Re: [secdir] SecDir review of draft-ietf-tram-turn-server-discovery-08

"Tirumaleswar Reddy (tireddy)" <> Wed, 17 August 2016 09:29 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 55A3312D522; Wed, 17 Aug 2016 02:29:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -15.767
X-Spam-Status: No, score=-15.767 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.247, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id XfUpPnxcg1RX; Wed, 17 Aug 2016 02:29:24 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3ADF412D08C; Wed, 17 Aug 2016 02:29:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=19282; q=dns/txt; s=iport; t=1471426164; x=1472635764; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=QQY+/YlrrRnABro/PuzV3hqpML7STqaVX2xa8lh6vWc=; b=ZBYtLic7sVe/NyH89G3Z9t9816VXzbFD9P0X8WcPCf2fWRGUhvy/M7Jm QdgiqRl/dEPJ6L5dqEAytr5C8KoCRnQMX1NIDbOh6C7Phn4ubm/Y2m1gQ XOxSg6T0LR00sPGuLhATSFuFNctejMotFwRGpLnDTmEWWI2kU00JnB4DD w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.28,529,1464652800"; d="scan'208,217";a="311153782"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 17 Aug 2016 09:29:23 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id u7H9TN1g011972 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 17 Aug 2016 09:29:23 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 17 Aug 2016 04:29:22 -0500
Received: from ([]) by ([]) with mapi id 15.00.1210.000; Wed, 17 Aug 2016 04:29:22 -0500
From: "Tirumaleswar Reddy (tireddy)" <>
To: "Brian Weis (bew)" <>, "" <>, The IESG <>
Thread-Topic: SecDir review of draft-ietf-tram-turn-server-discovery-08
Thread-Index: AQHR9EQtsMc8iAoZw0eiSM9NE0uIMaBM6nUQ
Date: Wed, 17 Aug 2016 09:29:22 +0000
Message-ID: <>
References: <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_e67a4ec09e8b487dbb745c09e7a52767XCHRCD017ciscocom_"
MIME-Version: 1.0
Archived-At: <>
Cc: "" <>
Subject: Re: [secdir] SecDir review of draft-ietf-tram-turn-server-discovery-08
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 17 Aug 2016 09:29:26 -0000

Hi Brian,

Thanks for the review, reworded the paragraph as per your suggestion in the Security Considerations section.

Best Regards,
From: Brian Weis (bew)
Sent: Friday, August 12, 2016 8:20 AM
To:; The IESG <>
Subject: SecDir review of draft-ietf-tram-turn-server-discovery-08

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

I consider this draft to be Ready with nits.

TURN servers are used to connect devices running Peer-to-Peer applications, such as real-time communication. Typically these TURN servers are not under a local network’s administrative control (e.g., the enterprise or ISP hosting the communicating devices. This draft provides a server discovery method to a TURN server that is under the administrative control of the local network. There are some security and operational advantages to the use of a local TURN server, since the local service can tend to keep the real-time communication (or other application) messages from leaving the local network. This is useful. The methods for auto-discovering local TURN servers discussed in the document include DNS Service Resolution, DNS Service Discovery,  and Anycast.

The main security consideration of using using server discovery methods would seem to be ensuring that an authorized local STUN server has been reached. The Security Considerations section mentions STUN authentication as OPTIONAL for “TURN servers provided by the local network or by the access network”, but "it is RECOMMENDED that the TURN client use one of the following techniques with (D)TLS”. When (D)TLS is used, several mechanisms are described whereby the client can determine that a STUN server is authorized. The requirements language is a bit obscure, but the result is recommending that (D)TLS authentication and authorization is used, which is fine.

The Security Considerations section also recommends what a client ought to do when authenticated (D)TLS isn’t possible. The paragraph just before Section 9.1 contains good advice, but it could be clearer. For example the paragraph confuses privacy goals with the security goal of mitigating on-path injection of spoofed packets. I suggest rewording this paragraph with text something like this:

   In some auto-discovery scenarios, it might not be possible for the
   TURN client to use (D)TLS authentication to validate the TURN server.
   However, fall-back to clear text in such cases could leave the TURN
   client open to on-path injection of spoofed TURN messages.
   Instead, a TURN client SHOULD fall-back to encryption-only
   (D)TLS when (D)TLS authentication is not available. Another reason
   to fall-back to encryption-only is for privacy, which is
   analogous to SMTP opportunistic encryption
   [RFC7435]  where one does not require privacy but one desires privacy
   when possible.

   It is suggested that a TURN client attempt (D)TLS with
   authentication and encryption, falling back to encryption-only if the
   TURN server cannot be authenticated via (D)TLS.  The TURN server
   could fall back to clear text if it  does not support unauthenticated (D)TLS,
   but fallback to clear text is NOT RECOMMENDED because it makes
   the client more susceptible to man-in-the-middle attacks and on-path
   packet injection.

The Security Considerations in each of the sub-sections is good as written.