Re: [MMUSIC] 1 Week WGLC for draft-ietf-mmusic-rtsp-nat-evaluation-06

Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 27 May 2013 09:30 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E81321F90AC for <mmusic@ietfa.amsl.com>; Mon, 27 May 2013 02:30:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.949
X-Spam-Level:
X-Spam-Status: No, score=-105.949 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bib5Wwg+5NWq for <mmusic@ietfa.amsl.com>; Mon, 27 May 2013 02:29:55 -0700 (PDT)
Received: from mailgw7.ericsson.se (mailgw7.ericsson.se [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id 5D94E21F8FB3 for <mmusic@ietf.org>; Mon, 27 May 2013 02:29:53 -0700 (PDT)
X-AuditID: c1b4fb30-b7f8a6d000001a2d-3b-51a327909ec4
Received: from esessmw0197.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw7.ericsson.se (Symantec Mail Security) with SMTP id 0E.59.06701.09723A15; Mon, 27 May 2013 11:29:53 +0200 (CEST)
Received: from [127.0.0.1] (153.88.115.8) by esessmw0197.eemea.ericsson.se (153.88.115.88) with Microsoft SMTP Server id 8.3.279.1; Mon, 27 May 2013 11:29:52 +0200
Message-ID: <51A3278D.8060402@ericsson.com>
Date: Mon, 27 May 2013 11:29:49 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Ari_Ker=E4nen?= <ari.keranen@ericsson.com>
References: <518BB81A.8090608@cisco.com> <51965190.10900@ericsson.com> <519E2BF8.7040500@ericsson.com> <519E58D1.6080600@ericsson.com>
In-Reply-To: <519E58D1.6080600@ericsson.com>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFupnluLIzCtJLcpLzFFi42KZGfG3Vnei+uJAg1VnOC3u9r5gspi6/DGL A5PHkiU/mTy+XP7MFsAUxWWTkpqTWZZapG+XwJWxfuYd9oKDQhXzP/QwNTC+4uti5OSQEDCR OHzlMyuELSZx4d56NhBbSOAUo8TKawIQ9nJGiSfXtEFsXgFtiY1XJzN3MXJwsAioSlzabgIS ZhOwkLj5oxGsVVQgWOLI9s0sEOWCEidnPgGzRQRsJeZcXcsOYjMLhEr8ubgGrF5YwE+i79BO pi5GLqBVbYwSt/bvYwJJcAroSByac5UF4jZJiS0v2qGa9SSmXG1hhLDlJZq3zmaGuFNboqGp g3UCo9AsJLtnIWmZhaRlASPzKkb23MTMnPRy802MwEA9uOW3wQ7GTffFDjFKc7AoifPq8y4O FBJITyxJzU5NLUgtii8qzUktPsTIxMEp1cBomHDWyp1vXY3UaVZLf/9nG/8sZC1/rh71e+7z /ZoX+qSXLzHnVhTntlLZ/Tsya8lizu67BwvdtXKzk+N81pSLpJxZG7/1KuNflTVifElPL387 tdmq6nDL8fPhayrXdjGuZ3KxvrwregHvxaW2RxfsCL6+cWnOT2sO5exv0565n7HcPqn2h5yV EktxRqKhFnNRcSIA90geJCICAAA=
Cc: mmusic <mmusic@ietf.org>, draft-ietf-mmusic-rtsp-nat-evaluation@tools.ietf.org
Subject: Re: [MMUSIC] 1 Week WGLC for draft-ietf-mmusic-rtsp-nat-evaluation-06
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 May 2013 09:30:00 -0000

Hi,

Sorry for missing the other changes. I think I gotten all the lock down
changed now. This has resulted in some significant changes in the text
for TURN relays, including a server implementation requirement. I
recommend that people do take a look at the diff:

http://www.ietf.org/rfcdiff?url2=draft-ietf-mmusic-rtsp-nat-evaluation-08

Cheers

Magnus


On 2013-05-23 19:58, Ari Keränen wrote:
> On 5/23/13 5:47 PM, Magnus Westerlund wrote:
>> On 2013-05-17 17:49, Ari Keränen wrote:
>>
>>>
>>>
>>> 4.9.1.  [TURN] Introduction
>>>
>>>     On the external side this is
>>>     limited to the source address/port pair of the first packet arriving
>>>     on the binding.  After the first packet has arrived the mapping is
>>>     "locked down" to that address.  Packets from any other source on
>>> this
>>>     address will be discarded.
>>>
>>> This doesn't sound right. This behavior was changed (eventually into
>>> using permissions) somewhere back in draft-rosenberg-midcom-turn-06. See
>>> http://tools.ietf.org/html/rfc5766#section-2.3 for up-to-date behavior.
>>> Check also steps 5 & 7 in the next section and section 4.9.4 for more
>>> lock down text.
>>
>> I changed this to:
>>
>> To prevent DoS attacks on either recipient, the packets forwarded are
>> restricted to the specific source address. On the client side it is
>> restricted to the source setting up the allocation. On the external side
>> this is limited to the source address/port pair that have been given
>> permission by the TURN client creating the allocation. Packets from any
>> other source on this address will be discarded.
>>
>> I will shortly submit an updated draft.
> 
> Looks good to me. However, also the following sections had some "lock
> down" text that should be updated (see details on my original mail above).
> 
> 
> Cheers,
> Ari
> 
> 
> 


-- 

Magnus Westerlund

----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------