IETF Logo Mail Archive

Re: [rtcweb] What is consent?

Martin Thomson <martin.thomson@gmail.com> Tue, 11 September 2012 16:09 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C0D821F86FC for <rtcweb@ietfa.amsl.com>; Tue, 11 Sep 2012 09:09:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EWTT50T7rbts for <rtcweb@ietfa.amsl.com>; Tue, 11 Sep 2012 09:09:02 -0700 (PDT)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id D4A5F21F86F9 for <rtcweb@ietf.org>; Tue, 11 Sep 2012 09:09:01 -0700 (PDT)
Received: by lahm15 with SMTP id m15so502419lah.31 for <rtcweb@ietf.org>; Tue, 11 Sep 2012 09:09:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=wNXeMcxLHZR2KF4X/XBw//KfVM3S8Jn927/unyeb7Os=; b=PTjWKB2Nzgbwy5QCPIKvbF3KF20KylnVK9/qnncsNYP8QRb/tUK9I/UWgntECESvI9 hVsQN/y/PD33exAOPzUqYVSoHV6JVt5B+2z4wm+xOTAk723eZcuuTe2/F04PJ44k/ubN sBUA4veZ917GdK1gYZZ+LDfIlJqe4Vv2xP1VMq4g8TQlELcQsiJMxN6e/YXpZVxa25vy E7/F8xavWrPmU48Mb2agYiBQB9EtE35t/3095gq/xXyLfGMSkBZS8z+/eoBK/B4J9a21 AFG1OcADYCzeVMqncilBGLXFXb/Hq3iiH16FGdcO6D/jmyL0CqVB7gaDJWitnOVHHAxl /pzA==
MIME-Version: 1.0
Received: by 10.112.27.69 with SMTP id r5mr6057652lbg.91.1347379740676; Tue, 11 Sep 2012 09:09:00 -0700 (PDT)
Received: by 10.112.1.36 with HTTP; Tue, 11 Sep 2012 09:09:00 -0700 (PDT)
In-Reply-To: <CABcZeBNnoQwJu1MYSW=6q6pkrgXSPSUtVyOsngrPP6b8GaegdQ@mail.gmail.com>
References: <CABkgnnXAPZ5BN=CUwYdEpHKbCLBxctqpONL==QWf_WwgrNEK_A@mail.gmail.com> <CABcZeBNnoQwJu1MYSW=6q6pkrgXSPSUtVyOsngrPP6b8GaegdQ@mail.gmail.com>
Date: Tue, 11 Sep 2012 09:09:00 -0700
Message-ID: <CABkgnnUNhka8OJsiNCV5iOvU_cGyvt_y8=DN6qnud3Xr-dy1iQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Content-Type: text/plain; charset="UTF-8"
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] What is consent?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2012 16:09:03 -0000

Clearly, I did miss something.  Obviously, this relates to the bit in
ICE where it requires that the STUN backward compatibility measures
are not used.

But it didn't really answer my question.

Clearly, an RFC 3489 STUN server will not pass this basic test.  That
means that we can safely exclude servers like stunserver.org from the
set of consenting peers.

I suspect that for practical reasons we have to tolerate missing
MESSAGE-INTEGRITY and FINGERPRINT.  That means we can at least use old
servers to collect server reflexive addresses.  For those old servers
it's trivial to use the absence of either parameter as an indication
that they do not provide consent.

But the question stands: for STUN servers that are 5389 compliant,
what distinguishes the STUN server from a consenting peer?

--Martin

p.s. I reached my conclusion for the following reasons:
1. Section 7.1.3.2 of RFC 5245, which I presumed to be
complete...which it is, sort of.
2. MESSAGE-INTEGRITY is only of questionable utility in the response
if you assume that the server is ignoring requests that don't have a
valid MESSAGE-INTEGRITY.

On 10 September 2012 17:44, Eric Rescorla <ekr@rtfm.com> wrote:
> You lost me here.  RFC 5389 specifically requires that if the
> client provided MESSAGE-INTEGRITY in the Binding Response
> in S 10.1.2:
>
>    If these checks pass, the agent continues to process the request or
>    indication.  Any response generated by a server MUST include the
>    MESSAGE-INTEGRITY attribute, computed using the password utilized to
>    authenticate the request.  The response MUST NOT contain the USERNAME
>    attribute.
>
> And the client is required to check it in 10.1.3:
>
> 10.1.3.  Receiving a Response
>
>    The client looks for the MESSAGE-INTEGRITY attribute in the response.
>    If present, the client computes the message integrity over the
>    response as defined in Section 15.4, using the same password it
>    utilized for the request.  If the resulting value matches the
>    contents of the MESSAGE-INTEGRITY attribute, the response is
>    considered authenticated.  If the value does not match, or if
>    MESSAGE-INTEGRITY was absent, the response MUST be discarded, as if
>    it was never received.  This means that retransmits, if applicable,
>    will continue.
>
>
> -Ekr

v2.23.0 | Report a Bug | By Email