Re: [MMUSIC] 1 Week WGLC for draft-ietf-mmusic-rtsp-nat-evaluation-06

Magnus Westerlund <magnus.westerlund@ericsson.com> Thu, 23 May 2013 14:47 UTC

Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 61EAE21F8A6B for <mmusic@ietfa.amsl.com>; Thu, 23 May 2013 07:47:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.117
X-Spam-Level:
X-Spam-Status: No, score=-105.117 tagged_above=-999 required=5 tests=[AWL=0.832, BAYES_00=-2.599, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ykvBZwx8iW1z for <mmusic@ietfa.amsl.com>; Thu, 23 May 2013 07:47:23 -0700 (PDT)
Received: from mailgw1.ericsson.se (mailgw1.ericsson.se [193.180.251.45]) by ietfa.amsl.com (Postfix) with ESMTP id 0C9E721F8CA5 for <mmusic@ietf.org>; Thu, 23 May 2013 07:47:21 -0700 (PDT)
X-AuditID: c1b4fb2d-b7fe36d000007102-51-519e2bf8c7ff
Received: from esessmw0237.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw1.ericsson.se (Symantec Mail Security) with SMTP id A2.14.28930.8FB2E915; Thu, 23 May 2013 16:47:20 +0200 (CEST)
Received: from [127.0.0.1] (153.88.115.8) by esessmw0237.eemea.ericsson.se (153.88.115.91) with Microsoft SMTP Server id 8.3.279.1; Thu, 23 May 2013 16:47:20 +0200
Message-ID: <519E2BF8.7040500@ericsson.com>
Date: Thu, 23 May 2013 16:47:20 +0200
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20130509 Thunderbird/17.0.6
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Ari_Ker=E4nen?= <ari.keranen@ericsson.com>
References: <518BB81A.8090608@cisco.com> <51965190.10900@ericsson.com>
In-Reply-To: <51965190.10900@ericsson.com>
X-Enigmail-Version: 1.5.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprILMWRmVeSWpSXmKPExsUyM+Jvre4P7XmBBh1zbCzu9r5gspi6/DGL A5PHkiU/mTy+XP7MFsAUxWWTkpqTWZZapG+XwJVx5cZz5oJ3PBVzz75jamDcwNXFyMkhIWAi MefJCkYIW0ziwr31bF2MXBxCAqcYJZ5vPc0K4SxnlPj2bz8zSBWvgLbE1xu72UFsFgFVia/r p7KB2GwCFhI3fzSC2aICwRJHtm9mgagXlDg58wmYLSJgKzHn6lqwXmaBUIk/F9eA1QsL+En0 HdrJBGILCbhJfNr0HqyeU0BL4sPTNjaI6yQltrxoh+rVk5hytYURwpaXaN46mxmiV1uioamD dQKj0Cwkq2chaZmFpGUBI/MqRvbcxMyc9HLDTYzAYD245bfuDsZT50QOMUpzsCiJ8/ZqTw0U EkhPLEnNTk0tSC2KLyrNSS0+xMjEwSnVwNiZ+MbYKr1mzqtZUz7ub363XdTH1tfw1xX9W3E1 8wIkGNa1Z4T7vqjz3Ft56+BqdfFL0opif9SrW17OFOWSO/Y2XeAfw5SKkJNa9nclWb8rBfUx XDTcLRYcul68tYWPjV+tdI670NSXMaydLCJLWiL61uwWtT/mq9KxiDvkQW3S3eplrQmOSizF GYmGWsxFxYkA9WmLKiQCAAA=
Cc: mmusic <mmusic@ietf.org>, draft-ietf-mmusic-rtsp-nat-evaluation@tools.ietf.org
Subject: Re: [MMUSIC] 1 Week WGLC for draft-ietf-mmusic-rtsp-nat-evaluation-06
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 May 2013 14:47:28 -0000

On 2013-05-17 17:49, Ari Keränen wrote:

> 
> 
> 4.9.1.  [TURN] Introduction
> 
>    On the external side this is
>    limited to the source address/port pair of the first packet arriving
>    on the binding.  After the first packet has arrived the mapping is
>    "locked down" to that address.  Packets from any other source on this
>    address will be discarded.
> 
> This doesn't sound right. This behavior was changed (eventually into
> using permissions) somewhere back in draft-rosenberg-midcom-turn-06. See
> http://tools.ietf.org/html/rfc5766#section-2.3 for up-to-date behavior.
> Check also steps 5 & 7 in the next section and section 4.9.4 for more
> lock down text.

I changed this to:

To prevent DoS attacks on either recipient, the packets forwarded are
restricted to the specific source address. On the client side it is
restricted to the source setting up the allocation. On the external side
this is limited to the source address/port pair that have been given
permission by the TURN client creating the allocation. Packets from any
other source on this address will be discarded.

I will shortly submit an updated draft.

Cheers

Magnus Westerlund

----------------------------------------------------------------------
Multimedia Technologies, Ericsson Research EAB/TVM
----------------------------------------------------------------------
Ericsson AB                | Phone  +46 10 7148287
Färögatan 6                | Mobile +46 73 0949079
SE-164 80 Stockholm, Sweden| mailto: magnus.westerlund@ericsson.com
----------------------------------------------------------------------