IETF Logo Mail Archive

Re: [pntaw] More on draft-hutton-rtcweb-nat-firewall-considerations

Simon Perreault <simon.perreault@viagenie.ca> Tue, 24 September 2013 14:55 UTC

Return-Path: <simon.perreault@viagenie.ca>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35C4621F963F for <pntaw@ietfa.amsl.com>; Tue, 24 Sep 2013 07:55:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.522
X-Spam-Level:
X-Spam-Status: No, score=-2.522 tagged_above=-999 required=5 tests=[AWL=-0.078, BAYES_00=-2.599, NO_RELAYS=-0.001, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1mwajS-n4wSX for <pntaw@ietfa.amsl.com>; Tue, 24 Sep 2013 07:55:36 -0700 (PDT)
Received: from jazz.viagenie.ca (jazz.viagenie.ca [IPv6:2620:0:230:8000::2]) by ietfa.amsl.com (Postfix) with ESMTP id C1C3121F93DB for <pntaw@ietf.org>; Tue, 24 Sep 2013 07:55:36 -0700 (PDT)
Received: from [IPv6:::1] (unknown [IPv6:2001:660:3001:4012:245a:a34b:600:fe8b]) by jazz.viagenie.ca (Postfix) with ESMTPSA id C6CFF4020B; Tue, 24 Sep 2013 10:55:35 -0400 (EDT)
Message-ID: <5241A7E7.8070101@viagenie.ca>
Date: Tue, 24 Sep 2013 16:55:35 +0200
From: Simon Perreault <simon.perreault@viagenie.ca>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.0
MIME-Version: 1.0
To: Oleg Moskalenko <mom040267@gmail.com>, "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
References: <52411CD5.1050909@gmail.com> <CALDtMr+O8__AUk9qXm9yz4ePNtV_n=V31oHNQ_a068viV_uZYg@mail.gmail.com> <913383AAA69FF945B8F946018B75898A1907DC09@xmb-rcd-x10.cisco.com> <CALDtMrKOdWSRxM4c_XW7rv6_hTcsa_Zp2A+83zoK3+fHYR0rrA@mail.gmail.com>
In-Reply-To: <CALDtMrKOdWSRxM4c_XW7rv6_hTcsa_Zp2A+83zoK3+fHYR0rrA@mail.gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Cc: Melinda Shore <melinda.shore@gmail.com>, "pntaw@ietf.org" <pntaw@ietf.org>
Subject: Re: [pntaw] More on draft-hutton-rtcweb-nat-firewall-considerations
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Sep 2013 14:55:37 -0000

Le 2013-09-24 16:37, Oleg Moskalenko a écrit :
> As STUN Binding request/response dialog is usually implemented without
> authentication in the STUN/TURN servers, that may be really a concern.

I don't think the problem is server-side. FWIW, our server has supported
STUN auth since day one. I expect adding STUN auth to other server
implementations would be easy.

The problem is practical. Our free STUN service is configured to not
require auth for STUN. And clients almost never do use auth for STUN.
It's the way STUN is being used that is problematic.

Simon

v2.23.0 | Report a Bug | By Email