[bfcpbis] Joerg's review - Fwd: Reviewing draft-ietf-bfcpbis-rfc4582bis
Tom Kristensen <tomkrist@cisco.com> Mon, 02 December 2013 08:31 UTC
Return-Path: <tomkrist@cisco.com>
X-Original-To: bfcpbis@ietfa.amsl.com
Delivered-To: bfcpbis@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBF911AE459 for <bfcpbis@ietfa.amsl.com>; Mon, 2 Dec 2013 00:31:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.502
X-Spam-Level:
X-Spam-Status: No, score=-9.502 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aa3YnRwxaYNd for <bfcpbis@ietfa.amsl.com>; Mon, 2 Dec 2013 00:31:51 -0800 (PST)
Received: from aer-iport-2.cisco.com (aer-iport-2.cisco.com [173.38.203.52]) by ietfa.amsl.com (Postfix) with ESMTP id 5EACB1AE451 for <bfcpbis@ietf.org>; Mon, 2 Dec 2013 00:31:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5619; q=dns/txt; s=iport; t=1385973108; x=1387182708; h=message-id:date:from:mime-version:to:cc:subject: content-transfer-encoding; bh=n0e7eHsNghjVGQjmBCaI1zgIiQ1CqiEWw0ZLEpG4+KA=; b=gfsgCG4gLDdSjBJRIVK71MR8DK9DmLtfFYML1JfL4tQ3DT9pNHuyx2GN KczoViXdypWkQTn+Paelh/0nv1Qy7Lqc8ACY740pY6e1OxXTriHI54Xd+ Em3TUBgA1knfe2dS0Kc41uNCepUrM62a3A1/t3B16pE3Vu5rPmHpe+XRi w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AtQFABNFnFKQ/khM/2dsb2JhbABZgwe5YoEgFm0HgiUBAQEhCgsBBTAGCwwwNAJMDQEHAQGHfb8mjwiEOgOUMYNjhkWLToMqOw
X-IronPort-AV: E=Sophos;i="4.93,809,1378857600"; d="scan'208";a="925830"
Received: from ams-core-3.cisco.com ([144.254.72.76]) by aer-iport-2.cisco.com with ESMTP; 02 Dec 2013 08:31:47 +0000
Received: from [10.61.205.159] ([10.61.205.159]) by ams-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id rB28Vevv015656; Mon, 2 Dec 2013 08:31:42 GMT
Message-ID: <529C456D.60508@cisco.com>
Date: Mon, 02 Dec 2013 09:31:41 +0100
From: Tom Kristensen <tomkrist@cisco.com>
Organization: Cisco
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.15) Gecko/20101027 Fedora/3.0.10-1.fc12 Lightning/1.0b2pre Thunderbird/3.0.10
MIME-Version: 1.0
To: "bfcpbis@ietf.org" <bfcpbis@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: Joerg Ott <jo@netlab.tkk.fi>
Subject: [bfcpbis] Joerg's review - Fwd: Reviewing draft-ietf-bfcpbis-rfc4582bis
X-BeenThere: bfcpbis@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: BFCPBIS working group discussion list <bfcpbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/bfcpbis/>
List-Post: <mailto:bfcpbis@ietf.org>
List-Help: <mailto:bfcpbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/bfcpbis>, <mailto:bfcpbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Dec 2013 08:31:53 -0000
Relaying Jörg's review sent to the authors of the draft 2013-11-30. Please, step forward with any reactions or input regarding the two reviews we received recently. My plan is to go through them and provide feedback to the list ASAP. (Jörg is added to the copy list, since he's not following the BFCPbis mailing list) -- Tom -------- Original Message -------- Hi Gonzalo and all, thanks a lot for the diff, this is really useful! So, I have gone in some detail through the document and found a bunch of issues to be addressed. Most of those revolve around the use of unreliable transport, which appears to be underspecified in a number of ways. See below for the comments and some suggestions. I don't think the document is ready for any IESG steps yet. But I also don't think it's going to take long to get it there. Cheers, Jörg 5.1. General SHOULD -> MUST be cleared by the sender When moving from a 16- or 32-bit "value" to an unsigned integer, the byte order must be specified. 5.1. R bit Question: Can it happen that transport changes in a relay? If my dim memory serves me right, then STUN relay may change the transport and thus the reliability. They won't interpret BFCP, however, and so the bit would suddenly be wrong. Or is this scenario prohibited? 5.2. Use of SHOULD Quite a few places state a SHOULD requirement, e.g., for sending error messages. But this doesn't make sense. Based upon which grounds would an endpoint _not_ send an error message? 5.2.6 Generic error Is it specified what the receiver of a non-specific error is supposed to do? Apparently, it cannot talk to the server. So, abandon floor control? 5.3.14, 5.3.15., and 5.3.17 It seems that FloorRequestStatusAck, FloorStatusAck, and GoodbyeAck are essentially packet-level acks. So why not have just a single code point for those, since they all carry a transaction id anyway? 6.2 Unreliable Transport The text often talks about UDP datagrams, even though DTLS transport appears assumed. "Entities MUST have at most one outstanding request transaction at any one time." This probably wants the addition of a "per peer", otherwise a floor control server would be in trouble. (Section 6.2.1 has this right) 6.2 Hello Clients MUST announce their presence to the floor control server by sending a Hello message. The floor control server responds to the Hello message with a HelloAck message. The client considers the floor control service as present and available only upon receiving the HelloAck message. When does the server consider the client to have disappeared so that it can discard state? It seems I can run a client, send a Hello message, get the HelloAck, and then send a floor control request with a spoofed IP address, and predict and fake the response for the first message I am expecting from the server in response. Then, I have state installed that will generate packets and retransmissions to a random target until the server discards the client state. But there is no mention when the state would be discarded. Maybe this is less of an attack problem since this is bound to a conference somewhere, but I still don't have a mechanism to get rid of the transport state -- could be important particularly when new connections are instantiated. While it is stated that the old state is lost (for the new instance of the client), will it be discarded? There is no guidance. 6.2.3 Fragmentation Is there any guidance on transmitting fragments? (any pacing?) How is N defined? One would assume N = ceil (msgsize/MTUsize), but an implementer might decide to use a larger N. In any case, when we use N in the spec, it must be said how it is established. 8.2 Transaction number re-use. The text currently states that a transaction number "MUST NOT be reused in another message from the floor control server checks whether until the appropriate response from the client sending is received for the transaction". If the ID is monotonically increasing (modulo wrap-around) why not make re-use illegal? Allowing re-use seems to be calling for trouble, especially in case some transactions may refer to others by their ID or if transactions last longer. 8.3.2. T2 is unclear 9.1 Authentication The text states: BFCP messages received over an authenticated TLS/DTLS connection are considered authenticated. A floor control server that receives a BFCP message over TCP/UDP (no TLS/DTLS) can request the use of TLS/ DTLS by generating an Error message, as described in Section 13.8, with an Error code with a value of 9 (Use TLS) or a value of 11 (Use DTLS) respectively. Clients SHOULD simply ignore unauthenticated messages. "can" -> MUST or MAY (this is normative behavior) But does this work? A server has one connection to a client. So, if the server has at its disposition to accept TCP/UDP but the client should ignore such messages, with the connection bidirectional, then this de-facto mandates TLS/DTLS, doesn't it? Or the client would never react. Appendix A: Wouldn't the monoticity of the transaction IDs become clearer if increments or 1 in numbers were used?
- [bfcpbis] Joerg's review - Fwd: Reviewing draft-i… Tom Kristensen
- Re: [bfcpbis] Joerg's review - Fwd: Reviewing dra… Tom Kristensen
- Re: [bfcpbis] Joerg's review - Fwd: Reviewing dra… Charles Eckel (eckelcu)
- Re: [bfcpbis] Joerg's review - Fwd: Reviewing dra… Tom Kristensen