[MMUSIC] ICEbis: INTEGRITY attribute in Binding Responses clarification
"Pal Martinsen (palmarti)" <palmarti@cisco.com> Tue, 02 April 2013 09:59 UTC
Return-Path: <palmarti@cisco.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B45F21F97E0 for <mmusic@ietfa.amsl.com>; Tue, 2 Apr 2013 02:59:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wj9Z4RiCn4rf for <mmusic@ietfa.amsl.com>; Tue, 2 Apr 2013 02:59:18 -0700 (PDT)
Received: from rcdn-iport-1.cisco.com (rcdn-iport-1.cisco.com [173.37.86.72]) by ietfa.amsl.com (Postfix) with ESMTP id 7054521F97CC for <mmusic@ietf.org>; Tue, 2 Apr 2013 02:59:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=1331; q=dns/txt; s=iport; t=1364896758; x=1366106358; h=from:to:cc:subject:date:message-id:content-id: content-transfer-encoding:mime-version; bh=MUOACNjNe8rd4qKeGrtWG6VerlOyQyo2v3pU1dXtfkI=; b=akQmheX82RqQM3XZMlwchr6aQrFrk36TgTftUwpS9sNl5yECrfMM2GCA XzxS3p2pfQUPlKjige7t0LJN14S3dsxX9cBl/qVFR2fkbGDPeF052E3Y3 o1BOAtyUKQjYHJBME8Bglaf8xTRw/XEDpJeGH3nLI+FG26UNTwAgBkw3c M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAFAA2rWlGtJV2d/2dsb2JhbABDgzu/Q4ECFnSCIQEEeRIBKlYnBA4NiAwMsRCQD455MYJmYQOIQo9Ij2yDC4Io
X-IronPort-AV: E=Sophos;i="4.87,392,1363132800"; d="scan'208";a="193772076"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-1.cisco.com with ESMTP; 02 Apr 2013 09:59:18 +0000
Received: from xhc-aln-x09.cisco.com (xhc-aln-x09.cisco.com [173.36.12.83]) by rcdn-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id r329xIhD001173 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 2 Apr 2013 09:59:18 GMT
Received: from xmb-rcd-x06.cisco.com ([169.254.6.244]) by xhc-aln-x09.cisco.com ([173.36.12.83]) with mapi id 14.02.0318.004; Tue, 2 Apr 2013 04:59:17 -0500
From: "Pal Martinsen (palmarti)" <palmarti@cisco.com>
To: mmusic <mmusic@ietf.org>
Thread-Topic: ICEbis: INTEGRITY attribute in Binding Responses clarification
Thread-Index: AQHOL4i91kOsilde8UigXRvzFJV/5g==
Date: Tue, 02 Apr 2013 09:59:17 +0000
Message-ID: <1373AC9C23D80E44856F5CF6F883ACAB11379413@xmb-rcd-x06.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.55.154.71]
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <265F16576385914CA6D48BB43A0DCA3B@emea.cisco.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: Ari Keränen <ari.keranen@ericsson.com>
Subject: [MMUSIC] ICEbis: INTEGRITY attribute in Binding Responses clarification
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/mmusic>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2013 09:59:19 -0000
Hi, I was reading through the ICE RFC and trying to figure out if Binding Responses needed the INTEGRITY attribute. Usually the ICE RFC is very descriptive in what to include in the messages, but I could not find any text clearly stating that the INTEGRITY attribute must be included in the Binding Responses. When reading the STUN RFC it states in section 7.3.1.1: "If the server authenticated the request using an authentication mechanism, then the server SHOULD add the appropriate authentication attributes to the response (see Section 10)." Is this SHOULD strong enough for the connectivity checks performed by ICE? Should it be changed to a MUST? To spell it out for readers like me, I propose the following changes to section 7.2 the second paragraph of the ICE RFC (http://tools.ietf.org/html/draft-keranen-mmusic-rfc5245bis-01#section-7.2) The agent MUST use a short-term credential (i.e., the MESSAGE-INTEGRITY attribute) to authenticate and perform a message integrity check on the request and any response to that request. Adding the following to section 7.1.3.1 might also help to remind the implementors: The agent MUST use the INTEGRITY-MESSAGE attribute in the Binding Response to authenticate the message. .-. Pål-Erik Martinsen
- [MMUSIC] ICEbis: INTEGRITY attribute in Binding R… Pal Martinsen (palmarti)
- Re: [MMUSIC] ICEbis: INTEGRITY attribute in Bindi… Ari Keränen