[BEHAVE] errata 4933: RFC 5766 prevent spoofed refresh requests when using short-term credentials
Michael Richardson <mcr+ietf@sandelman.ca> Thu, 16 January 2020 23:11 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B8781200CC for <behave@ietfa.amsl.com>; Thu, 16 Jan 2020 15:11:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Dq4sCAiPRh6V for <behave@ietfa.amsl.com>; Thu, 16 Jan 2020 15:11:15 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 636C21200BA for <behave@ietf.org>; Thu, 16 Jan 2020 15:11:15 -0800 (PST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id CA3CC3897D for <behave@ietf.org>; Thu, 16 Jan 2020 18:10:46 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 8D874D98 for <behave@ietf.org>; Thu, 16 Jan 2020 18:11:14 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: "behave@ietf.org" <behave@ietf.org>
In-Reply-To: <eb6effe49c65b90cf4e6af45b9b701b4f86db608.camel@ericsson.com>
References: <DB7PR07MB4572708BEAC771375AC2AF5395380@DB7PR07MB4572.eurprd07.prod.outlook.com> <20200110123841.GD8801@faui48f.informatik.uni-erlangen.de> <29758.1578671195@localhost> <eb6effe49c65b90cf4e6af45b9b701b4f86db608.camel@ericsson.com>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Thu, 16 Jan 2020 18:11:14 -0500
Message-ID: <11345.1579216274@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/behave/hw6ETV5Cf47ukNuUVrorNefN3Mk>
Subject: [BEHAVE] errata 4933: RFC 5766 prevent spoofed refresh requests when using short-term credentials
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/behave/>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2020 23:11:18 -0000
https://www.rfc-editor.org/errata_search.php?eid=4933 4933> Section 17.3.3 says: 4933> An attacker might attempt to disrupt service to other users of the 4933> TURN server by sending Refresh requests or CreatePermission requests 4933> that (through source address spoofing) appear to be coming from 4933> another user of the TURN server. TURN prevents this by requiring 4933> that the credentials used in CreatePermission, Refresh, and 4933> ChannelBind messages match those used to create the initial 4933> allocation. Thus, the fake requests from the attacker will be 4933> rejected. 4933> Notes: 4933> When using short-term, credentials expire after a specific amount of time 4933> (such as 5 4933> minutes) and clients get new credentials. The restriction imposed at section 4933> 17.3.3 4933> prevents from refreshing allocation or permission using the new credentials. 4933> This RFC approves RFC 5389. So one can use short-term credentials. But 4933> short-term credentials are useless if it can not be used to refresh 4933> allocation or permission. 4933> The goal of 17.3.3 can be achieved by sending 438 with the new nonce. a) I think we should accept this as verified. b) It seems that sending with the new nonce will work. This requires some text changes, and we can now perhaps use the errata patcher with XML. I've asked for the XML (if there is any), and I'll suggest some changes to the text. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [BEHAVE] Closing the mailing list Magnus Westerlund
- Re: [BEHAVE] Closing the mailing list Toerless Eckert
- Re: [BEHAVE] Closing the mailing list Michael Richardson
- Re: [BEHAVE] Closing the mailing list Dave Thaler
- Re: [BEHAVE] Closing the mailing list Dan Wing
- Re: [BEHAVE] Closing the mailing list Marc Petit-Huguenin
- Re: [BEHAVE] Closing the mailing list Toerless Eckert
- Re: [BEHAVE] Closing the mailing list Rob Evans
- Re: [BEHAVE] Closing the mailing list Toerless Eckert
- Re: [BEHAVE] Closing the mailing list Magnus Westerlund
- Re: [BEHAVE] Closing the mailing list Magnus Westerlund
- Re: [BEHAVE] Closing the mailing list Magnus Westerlund
- Re: [BEHAVE] Closing the mailing list Michael Richardson
- [BEHAVE] errata 4933: RFC 5766 prevent spoofed re… Michael Richardson
- Re: [BEHAVE] errata 4933: RFC 5766 prevent spoofe… Marc Blanchet
- Re: [BEHAVE] errata 4933: RFC 5766 prevent spoofe… Michael Richardson
- Re: [BEHAVE] Closing the mailing list Michael Richardson
- Re: [BEHAVE] errata 4933: RFC 5766 prevent spoofe… Justin Uberti
- Re: [BEHAVE] errata 4933: RFC 5766 prevent spoofe… Magnus Westerlund
- Re: [BEHAVE] errata 4933: RFC 5766 prevent spoofe… Konda, Tirumaleswar Reddy