[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MMUSIC] comedia-fix-00 comments

To: David Yon <yon.ietf@rfdsoftware.com>
Subject: Re: [MMUSIC] comedia-fix-00 comments
From: Jonathan Rosenberg <jdrosen@dynamicsoft.com>
Date: Mon, 03 Feb 2003 23:07:15 -0500
Cc: mmusic@ietf.org
List-help: <mailto:mmusic-request@ietf.org?subject=help>
List-id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-post: <mailto:mmusic@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>,<mailto:mmusic-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/mmusic>,<mailto:mmusic-request@ietf.org?subject=unsubscribe>
Organization: dynamicsoft
References: <5.1.1.6.0.20030103094038.00b37198@mail.rfdsoftware.com> <5.1.1.6.0.20030128121040.03130008@mail.rfdsoftware.com>
Sender: mmusic-admin@ietf.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826


David Yon wrote:

At 09:58 PM 1/14/2003, Jonathan Rosenberg wrote:
David,

Ben, Paul and I discussed your comments extensively over the last week or so. Our conclusion was that we will not use comedia for simple messaging sessions. At a high level, the conclusion was that we were looking at "message sessions over TCP" and that comedia was perhaps optimized for "streaming media sessions over TCP". As such, many of our requirements that were critical, or assumptions we could make (such as demux within a single TCP connection) don't necessarily apply to streaming media over TCP.

Now, I still think that much of what we proposed is valid. However, it is no longer critical to get it changed. So, keep that in mind as you read my responses below.

The the meta-question is whether comedia-fix will continue to block comedia's progress. On one hand you imply above that it won't, but then again we have the rest of this email that argues that comedia is severely flawed. So, where are we going from here?

I still have a big beef with the source IP/port, per separate email. Beyond that, I believe that the limitations of comedia will restrict its utility; certainly, they limited the ability for me to use it. But since I am not using it, I am not going to complain further about things where nothing is broken per se, its just not what I think is the right thing. Thus, the one port vs. many port debate, and connection lifetime issues, I won't pursue further.

However, the only other one is the security issue I have pointed out, where an eavesdropper can open connections allowing it to both send and receive media. You need to address it, both with protocol machinery and a note in security considerations. Your proposed solution of detecting a second connection on the same port, and then closing both and indicating an error or attack, is OK I believe, but it needs to be added.

-Jonathan R.

--
Jonathan D. Rosenberg, Ph.D. 72 Eagle Rock Ave.
Chief Scientist First Floor
dynamicsoft East Hanover, NJ 07936
jdrosen@dynamicsoft.com FAX: (973) 952-5050
http://www.jdrosen.net PHONE: (973) 952-5000
http://www.dynamicsoft.com

_______________________________________________
mmusic mailing list
mmusic@ietf.org
https://www1.ietf.org/mailman/listinfo/mmusic

References:
- [MMUSIC] comedia-fix-00 comments
  - From: David Yon
- Re: [MMUSIC] comedia-fix-00 comments
  - From: David Yon

Prev by Date: Re: [MMUSIC] comedia-fix and the whole source address/port boondoggle
Next by Date: Re: [MMUSIC] RTSP and NATs
Previous by thread: Re: [MMUSIC] comedia-fix-00 comments
Next by thread: [MMUSIC] I-D ACTION:draft-rosenberg-mmusic-comedia-fix-00.txt
Index(es):
- Date
- Thread