Re: [tram] WGLC draft-ietf-tram-stunbis-12
"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Wed, 17 May 2017 11:11 UTC
Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 87947129789 for <tram@ietfa.amsl.com>; Wed, 17 May 2017 04:11:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.222
X-Spam-Level:
X-Spam-Status: No, score=-4.222 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uwR5ruGwbsgg for <tram@ietfa.amsl.com>; Wed, 17 May 2017 04:11:12 -0700 (PDT)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 954D9129564 for <tram@ietf.org>; Wed, 17 May 2017 04:06:39 -0700 (PDT)
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp id 41f0_8f3c_9c26e243_53c9_4b1f_a7a2_eebf54b62e5e; Wed, 17 May 2017 06:06:38 -0500
Received: from DNVEXUSR1N09.corpzone.internalzone.com (10.44.48.82) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 17 May 2017 05:06:37 -0600
Received: from DNVEXUSR1N08.corpzone.internalzone.com (10.44.48.81) by DNVEXUSR1N09.corpzone.internalzone.com (10.44.48.82) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 17 May 2017 05:06:35 -0600
Received: from DNVO365EDGE2.corpzone.internalzone.com (10.44.176.74) by DNVEXUSR1N08.corpzone.internalzone.com (10.44.48.81) with Microsoft SMTP Server (TLS) id 15.0.1263.5 via Frontend Transport; Wed, 17 May 2017 05:06:35 -0600
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (10.44.176.243) by edge.mcafee.com (10.44.176.74) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 17 May 2017 05:06:35 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.onmicrosoft.com; s=selector1-mcafee-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=C1fbZGqT9AJGxO5ZgXNK4SRvUsGWNlSnnP7Mgo5iYWI=; b=u/jO92mFaYsI+Tkt7olt9iG6LxZ+yQ5A5yDUGIToQrfusNKXHpMdTnguuea42HRJGD4fHYkr9QSPq9z54oxY3CerXI+CGt+333Yb2JPzvxOmDRdT2pFOSSWiHnnu/XH2G41tgGfG5ElvEafE11Llnv+2ROlnU7ggYSia5KLEn7g=
Received: from MWHPR16MB1614.namprd16.prod.outlook.com (10.175.5.144) by MWHPR16MB1616.namprd16.prod.outlook.com (10.175.5.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.16; Wed, 17 May 2017 11:06:34 +0000
Received: from MWHPR16MB1614.namprd16.prod.outlook.com ([10.175.5.144]) by MWHPR16MB1614.namprd16.prod.outlook.com ([10.175.5.144]) with mapi id 15.01.1084.025; Wed, 17 May 2017 11:06:34 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: Brandon Williams <brandon.williams@akamai.com>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: [tram] WGLC draft-ietf-tram-stunbis-12
Thread-Index: AQHSzPtah9Xr6y5D4EiFrJlIiXED0KH4XBdw
Date: Wed, 17 May 2017 11:06:34 +0000
Message-ID: <MWHPR16MB1614D5E350167C6D3E8EB7BDEAE70@MWHPR16MB1614.namprd16.prod.outlook.com>
References: <aaca5191-1ee5-ef99-dd2e-5ee9c1dbd64a@jive.com> <d10acf37-0544-aa21-a068-34222116f2ba@akamai.com>
In-Reply-To: <d10acf37-0544-aa21-a068-34222116f2ba@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: akamai.com; dkim=none (message not signed) header.d=none;akamai.com; dmarc=none action=none header.from=McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR16MB1616; 7:txOewOcO44LJeTYo53IOBIH/B62R/g3s9uMfuutCpDIbKw6LAwDzl+j5KdH/yqi74oVhZb7ocuDu8SBrJ5phkjz1q1/ziKayI/ntBQ97A0pZGeV59NtIVgjb/lAHg87F3QIzs3Lj4SqraaINoCG5aXThi5Q/5x48HdjimNPLLh9VPgUL4VeBu744YomxlYlVbKw++JI/BD2OJ9SDcYnbPDb35+4QyByrLnLjmiejGf4toyiVlC4tXJHIoc9EEyip6K44mOhTxbRbnlOB6BnfBwkxtQw9+Gzdg8D0Bf+G5mC1Y+uZgCHEq32PDeU9+n7Ius+Rh/XtGSiVh4VAB/kRlA==
x-ms-office365-filtering-correlation-id: 5d26692f-b0c7-48f0-ae04-08d49d14c7d6
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:MWHPR16MB1616;
x-microsoft-antispam-prvs: <MWHPR16MB161694A9B646254D85D48A57EAE70@MWHPR16MB1616.namprd16.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(6041248)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123558100)(20161123562025)(20161123560025)(6072148); SRVR:MWHPR16MB1616; BCL:0; PCL:0; RULEID:; SRVR:MWHPR16MB1616;
x-forefront-prvs: 0310C78181
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(39450400003)(39400400002)(39840400002)(39850400002)(39410400002)(13464003)(24454002)(377454003)(32952001)(478600001)(2906002)(3846002)(189998001)(102836003)(6116002)(76176999)(3280700002)(25786009)(53546009)(80792005)(966005)(2501003)(72206003)(54356999)(50986999)(38730400002)(53936002)(229853002)(6246003)(3660700001)(77096006)(6436002)(7696004)(6506006)(8936002)(5660300001)(8676002)(74316002)(305945005)(7736002)(81166006)(86362001)(6306002)(9686003)(230783001)(122556002)(66066001)(55016002)(2900100001)(2950100002)(551544002)(99286003)(33656002)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR16MB1616; H:MWHPR16MB1614.namprd16.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 May 2017 11:06:34.0982 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR16MB1616
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0
X-NAI-Spam-Version: 2.3.0.9418 : core <6026> : inlines <5873> : streams <1745877> : uri <2428109>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/0cL3vMJlJG57qOm2_Or1WvDjHG0>
Subject: Re: [tram] WGLC draft-ietf-tram-stunbis-12
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 May 2017 11:11:13 -0000
I think https://tools.ietf.org/html/draft-ietf-tram-stunbis-12#section-9.2.1 needs more discussion, a man-in-the-middle attacker can also change the "nonce cookie" forcing the client to pick a weaker password algorithm. (D)TLS is required to prevent the MITM attack (just like (D)TLS is required to prevent the downgrade attack to MESSAGE-INTEGRITY). -Tiru -----Original Message----- From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Brandon Williams Sent: Monday, May 15, 2017 3:11 AM To: tram@ietf.org Subject: Re: [tram] WGLC draft-ietf-tram-stunbis-12 FWIW ... I reviewed the changes in the latest draft. They appear to cover what we discussed in Chicago. I agree with the authors that the outstanding issues have been addressed. --Brandon On 05/01/2017 08:21 AM, Simon Perreault wrote: > TRAMsters, > > This email initiates a two-week working-group last call on this draft: > > https://datatracker.ietf.org/doc/draft-ietf-tram-stunbis/ > > Please read it now. Substantial comments should be addressed to the > group. Nits should be sent directly to the authors. > > Thanks, > Simon & Gonzalo > > _______________________________________________ > tram mailing list > tram@ietf.org > https://www.ietf.org/mailman/listinfo/tram > _______________________________________________ tram mailing list tram@ietf.org https://www.ietf.org/mailman/listinfo/tram
- [tram] WGLC draft-ietf-tram-stunbis-12 Simon Perreault
- Re: [tram] WGLC draft-ietf-tram-stunbis-12 Brandon Williams
- Re: [tram] WGLC draft-ietf-tram-stunbis-12 Simon Perreault
- Re: [tram] WGLC draft-ietf-tram-stunbis-12 Konda, Tirumaleswar Reddy
- Re: [tram] WGLC draft-ietf-tram-stunbis-12 Brandon Williams
- Re: [tram] WGLC draft-ietf-tram-stunbis-12 Konda, Tirumaleswar Reddy