Re: [MMUSIC] ICEbis: INTEGRITY attribute in Binding Responses clarification
Ari Keränen <ari.keranen@ericsson.com> Thu, 18 April 2013 17:29 UTC
Return-Path: <ari.keranen@ericsson.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0AABE21F91B2 for <mmusic@ietfa.amsl.com>; Thu, 18 Apr 2013 10:29:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.949
X-Spam-Level:
X-Spam-Status: No, score=-5.949 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_SE=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZquqkVSfewj6 for <mmusic@ietfa.amsl.com>; Thu, 18 Apr 2013 10:29:13 -0700 (PDT)
Received: from mailgw7.ericsson.se (mailgw7.ericsson.se [193.180.251.48]) by ietfa.amsl.com (Postfix) with ESMTP id 0F13A21F91B1 for <mmusic@ietf.org>; Thu, 18 Apr 2013 10:29:12 -0700 (PDT)
X-AuditID: c1b4fb30-b7f266d000000cb5-b0-51702d67b052
Received: from esessmw0191.eemea.ericsson.se (Unknown_Domain [153.88.253.125]) by mailgw7.ericsson.se (Symantec Mail Security) with SMTP id E3.F8.03253.76D20715; Thu, 18 Apr 2013 19:29:12 +0200 (CEST)
Received: from mail.lmf.ericsson.se (153.88.115.8) by esessmw0191.eemea.ericsson.se (153.88.115.85) with Microsoft SMTP Server id 8.3.279.1; Thu, 18 Apr 2013 19:29:11 +0200
Received: from nomadiclab.lmf.ericsson.se (nomadiclab.lmf.ericsson.se [131.160.33.3]) by mail.lmf.ericsson.se (Postfix) with ESMTP id A6FF324D0; Thu, 18 Apr 2013 20:29:11 +0300 (EEST)
Received: from nomadiclab.lmf.ericsson.se (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id 445D154A1E; Thu, 18 Apr 2013 20:29:11 +0300 (EEST)
Received: from tri62.nomadiclab.com (localhost [127.0.0.1]) by nomadiclab.lmf.ericsson.se (Postfix) with ESMTP id F2D255113A; Thu, 18 Apr 2013 20:29:10 +0300 (EEST)
Message-ID: <51702D66.3010200@ericsson.com>
Date: Thu, 18 Apr 2013 20:29:10 +0300
From: Ari Keränen <ari.keranen@ericsson.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:17.0) Gecko/20130328 Thunderbird/17.0.5
MIME-Version: 1.0
To: "Pal Martinsen (palmarti)" <palmarti@cisco.com>
References: <1373AC9C23D80E44856F5CF6F883ACAB11379413@xmb-rcd-x06.cisco.com>
In-Reply-To: <1373AC9C23D80E44856F5CF6F883ACAB11379413@xmb-rcd-x06.cisco.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: ClamAV using ClamSMTP
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrCLMWRmVeSWpSXmKPExsUyM+JvrW6GbkGgwd9PXBZTlz9msXh/fSWL A5PHlN8bWT2WLPnJFMAUxWWTkpqTWZZapG+XwJVxpnk5U0Erf8XJNxvZGxibeboYOTkkBEwk /n2/wwxhi0lcuLeerYuRi0NI4BSjxJ9pV6GcDYwSM6begXJ2M0rMubcerEVIYB2jRN+8EIjE CkaJ0ytusHQxcnDwCmhLrG0IBTFZBFQlLmwpAylnE7CXuDnhOjtIWFQgWeL/Dm+QMK+AoMTJ mU9YQGwRAWOJ5iNH2UFsZgEZiRlnG5lAbGEBb4n+/zfYIbb6SJw71A9mcwr4Sly7f5IJot5W 4sKc6ywQtrxE89bZUI+pSVw9twnqYlWJq/9eMU5gFJ2FZPUsJO2zkLQvYGRexciem5iZk15u vokRGPIHt/w22MG46b7YIUZpDhYlcd5w1wsBQgLpiSWp2ampBalF8UWlOanFhxiZODilGhi5 /L+az9y+SvYvw/qNmh92Lu4WWCT1OWzud/boytZ5SjK7lSJ1/1SWWETGy1jKfgyI8Fp7WGVu b8V/ZSWDqU7XsjyNmf0+ZW46dHhVpNnZr37xyWEbblkcy37ksiieK3lNsfC9LRHFMQ3xa7b/ itrn/Pz/hZlsZ2NTdhRbiHGU6ps3rljjdUuJpTgj0VCLuag4EQBFMiLvRwIAAA==
Cc: mmusic <mmusic@ietf.org>
Subject: Re: [MMUSIC] ICEbis: INTEGRITY attribute in Binding Responses clarification
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2013 17:29:14 -0000
Hi Pål-Erik,
I agree that making this more explicit makes sense.
The second paragraph of 7.2 starts now with:
The agent MUST use the short-term credential mechanism (i.e., the
MESSAGE-INTEGRITY attribute) to authenticate the request and perform
a message integrity check. Likewise, the short-term credential
mechanism MUST be used for the response.
Unless someone sees some problem with this (in that case, please
comment), I'll make this change for the next revision.
Cheers,
Ari
On 4/2/13 12:59 PM, Pal Martinsen (palmarti) wrote:
> Hi,
>
> I was reading through the ICE RFC and trying to figure out if Binding
> Responses needed the INTEGRITY attribute. Usually the ICE RFC is very
> descriptive in what to include in the messages, but I could not find
> any text clearly stating that the INTEGRITY attribute must be
> included in the Binding Responses.
>
> When reading the STUN RFC it states in section 7.3.1.1: "If the
> server authenticated the request using an authentication mechanism,
> then the server SHOULD add the appropriate authentication attributes
> to the response (see Section 10)."
>
> Is this SHOULD strong enough for the connectivity checks performed by
> ICE? Should it be changed to a MUST?
>
> To spell it out for readers like me, I propose the following changes
> to section 7.2 the second paragraph of the ICE RFC
> (http://tools.ietf.org/html/draft-keranen-mmusic-rfc5245bis-01#section-7.2)
>
> The agent MUST use a short-term credential (i.e., the
> MESSAGE-INTEGRITY attribute) to authenticate and perform a message
> integrity check on the request and any response to that request.
>
> Adding the following to section 7.1.3.1 might also help to remind the
> implementors:
>
> The agent MUST use the INTEGRITY-MESSAGE attribute in the Binding
> Response to authenticate the message.
>
>
> .-. Pål-Erik Martinsen
>
- [MMUSIC] ICEbis: INTEGRITY attribute in Binding R… Pal Martinsen (palmarti)
- Re: [MMUSIC] ICEbis: INTEGRITY attribute in Bindi… Ari Keränen