IETF Logo Mail Archive

[secdir] secdir review of draft-ietf-behave-turn-uri-03.txt

Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de> Mon, 19 October 2009 09:45 UTC

Return-Path: <j.schoenwaelder@jacobs-university.de>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3356028C132; Mon, 19 Oct 2009 02:45:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.636
X-Spam-Level:
X-Spam-Status: No, score=-0.636 tagged_above=-999 required=5 tests=[AWL=-0.246, BAYES_20=-0.74, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rl-ccnzgVC6A; Mon, 19 Oct 2009 02:45:58 -0700 (PDT)
Received: from hermes.jacobs-university.de (hermes.jacobs-university.de [212.201.44.23]) by core3.amsl.com (Postfix) with ESMTP id 332A73A67A3; Mon, 19 Oct 2009 02:45:58 -0700 (PDT)
Received: from localhost (demetrius1.jacobs-university.de [212.201.44.46]) by hermes.jacobs-university.de (Postfix) with ESMTP id AB117C0016; Mon, 19 Oct 2009 11:46:04 +0200 (CEST)
X-Virus-Scanned: amavisd-new at jacobs-university.de
Received: from hermes.jacobs-university.de ([212.201.44.23]) by localhost (demetrius1.jacobs-university.de [212.201.44.32]) (amavisd-new, port 10024) with ESMTP id eqVwz8k+v1hr; Mon, 19 Oct 2009 11:46:03 +0200 (CEST)
Received: from elstar.local (elstar.iuhb02.iu-bremen.de [10.50.231.133]) by hermes.jacobs-university.de (Postfix) with ESMTP id E9190C0014; Mon, 19 Oct 2009 11:46:03 +0200 (CEST)
Received: by elstar.local (Postfix, from userid 501) id 8484FD47A60; Mon, 19 Oct 2009 11:46:03 +0200 (CEST)
Date: Mon, 19 Oct 2009 11:46:03 +0200
From: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
To: petithug@acm.org
Message-ID: <20091019094603.GB4708@elstar.local>
Mail-Followup-To: petithug@acm.org, iesg@ietf.org, secdir@ietf.org
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: iesg@ietf.org, secdir@ietf.org
Subject: [secdir] secdir review of draft-ietf-behave-turn-uri-03.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Juergen Schoenwaelder <j.schoenwaelder@jacobs-university.de>
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Oct 2009 09:45:59 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

The document introduces the turn: and turns: URI schemes. The security
considerations point to the relevant documents, one of them being RFC
3958. Section 8 of RFC 3958 states that S-NAPTR application protocols
"should define some form of end-to-end authentication to ensure that
the correct destination has been reached." I think it would be useful
to spell how TURN meets this or whether there are reasons why TURN
does not need such a sanity check. (1-2 sentences should be enough.)

/js

-- 
Juergen Schoenwaelder           Jacobs University Bremen gGmbH
Phone: +49 421 200 3587         Campus Ring 1, 28759 Bremen, Germany
Fax:   +49 421 200 3103         <http://www.jacobs-university.de/>

v2.23.0 | Report a Bug | By Email