/19 2:03 PM, Joe Touch wrote:
> Hi, all,
> 
> Here are my key points:
> 
> - whether you deal with TCP options or simply ignore those on incoming
> connections and use defaults on outgoing, the issue needs to be
> addressed - as well as its impact on your use.
> - UDP options are not experimental; they’re standards-track; it could be
> mentioned here non-normatively as a possible workaround to the IP
> fragmentation issue.
> 
> Finally, IMO, assuming that RTP/RTCP can or should provide extended
> functions that might already be provided by existing TCP options or
> emerging UDP options seems like both wasted effort and a failed
> opportunity to tune the transport as it was intended.
> 
> Overall, the point is that simply ignoring this issue is insufficient -
> at a minimum, this doc needs to clearly state that this issue is being
> ignored and why, as well as addressing that issue in the security sections.
> 
> Finally, I’m quite bothered by the glib idea that transport packets can
> simply be translated into each other either between two TCP connections
> or between TCP and UDP. The notion is simply false; TCP doesn’t preserve
> message boundaries and TCP segments are not guaranteed to match
> application message boundaries. 
> 
> I.e., the transport implications of this “hack” are inadequately addressed.
> 
> Joe
> 
>> On Jun 11, 2019, at 1:28 AM, Magnus Westerlund
>> <magnus.westerlund@ericsson.com
>> <mailto:magnus.westerlund@ericsson.com>> wrote:
>>
>> Hi Joe and Tiru,
>>
>> May I hazard a guess why this have not arisen is that there are no
>> transport protocol options that makes sense to use end-to-end and are
>> not protocol specific. Thus, in UDP <-> TCP translations by TURN
>> server there has so far not been a need to carry any of them over.
>> Joe, can you think of any that would make sense?
>>
>> For UDP <-> UDP the experimental proposal for UDP options I don't see
>> that we can require this specification to have to specify that. I do
>> think it is an interesting question for
>> https://datatracker.ietf.org/doc/draft-ietf-tsvwg-udp-options/ if that
>> should write more about what to do with the options when performing
>> translation operations?
>>
>> When it comes to RTP and RTCP that is widely used over TURN relays
>> when those applications need extended functionality they have gone
>> ahead and extended RTP/RTCP rather than attempting to affect lower
>> layers where other entities than the end-points are required to be
>> upgraded.
>>
>> Cheers
>>
>> Magnus
>>
>>
>>
>>
>> On 2019-06-11 07:20, Konda, Tirumaleswar Reddy wrote:
>>>
>>> Hi Joe,
>>>
>>>  
>>>
>>> I meant the specifications that use TURN (ICE, SIP and WebRTC) do not
>>> discuss setting any TCP option for application data (RTP, RTCP and
>>> WebRTC data channels).  Please note TCP is only used as fallback
>>> transport only if UDP traffic is blocked to the TURN server.
>>>
>>> TURN has been widely deployed in the field, and there was no
>>> discussion in the WG to explicitly handle TCP options.
>>>
>>>  
>>>
>>> Cheers,
>>>
>>> -Tiru
>>>
>>>  
>>>
>>> *From:* Joe Touch <touch@strayalpha.com>
>>> *Sent:* Monday, June 10, 2019 7:59 PM
>>> *To:* Konda, Tirumaleswar Reddy <TirumaleswarReddy_Konda@McAfee.com>
>>> *Cc:* tsv-art@ietf.org; draft-ietf-tram-turnbis.all@ietf.org;
>>> ietf@ietf.org; tram@ietf.org
>>> *Subject:* Re: [Tsv-art] [tram] Tsvart last call review of
>>> draft-ietf-tram-turnbis-25
>>>
>>>  
>>>
>>> *CAUTION*:External email. Do not click links or open attachments
>>> unless you recognize the sender and know the content is safe.
>>>
>>> ------------------------------------------------------------------------
>>>
>>> Hi, Tiru,
>>>
>>>
>>>
>>>     On Jun 9, 2019, at 11:43 PM, Konda, Tirumaleswar Reddy
>>>     <TirumaleswarReddy_Konda@McAfee.com
>>>     <mailto:TirumaleswarReddy_Konda@McAfee.com>> wrote:
>>>
>>>      
>>>
>>>         On Jun 7, 2019, at 4:39 AM, Konda, Tirumaleswar Reddy
>>>         <TirumaleswarReddy_Konda@mcafee.com
>>>         <mailto:TirumaleswarReddy_Konda@mcafee.com>> wrote:
>>>
>>>
>>>                     The specification has two sections 14 and 15 (IP
>>>                     Header Fields for
>>>                     UDP-to-
>>>
>>>                 UDP translation and IP Header Fields for TCP-to-UDP
>>>                 translation) to
>>>                 discuss direct translations.
>>>                 https://tools.ietf.org/html/rfc5766
>>>                 <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc5766&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=wlJBA0wCj1jIz4f3RegWs8USi6_gsk3fo6HsaHNmDwE&s=zpNv5YDpI2-wPNhWSnCb1VsidyMEg7LYQdn6IeLqdg4&e=>
>>>                 only
>>>                 covered UDP-to- UDP translation in Section 12.
>>>
>>>                 Yes, but both sections ignore the impact of transport
>>>                 options - both
>>>                 current for TCP and pending for UDP. These are
>>>                 ignored both when
>>>                 packets with such transport options are received (the
>>>                 input packet to
>>>                 the translation) and whether / how they are used on
>>>                 transmit (the
>>>                 output packet)
>>>
>>>
>>>             TURN is used to relay real-time data (e.g. audio and
>>>             video streams)
>>>             and the approach taken by VOIP related specifications is
>>>             to avoid
>>>             fragmentation for RTP packets
>>>
>>>
>>>         Sec 2.8 mentions RTP as one use case envisioned (at this
>>>         point, it’d be fair to
>>>         ask this revision to clarify whether that turned out to be
>>>         true). But it isn’t
>>>         indicated as the only use case.
>>>
>>>
>>>     The draft says TURN is invented to support multimedia sessions
>>>     signaled using SIP and is typically used with ICE. TURN is also
>>>     used with WebRTC, and WebRTC data channels also 
>>>     avoid IP fragmentation
>>>     (see https://tools.ietf.org/html/draft-ietf-rtcweb-data-channel-13 <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Drtcweb-2Ddata-2Dchannel-2D13&d=DwMFaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=wlJBA0wCj1jIz4f3RegWs8USi6_gsk3fo6HsaHNmDwE&s=II1OEcj0VllH4yVwB5IyIB0KKiXf42ScemFtYoXUQts&e=>). 
>>>
>>>  
>>>
>>> The application protocols TURN is designed for or typically used for
>>> is not relevant to my point above, unless you’re claiming that these
>>> uses never use transport options (which is doubtful for TCP, for
>>> which some transport options are pervasively used by default).
>>>
>>>
>>>
>>>
>>>
>>>
>>>         Regardless, though, this doesn’t impact the concern raised
>>>         above. RTP could
>>>         still employ transport options.
>>>
>>>
>>>     I checked again and don't see any RTP, Back-to-Back User Agents
>>>     (B2BUAs), SIP proxies and WebRTC gateway specifications
>>>     discussing transport options for translations.
>>>
>>>  
>>>
>>> The fact that others have this gap does not justify continuing to
>>> fail to address it in this document. If anything, it makes it that
>>> much more important to address.
>>>
>>>  
>>>
>>> Joe
>>>
>>
>> -- 
>>
>> Magnus Westerlund 
>>
>> ----------------------------------------------------------------------
>> Network Architecture & Protocols, Ericsson Research
>> ----------------------------------------------------------------------
>> Ericsson AB                 | Phone  +46 10 7148287
>> Torshamnsgatan 23           | Mobile +46 73 0949079
>> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
>> ----------------------------------------------------------------------
>> _______________________________________________
>> Tsv-art mailing list
>> Tsv-art@ietf.org <mailto:Tsv-art@ietf.org>
>> https://www.ietf.org/mailman/listinfo/tsv-art
> 
> 
> _______________________________________________
> tram mailing list
> tram@ietf.org
> https://www.ietf.org/mailman/listinfo/tram
> 

-- 
Brandon Williams
Platform Engineering
Akamai Technologies Inc.

v2.23.0 | Report a Bug | By Email