Re: [BEHAVE] Discusses regarding security mechanism usage for TURN
Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 01 October 2009 16:12 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: behave@core3.amsl.com
Delivered-To: behave@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DFA253A6A74 for <behave@core3.amsl.com>; Thu, 1 Oct 2009 09:12:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.736
X-Spam-Level:
X-Spam-Status: No, score=-5.736 tagged_above=-999 required=5 tests=[AWL=0.513, BAYES_00=-2.599, HELO_EQ_SE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id enxaVFy8eoHP for <behave@core3.amsl.com>; Thu, 1 Oct 2009 09:12:57 -0700 (PDT)
Received: from mailgw5.ericsson.se (mailgw5.ericsson.se [193.180.251.36]) by core3.amsl.com (Postfix) with ESMTP id A56743A6989 for <behave@ietf.org>; Thu, 1 Oct 2009 09:12:56 -0700 (PDT)
X-AuditID: c1b4fb24-b7ba0ae000005786-8e-4ac4d55c60b8
Received: from esealmw128.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw5.ericsson.se (Symantec Mail Security) with SMTP id 4D.1E.22406.C55D4CA4; Thu, 1 Oct 2009 18:14:20 +0200 (CEST)
Received: from esealmw126.eemea.ericsson.se ([153.88.254.170]) by esealmw128.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Thu, 1 Oct 2009 18:13:04 +0200
Received: from [147.214.183.250] ([147.214.183.250]) by esealmw126.eemea.ericsson.se with Microsoft SMTPSVC(6.0.3790.3959); Thu, 1 Oct 2009 18:13:03 +0200
Message-ID: <4AC4D50F.10605@ericsson.com>
Date: Thu, 01 Oct 2009 18:13:03 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Thunderbird 2.0.0.23 (Windows/20090812)
MIME-Version: 1.0
To: Marc Blanchet <marc.blanchet@viagenie.ca>
References: <C67BCA34F23E804199B464EAF3BE55DF06439A68@oslexcp2.eu.tandberg.int> <4AAFF2C5.1010103@acm.org> <200909151616.16445.simon.perreault@viagenie.ca> <4AB0215F.1080407@acm.org> <4AB023B3.2010009@viagenie.ca> <4AB02784.8060604@acm.org> <4AB038E2.2070403@viagenie.ca>
In-Reply-To: <4AB038E2.2070403@viagenie.ca>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-OriginalArrivalTime: 01 Oct 2009 16:13:03.0728 (UTC) FILETIME=[0DD6E700:01CA42B2]
X-Brightmail-Tracker: AAAAAA==
Cc: Peter Livesey <peter.livesey@tandberg.com>, behave@ietf.org, Tim Polk <tim.polk@nist.gov>
Subject: Re: [BEHAVE] Discusses regarding security mechanism usage for TURN
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2009 16:12:58 -0000
Hi, We ADs has discussed the deployment case where you deploy the TURN server on the border between a private domain and the Internet. And because of the clients being controlled and required to be coming from that private domain an per client authentication is not required for using the TURN server. We note that this may fulfill the security requirements. However, the current draft is substantially lacking in description of the details that are needed to handle this case. Both how you reliably determine that a client really is connecting from the trusted domain and how you ensure that the client know if it needs to use the authentication mechanism or not. I personally don't think documenting this model can be done quickly. I would note that TURN can be extended in various ways, that include adding additional security models. So starting work on a separate document for this solution sounds like a possible way forward. TURN has been under development under a long time. It is time we publish TURN. I do note that TURN drafts currently are hold up the following documents from being published: C3 AUTH48 draft-ietf-sipping-app-interaction-framework C3 AUTH48 draft-ietf-sipping-gruu-reg-event C3 MISSREF draft-ietf-sipping-v6-transition C3 AUTH48 draft-ietf-sip-gruu C3 MISSREF draft-ietf-mmusic-ice C3 AUTH48 draft-shacham-sipping-session-mobility C3 MISSREF* draft-ietf-sip-ice-option-tag C3 REF draft-ietf-behave-stun-test-vectors C3 AUTH48 draft-ietf-sip-sips C3 MISSREF draft-ietf-sip-ua-privacy C3 AUTH48 draft-ietf-sip-outbound C3 AUTH48 draft-ietf-sip-record-route-fix I will give the proponents for the above describe security solution time to answer. Then I intended to push forward to get TURN approved. Regards Magnus Westerlund IETF Transport Area Director ---------------------------------------------------------------------- Multimedia Technologies, Ericsson Research EAB/TVM ---------------------------------------------------------------------- Ericsson AB | Phone +46 10 7148287 Färögatan 6 | Mobile +46 73 0949079 SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [BEHAVE] Discusses regarding security mechanism u… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Simon Perreault
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Rémi Denis-Courmont
- Re: [BEHAVE] Discusses regarding security mechani… Simon Perreault
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Dave Thaler
- Re: [BEHAVE] Discusses regarding security mechani… Philip Matthews
- Re: [BEHAVE] Discusses regarding security mechani… Hadriel Kaplan
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Simon Perreault
- Re: [BEHAVE] Discusses regarding security mechani… Matthew Kaufman
- Re: [BEHAVE] Discusses regarding security mechani… Matthew Kaufman
- Re: [BEHAVE] Discusses regarding security mechani… Matthew Kaufman
- Re: [BEHAVE] Discusses regarding security mechani… Matthew Kaufman
- Re: [BEHAVE] Discusses regarding security mechani… Marc Petit-Huguenin
- Re: [BEHAVE] Discusses regarding security mechani… Matthew Kaufman
- Re: [BEHAVE] Discusses regarding security mechani… Dave Thaler
- Re: [BEHAVE] Discusses regarding security mechani… Marc Blanchet
- Re: [BEHAVE] Discusses regarding security mechani… Peter Livesey
- Re: [BEHAVE] Discusses regarding security mechani… Marc Petit-Huguenin
- Re: [BEHAVE] Discusses regarding security mechani… Simon Perreault
- Re: [BEHAVE] Discusses regarding security mechani… Marc Petit-Huguenin
- Re: [BEHAVE] Discusses regarding security mechani… Matthew Kaufman
- Re: [BEHAVE] Discusses regarding security mechani… Marc Petit-Huguenin
- Re: [BEHAVE] Discusses regarding security mechani… Marc Petit-Huguenin
- Re: [BEHAVE] Discusses regarding security mechani… Marc Petit-Huguenin
- Re: [BEHAVE] Discusses regarding security mechani… Marc Blanchet
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Cullen Jennings
- Re: [BEHAVE] Discusses regarding security mechani… Polk, William T.
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Matthew Kaufman
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Simon Perreault
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Marc Petit-Huguenin
- Re: [BEHAVE] Discusses regarding security mechani… Simon Perreault
- Re: [BEHAVE] Discusses regarding security mechani… Polk, William T.
- Re: [BEHAVE] Discusses regarding security mechani… Dave Thaler
- Re: [BEHAVE] Discusses regarding security mechani… Simon Perreault
- Re: [BEHAVE] Discusses regarding security mechani… Marc Petit-Huguenin
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Simon Perreault
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund
- Re: [BEHAVE] Discusses regarding security mechani… Simon Perreault
- Re: [BEHAVE] Discusses regarding security mechani… Magnus Westerlund