IETF Logo Mail Archive

Re: [rtcweb] What is consent?

Eric Rescorla <ekr@rtfm.com> Tue, 11 September 2012 00:45 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41E9521F871C for <rtcweb@ietfa.amsl.com>; Mon, 10 Sep 2012 17:45:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VjiekElkIgAR for <rtcweb@ietfa.amsl.com>; Mon, 10 Sep 2012 17:45:28 -0700 (PDT)
Received: from mail-ee0-f44.google.com (mail-ee0-f44.google.com [74.125.83.44]) by ietfa.amsl.com (Postfix) with ESMTP id 8604721F871A for <rtcweb@ietf.org>; Mon, 10 Sep 2012 17:45:28 -0700 (PDT)
Received: by eekb45 with SMTP id b45so1626945eek.31 for <rtcweb@ietf.org>; Mon, 10 Sep 2012 17:45:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:x-gm-message-state; bh=/ERAj7ELPgN06DNIVQvWbCPl/+a4bghCk6Hh4Ov0lJg=; b=MMdvYB9wsh9dQtnukSPq3NS/OymXGX8dyDD89jSlAXCbq1+/cIPf2gI/6eGQXNvUED rjbdtY2fL5AcJyZyRW2oEcSdfw0cUSpIxTV9V2daAlQAVn2x++vgTdwZwShNp8JaV0dD 6Es7cFlniqxg7cn25IJZ1OVcBkjVFUOzljJ9JKXVpmczRYaomDt/T5P+4M9KXJYlwTNq dHPNNLWhPsPNRKPAWUmVkOqoNuOlhb7gLdKozLrwSXmqAwoNtTL7t03i3U4aGi8tmPZ2 GFDiFQ6uM5Skvof95ErtLD9U3D5f8RTb1WA9cfvyO8MoFCbfqc2C7jZj3DwOf+59BtgW WVtg==
Received: by 10.14.173.131 with SMTP id v3mr16898688eel.15.1347324327661; Mon, 10 Sep 2012 17:45:27 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.14.187.10 with HTTP; Mon, 10 Sep 2012 17:44:47 -0700 (PDT)
X-Originating-IP: [74.95.2.173]
In-Reply-To: <CABkgnnXAPZ5BN=CUwYdEpHKbCLBxctqpONL==QWf_WwgrNEK_A@mail.gmail.com>
References: <CABkgnnXAPZ5BN=CUwYdEpHKbCLBxctqpONL==QWf_WwgrNEK_A@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 10 Sep 2012 17:44:47 -0700
Message-ID: <CABcZeBNnoQwJu1MYSW=6q6pkrgXSPSUtVyOsngrPP6b8GaegdQ@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"
X-Gm-Message-State: ALoCoQnpUDRB1hU1e+olVZ4bDU6y9weWtftcFzL7zcGvJRYnrDCwJg48FR7hhqI3pNKMcfMZQcZi
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] What is consent?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2012 00:45:29 -0000

On Mon, Sep 10, 2012 at 5:30 PM, Martin Thomson
<martin.thomson@gmail.com> wrote:
> What specific properties of a STUN Binding request does the browser
> use to determine that the peer has consented to receive packets?
>
> From what I can infer, it's simply the existence of a response.  That
> is insufficient.
>
> -security says:
>    [...]  ICE provides this verification as
>    well, by using the STUN credentials as a form of per-session shared
>    secret.  Those credentials are known to the Web application, but
>    would need to also be known and used by the STUN-receiving element to
>    be useful.
>
> But that's not strictly correct.  The Binding response necessarily
> does not include MESSAGE-INTEGRITY, which is the critical tie to
> per-session credentials.

You lost me here.  RFC 5389 specifically requires that if the
client provided MESSAGE-INTEGRITY in the Binding Response
in S 10.1.2:

   If these checks pass, the agent continues to process the request or
   indication.  Any response generated by a server MUST include the
   MESSAGE-INTEGRITY attribute, computed using the password utilized to
   authenticate the request.  The response MUST NOT contain the USERNAME
   attribute.

And the client is required to check it in 10.1.3:

10.1.3.  Receiving a Response

   The client looks for the MESSAGE-INTEGRITY attribute in the response.
   If present, the client computes the message integrity over the
   response as defined in Section 15.4, using the same password it
   utilized for the request.  If the resulting value matches the
   contents of the MESSAGE-INTEGRITY attribute, the response is
   considered authenticated.  If the value does not match, or if
   MESSAGE-INTEGRITY was absent, the response MUST be discarded, as if
   it was never received.  This means that retransmits, if applicable,
   will continue.


-Ekr

v2.23.0 | Report a Bug | By Email