ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: secdir review of draft-ietf-simple-msrp-sessmatch

2010-09-08 16:39:57
from [Ben Campbell] [Permanent Link] 
I wanted to make a quick response to one part of this discussion--see below:

On Aug 31, 2010, at 12:39 PM, Christer Holmberg wrote:


To highlight one particular aspect, RFC 4975 does not require
session-ids to be present, a fact noted both in the ABNF and in this
text:

4. The session-id part is compared as case sensitive.  A URI without
 a session-id part is never equivalent to one that includes one.

A matching scheme which relies on a URI section which is not
guaranteed to be present has some interesting problems ahead of it. If
this effectively makes their use mandatory, that requires a change to
the fundamental ABNF and text.


An MSRP URI in an SDP offer or answer for an MSRP session MUST include a
session-id part, so I believe the comment is
based on incorrect assumptions.


This is not indicated in the URI matching section


We will clarify that sessmatch conformant UAs do not use MSRP URI matching in
order to perform MSRP session matching.


In fact, RFC4975 does require an MSRP URI in and SDP offer or answer to include 
a session ID part. Unfortunately, it does so rather obliquely.

Section 6 contains the following language:


The MSRP URI authority field identifies a participant in a particular
   MSRP session.  If the authority field contains a numeric IP address,
   it MUST also contain a port.  The session-id part identifies a
   particular session of the participant.  The absence of the session-id
   part indicates a reference to an MSRP host device, but does not refer
   to a particular session at that device.  


Section 8.2, in the last paragraph, says the following about the rightmost URI 
placed in a path attribute in the SDP (Note that 4975 does not specify MSRP 
relay behavior, so only the rightmost URI is in scope)


It MUST be assigned for this particular session, and MUST NOT duplicate
   any URI in use for any other session in which the endpoint is
   currently participating.  It SHOULD be hard to guess, and protected
   from eavesdroppers.  This is discussed in more detail in 
Section 14.



This, taken together, create a requirement for a session-ID for MSRP URIs used 
to identify a session in the SDP. I agree this should have been more strongly 
worded. An errata entry is probably in order. 

Thanks!

Ben.
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: The Evils of Informational RFC's, Jorge Amodio
Next by Date:  Re: The Evils of Informational RFC's, Brian E Carpenter
Previous by Thread:  Re: secdir review of draft-ietf-simple-msrp-sessmatch, Gonzalo Camarillo
Next by Thread:  BOF proposals for the next IETF, Jari Arkko
Indexes:  [Date] [Thread] [Top] [All Lists]