IETF Logo Mail Archive

[secdir] End of Last Call for draft-ietf-behave-turn-uri

Marc Petit-Huguenin <petithug@acm.org> Mon, 09 November 2009 18:29 UTC

Return-Path: <petithug@acm.org>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 520AB3A6852; Mon, 9 Nov 2009 10:29:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.967
X-Spam-Level:
X-Spam-Status: No, score=-101.967 tagged_above=-999 required=5 tests=[AWL=0.298, BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4ASldFbDAWMZ; Mon, 9 Nov 2009 10:29:27 -0800 (PST)
Received: from server.implementers.org (server.implementers.org [69.55.225.91]) by core3.amsl.com (Postfix) with ESMTP id D9E643A6774; Mon, 9 Nov 2009 10:29:27 -0800 (PST)
Received: by server.implementers.org (Postfix, from userid 1001) id 57F9ADBCC0D0; Mon, 9 Nov 2009 18:29:53 +0000 (UTC)
Received: from [192.168.2.3] (server.implementers.org [127.0.0.1]) by server.implementers.org (Postfix) with ESMTPA id 86553DBCC0CE; Mon, 9 Nov 2009 18:29:52 +0000 (UTC)
Message-ID: <4AF85F9F.4060407@acm.org>
Date: Mon, 09 Nov 2009 10:29:51 -0800
From: Marc Petit-Huguenin <petithug@acm.org>
User-Agent: Mozilla-Thunderbird 2.0.0.22 (X11/20090701)
MIME-Version: 1.0
To: "behave@ietf.org" <behave@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Mon, 09 Nov 2009 14:43:08 -0800
Cc: ops-dir@ietf.org, uri-review@ietf.org, "secdir@ietf.org" <secdir@ietf.org>
Subject: [secdir] End of Last Call for draft-ietf-behave-turn-uri
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2009 18:29:29 -0000

I just released a new version of this I-D incorporating all the modifications
requested during Last Call:

http://tools.ietf.org/rfcdiff?url2=draft-ietf-behave-turn-uri-04


There was only one major modification in this new version, which is the
filtering of the list of preferred TURN transport when the scheme is "turns", to
prevent the use an UDP or TCP transport in this case.  The reference
implementation was updated to reflect this and is available here:

http://ietf.implementers.org/turn-uri-0.2.zip


I made some proposals during the discussion that were never acknowledged, so
here the list of them, this the modification made in the new version of the I-D:

- Ted Hardie found confusing to reuse elements from the hierarchical URI syntax
when the URI is opaque.  No more guidance was provided[1], so I just added a
sentence explaining this.

- In the same thread, Ted Hardie pointed out that the text didn't explained
clearly that the list of preferred transports was not an input for the TURN
parser but for the resolution algorithm.  The I-D was modified as proposed[1].

- Following the secdir review, Pasi Eronen requested some additional text to
deal with TLS.  The I-D was modified as proposed[2].

- Following the security bug discovered by Margaret Wasserman, I started a
discussion[3] on the BEHAVE mailing-list asking if it was OK to be able to use a
TLS transport even if a "turn:" scheme was used.  There was no subsequent
discussion on this, so the I-D now prevents to use a UDP or TCP transport if a
"turns:" scheme is used, but does not prevent using a TLS transport if a "turn:"
scheme is used.

- Following the ops-dir review by Margaret Wasserman, I started a discussion[4]
on the BEHAVE mailing-list for opinions on the implicit processing in the I-D.
There was no subsequent discussion on this, so the implicit processing was not
modified in the I-D.

- The last iteration of the modifications[5] for the algorithms steps were
integrated in the I-D.


Here's the full changelog:

   o  Improved the algorithm steps.
   o  It is possible to use a TLS transport event if the scheme is
      turn:.
   o  Clarified when to stop the resolution with an error in step 2.
   o  Added transport list filtering process.
   o  Improved security section following sec-dir review.
   o  Fixed nits reported by gen-art review.
   o  Added example for remote hosting.
   o  Removed URIs section.
   o  Editorial modification.


Many thanks to all the reviewers.


[1] http://www.ietf.org/ibin/c5i?mid=6&rid=49&gid=0&k1=933&k2=49076&tid=1257785026
[2] http://www.ietf.org/mail-archive/web/secdir/current/msg01205.html
[3] http://www.ietf.org/mail-archive/web/behave/current/msg07289.html
[4] http://www.ietf.org/mail-archive/web/behave/current/msg07292.html
[5] http://www.ietf.org/mail-archive/web/behave/current/msg07314.html

-- 
Marc Petit-Huguenin
Personal email: marc@petit-huguenin.org
Professional email: petithug@acm.org
Blog: http://blog.marc.petit-huguenin.org

v2.23.0 | Report a Bug | By Email