Re: [rtcweb] Stephen Farrell's Discuss on draft-ietf-rtcweb-stun-consent-freshness-15: (with DISCUSS and COMMENT)
"Ram Mohan R (rmohanr)" <rmohanr@cisco.com> Wed, 12 August 2015 03:21 UTC
Return-Path: <rmohanr@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 510FB1A8837; Tue, 11 Aug 2015 20:21:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.51
X-Spam-Level:
X-Spam-Status: No, score=-14.51 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xqTVHvWsB9pO; Tue, 11 Aug 2015 20:21:19 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B147D1A8826; Tue, 11 Aug 2015 20:21:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=27961; q=dns/txt; s=iport; t=1439349679; x=1440559279; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=u50FJFAAYkRgdiM+ybe1I9oGHbR1wSGLhsmjyglwjvo=; b=iepKU9qOm/6TIaZRxtoeJSzvXtTy9hEdigKuSZtvDrS3dC1++0H5c/LC VGRXod8EVSwLwDvu+Upw+3SN5i/d56OquPrq0khxBaeU+pUTmcgRpD6Bp hZnkN+zOpnlneP9wyWWhYRUCQ3y0DMy0q/BPIuvDt2VCBPl/XPNOxxXoV s=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0ArAwA7u8pV/5NdJa1dgk5NVGkGvWEJgXiFLUoCgUk4FAEBAQEBAQGBCoQjAQEBBHkQAgEIEQMBAQEBIAMEByERFAkIAgQBDQWIGQMSDcoGDYVFAQEBAQEBAQEBAQEBAQEBAQEBAQEBF4tRgk+BVxEBBjoNBAcJhCMFhxyNdAGFA4V6gWyBSkaDYIMZiU+DTYNmJoIPHBWBPnEBgQ06gQQBAQE
X-IronPort-AV: E=Sophos; i="5.15,658,1432598400"; d="scan'208,217"; a="19760730"
Received: from rcdn-core-11.cisco.com ([173.37.93.147]) by rcdn-iport-5.cisco.com with ESMTP; 12 Aug 2015 03:21:16 +0000
Received: from XCH-ALN-015.cisco.com (xch-aln-015.cisco.com [173.36.7.25]) by rcdn-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id t7C3LGV5022124 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 12 Aug 2015 03:21:16 GMT
Received: from xch-aln-015.cisco.com (173.36.7.25) by XCH-ALN-015.cisco.com (173.36.7.25) with Microsoft SMTP Server (TLS) id 15.0.1104.5; Tue, 11 Aug 2015 22:21:15 -0500
Received: from xhc-aln-x08.cisco.com (173.36.12.82) by xch-aln-015.cisco.com (173.36.7.25) with Microsoft SMTP Server (TLS) id 15.0.1104.5 via Frontend Transport; Tue, 11 Aug 2015 22:21:15 -0500
Received: from xmb-aln-x05.cisco.com ([169.254.11.9]) by xhc-aln-x08.cisco.com ([173.36.12.82]) with mapi id 14.03.0248.002; Tue, 11 Aug 2015 22:21:15 -0500
From: "Ram Mohan R (rmohanr)" <rmohanr@cisco.com>
To: Muthu Arul Mozhi Perumal <muthu.arul@gmail.com>, Martin Thomson <martin.thomson@gmail.com>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-rtcweb-stun-consent-freshness-15: (with DISCUSS and COMMENT)
Thread-Index: AQHQ1K3xturUziTeo0O4VCdPhz6XSQ==
Date: Wed, 12 Aug 2015 03:21:14 +0000
Message-ID: <D1F0B7F8.3C254%rmohanr@cisco.com>
References: <20150805223837.26225.49192.idtracker@ietfa.amsl.com> <CAKz0y8w7hQWD=dPOwa79CprkbvL5SV7p64xpjLo4zTvaYXAw6Q@mail.gmail.com> <913383AAA69FF945B8F946018B75898A478BCD7E@xmb-rcd-x10.cisco.com> <CABkgnnUrivK=X6FQ2usrZ7531CrCENo4bdDKk9WfNc7PzKg0sw@mail.gmail.com> <CAKz0y8z=KanseGOFG=i5Ysc8SGcuFcwnEHyAXtHEpuhioqS8yA@mail.gmail.com>
In-Reply-To: <CAKz0y8z=KanseGOFG=i5Ysc8SGcuFcwnEHyAXtHEpuhioqS8yA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.5.3.150624
x-originating-ip: [173.36.7.24]
Content-Type: multipart/alternative; boundary="_000_D1F0B7F83C254rmohanrciscocom_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/b58s0wNusmbTRQ6o85GD0fViywg>
X-Mailman-Approved-At: Wed, 12 Aug 2015 08:07:52 -0700
Cc: "draft-ietf-rtcweb-stun-consent-freshness@ietf.org" <draft-ietf-rtcweb-stun-consent-freshness@ietf.org>, "rtcweb-chairs@ietf.org" <rtcweb-chairs@ietf.org>, "draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org" <draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org" <draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org>
Subject: Re: [rtcweb] Stephen Farrell's Discuss on draft-ietf-rtcweb-stun-consent-freshness-15: (with DISCUSS and COMMENT)
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2015 03:21:23 -0000
Ok.removed that para. Here is the updated diff. https://github.com/Draft-Mafia/Consentfreshness/compare/master...rmohanr-StephenConsentFreshness Thanks, Ram From: Muthu Arul Mozhi Perumal <muthu.arul@gmail.com<mailto:muthu.arul@gmail.com>> Date: Wednesday, 12 August 2015 8:35 am To: Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>> Cc: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com<mailto:tireddy@cisco.com>>, Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>>, The IESG <iesg@ietf.org<mailto:iesg@ietf.org>>, "draft-ietf-rtcweb-stun-consent-freshness@ietf.org<mailto:draft-ietf-rtcweb-stun-consent-freshness@ietf.org>" <draft-ietf-rtcweb-stun-consent-freshness@ietf.org<mailto:draft-ietf-rtcweb-stun-consent-freshness@ietf.org>>, "rtcweb-chairs@ietf.org<mailto:rtcweb-chairs@ietf.org>" <rtcweb-chairs@ietf.org<mailto:rtcweb-chairs@ietf.org>>, "draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org<mailto:draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org>" <draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org<mailto:draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org>>, "draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org<mailto:draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org>" <draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org<mailto:draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org>>, "rtcweb@ietf.org<mailto:rtcweb@ietf.org>" <rtcweb@ietf.org<mailto:rtcweb@ietf.org>> Subject: Re: Stephen Farrell's Discuss on draft-ietf-rtcweb-stun-consent-freshness-15: (with DISCUSS and COMMENT) +1 Rest of the changes look good to me.. thanks, Muthu On Tue, Aug 11, 2015 at 10:35 PM, Martin Thomson <martin.thomson@gmail.com<mailto:martin.thomson@gmail.com>> wrote: You can strike all of this: "The only human level "consent" here is that the application + developer (e.g. WebRTC browser implementer) has programmed their + application to adhere to this specification. The actual end users + who are involved in the call have not consented to anything just + because their browser uses this protocol." On 11 August 2015 at 07:31, Tirumaleswar Reddy (tireddy) <tireddy@cisco.com<mailto:tireddy@cisco.com>> wrote: > Hi Stephen, > > > > Updated draft to address your comments > https://github.com/Draft-Mafia/Consentfreshness/compare/master...rmohanr-StephenConsentFreshness, > Please have a look. > > Also see inline [TR] > > > > From: Muthu Arul Mozhi Perumal [mailto:muthu.arul@gmail.com<mailto:muthu.arul@gmail.com>] > Sent: Thursday, August 06, 2015 10:27 AM > To: Stephen Farrell > Cc: The IESG; draft-ietf-rtcweb-stun-consent-freshness@ietf.org<mailto:draft-ietf-rtcweb-stun-consent-freshness@ietf.org>; > rtcweb-chairs@ietf.org<mailto:rtcweb-chairs@ietf.org>; > draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org<mailto:draft-ietf-rtcweb-stun-consent-freshness.shepherd@ietf.org>; > draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org<mailto:draft-ietf-rtcweb-stun-consent-freshness.ad@ietf.org>; rtcweb@ietf.org<mailto:rtcweb@ietf.org> > Subject: Re: Stephen Farrell's Discuss on > draft-ietf-rtcweb-stun-consent-freshness-15: (with DISCUSS and COMMENT) > > > > Hi Stephen, > > > > On Thu, Aug 6, 2015 at 4:08 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>> > wrote: > > Stephen Farrell has entered the following ballot position for > draft-ietf-rtcweb-stun-consent-freshness-15: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-rtcweb-stun-consent-freshness/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > > > Apologies that these discuss points are maybe asking > fairly fundamental questions. That could be that this > is really the first of the new security things required > by rtcweb to get to the IESG. Or maybe I'm misreading > stuff here, if so, sorry;-) > > (1) Why call this "consent?" That term is (ab)used in > many ways on the web, and adding another variation > without a definition that distinguishes this from "click > ok to my 200 page anti-privacy policy" or "remember that > example.com<http://example.com> is allowed use my camera/mic" seems like a > terrible idea. I also don't see how this can ever be > something to which a normal person can "consent" (i.e. > consciously agree while fully understanding) so the term > is IMO very misleading, and will I fear be used to > mislead further. (See also some of the comments below - > I do not think we ought be as fast and loose with this > aleady terribly badly used term.) To summarise: I'd love > if you did s/consent/anything-else/g but if not, please > define consent here in a way that clearly and > unambiguously distinguishes this usage from other abuses > of the term. > > > > > > [TR] Updated Consent definition. > > > > The document already has a clear and unambiguous definition of the term, > IMHO: > > > > Consent: The mechanism of obtaining permission from the remote > > endpoint to send non-ICE traffic to a remote transport address. > > Consent is obtained using ICE. > > > > Is that definition lacking something? I think finding an alter term would be > as hard as finding an alternate term for 'attack' as used in several RFCs > [attack being (ab)used in many contexts, including in heart attack ;)] > > > > > (2) WebRTC does not require STUN or TURN servers for > some calls, even if it does for many. Why is it ok to > require such a server be present in all calls (which I > think this means) espcially when that means exposing > additional meta-data (calling parties in a case where > the servers weren't needed and call duration in all > cases) to those servers when that is not always > necessary? > > > > That looks a misunderstanding. Consent freshness doesn't require such > server's to be present. Please point out to the text leading to the > misunderstanding. > > > > > (3) (end of p5) You have a MUST NOT here that is > depenedent on current browser implementations. Why is > that an IETF thing and not a W3C thing? But more > interestingly, can one securely use this protocol > without the kind of JS vs. browser sandboxing etc that's > needed in the web? > > > > Yes, the mechanism has the same security properties within and outside the > WebRTC sandboxing. > > > > If the answer is "no" then don't you > need to say that this protocol can only safely be used > for such implementations? (In section 2, which almost > but not quite says that.) > > > > Section 2 doesn't say that. It only says WebRTC is the primary use case for > the mechanism at the moment and future use cases based on similar sandboxing > models can make use of it. > > > > > (4) Cleared. > > (5) Cleared. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > > (Was discuss point#4) > "Section 8: Where are these 96 bits defined? I think > this "requires..." statement needs a precise reference > to the place in some ICE/TURN/STUN RFC where it's > defined. (And I forget where that is, sorry:-) This > should be an easy fix." > Alissa gave me the reference [1] sothat's grand. It > might be an idea to make that clearer if it wasn't > just me missing it as I read, which is very possible;-) > > [1] https://tools.ietf.org/html/rfc5389#section-6 > > - abstract: why is only sending "media" mentioned here? > What about data channels? And the body of the document > in fact says this all applies to any non-ICE data and > not only media. > > > > Agree, that should be "traffic". > > > > > - intro: "initial consent to send by performing STUN" I > do not find the word consent in either rfc5245 or 3489, > but perhaps it is used somewhere else. Where? And with > what meaning? > > > > Consent is a new usage of STUN and is described in > draft-ietf-rtcweb-security-arch, draft-ietf-rtcweb-security and in this > document. > > > > > - section 4, 2nd last para - I think the conclusion is > bogus. An implementation knows when the keying it's > using can not involve >1 (nominally operating) party. > > > > That paragraph is here: > > > > When Secure Real-time Transport Protocol (SRTP) is used, the > > following considerations are applicable. SRTP is encrypted and > > authenticated with symmetric keys; that is, both sender and receiver > > know the keys. With two party sessions, receipt of an authenticated > > packet from the single remote party is a strong assurance the packet > > came from that party. However, when a session involves more than two > > parties, all of whom know each other's keys, any of those parties > > could have sent (or spoofed) the packet. Such shared key > > distributions are possible with some MIKEY [RFC3830] modes, Security > > Descriptions [RFC4568], and EKT [I-D.ietf-avtcore-srtp-ekt]. Thus, > > in such shared keying distributions, receipt of an authenticated SRTP > > packet is not sufficient to verify consent. > > > > I'll defer it to someone who has more knowledge that me on shared key > distribution.. > > > > [TR] The idea behind the above paragraph is to use STUN consent checks in > both two party and multi-party sessions. Consent checks uses > > point-to-point keys so the endpoint knows if each remote peer in the call is > willing to receive traffic or not. > > > > -Tiru > > > > > - 5.1, 3rd para: "Explicit consent to send is > obtained..." is misleading. That is not a concept that > an implementation of STUN will embody. > > > > As said earlier, consent is a new STUN usage. How would the following? > > > > An endpoint that implements this specification obtains and maintains > > consent to send by sending STUN binding request... > > > > > - 5.1, What is the "Note" about TCP for? Why is this > needed? > > > > It is needed because WebRTC data traffic sent over TCP could get converted > to UDP by TURN servers. It is somewhat similar to why we need application > layer security when traffic is sent over IPSec. The later may not be > end-to-end. > > > > Muthu
- [rtcweb] Stephen Farrell's Discuss on draft-ietf-… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Christer Holmberg
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Eric Rescorla
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Eric Rescorla
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Eric Rescorla
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Eric Rescorla
- [rtcweb] TURN permissions for private ips (was: R… Philipp Hancke
- Re: [rtcweb] [tram] TURN permissions for private … Simon Perreault
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Alissa Cooper
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti
- Re: [rtcweb] [tram] TURN permissions for private … Simon Perreault
- Re: [rtcweb] [tram] TURN permissions for private … Eric Rescorla
- Re: [rtcweb] [tram] TURN permissions for private … Philipp Hancke
- [rtcweb] Stephen Farrell's Discuss on draft-ietf-… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Muthu Arul Mozhi Perumal
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Christer Holmberg
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Christer Holmberg
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Xavier Marjou
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Alissa Cooper
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] [tram] TURN permissions for private … Emil Ivov
- Re: [rtcweb] [tram] TURN permissions for private … Jonathan Lennox
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti
- Re: [rtcweb] [tram] TURN permissions for private … Martin Thomson
- Re: [rtcweb] [tram] TURN permissions for private … Jonathan Lennox
- Re: [rtcweb] [tram] TURN permissions for private … Roman Shpount
- Re: [rtcweb] [tram] TURN permissions for private … Martin Thomson
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti
- Re: [rtcweb] [tram] TURN permissions for private … Emil Ivov
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti
- Re: [rtcweb] [tram] TURN permissions for private … Emil Ivov
- Re: [rtcweb] [tram] TURN permissions for private … Pal Martinsen (palmarti)
- Re: [rtcweb] [tram] TURN permissions for private … Emil Ivov
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Tirumaleswar Reddy (tireddy)
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Martin Thomson
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Muthu Arul Mozhi Perumal
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Ram Mohan R (rmohanr)
- Re: [rtcweb] Stephen Farrell's Discuss on draft-i… Stephen Farrell
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti
- Re: [rtcweb] [tram] TURN permissions for private … Cullen Jennings
- Re: [rtcweb] [tram] TURN permissions for private … Justin Uberti