Re: [tram] Fwd: New Version Notification for draft-johnston-tram-stun-origin-03.txt
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Mon, 30 June 2014 18:13 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE19A1A0444 for <tram@ietfa.amsl.com>; Mon, 30 Jun 2014 11:13:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.151
X-Spam-Level:
X-Spam-Status: No, score=-15.151 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.651, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KTcZO8tC2KDK for <tram@ietfa.amsl.com>; Mon, 30 Jun 2014 11:13:54 -0700 (PDT)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8266F1A0428 for <tram@ietf.org>; Mon, 30 Jun 2014 11:13:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=22650; q=dns/txt; s=iport; t=1404152030; x=1405361630; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=5KBtLUCWBbDY/DN8QABqQT6TMD12f4my3/nJNoeuSYA=; b=eQ0YgcDEZxJLa0Cc38v2bDNv663ylw4gUvT6GVnRtntolyqOEI+6Qjtv UoSbKcq3Nk0VFUI2hlRtcCQDzjs+gPn3cT3RBZ+HMQvWSIG7n0XZU17PM tjrCeRtZT9Nimn47zRLRGI9q7kz4jDYOQBysZfnjEtVlN+OOAsldWy7JM w=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhMOAJCnsVOtJA2M/2dsb2JhbABagkZHUlMHgm6oLAEBAQEBAQUBbgGQMYkVARl5FnWEAwEBAQQjCkEJEgIBCBEDAQEBCx0DAgICHxEUCQgCBAESCAGIJQMRCAWrVJViDYZSF4VkhnyBUCYPBwoNCgEGgnE2gRYFhWKSfoNEjCWGEoIAgUJsgQNB
X-IronPort-AV: E=Sophos; i="5.01,576,1400025600"; d="scan'208,217"; a="57187198"
Received: from alln-core-7.cisco.com ([173.36.13.140]) by alln-iport-6.cisco.com with ESMTP; 30 Jun 2014 18:13:49 +0000
Received: from xhc-aln-x02.cisco.com (xhc-aln-x02.cisco.com [173.36.12.76]) by alln-core-7.cisco.com (8.14.5/8.14.5) with ESMTP id s5UIDnxb010273 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 30 Jun 2014 18:13:49 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.102]) by xhc-aln-x02.cisco.com ([173.36.12.76]) with mapi id 14.03.0123.003; Mon, 30 Jun 2014 13:13:49 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Alan Johnston <alan.b.johnston@gmail.com>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: [tram] Fwd: New Version Notification for draft-johnston-tram-stun-origin-03.txt
Thread-Index: AQHPkvMYW5mQAuZhekOtlhou66HbqZuJ8/1g
Date: Mon, 30 Jun 2014 18:13:48 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A282E82BC@xmb-rcd-x10.cisco.com>
References: <20140628165007.32702.46107.idtracker@ietfa.amsl.com> <CAKhHsXGc_SGo1MSNXJvNL8wt51G8Hs4yOyVt6vh83RKiHpoO1Q@mail.gmail.com>
In-Reply-To: <CAKhHsXGc_SGo1MSNXJvNL8wt51G8Hs4yOyVt6vh83RKiHpoO1Q@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.70.52]
Content-Type: multipart/alternative; boundary="_000_913383AAA69FF945B8F946018B75898A282E82BCxmbrcdx10ciscoc_"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/tram/12QMhtjxCMw60hqGowTbISzXsIQ
Subject: Re: [tram] Fwd: New Version Notification for draft-johnston-tram-stun-origin-03.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jun 2014 18:14:00 -0000
Hi Alan, My comments: [1] Security Considerations: Comment> You may want to add that If (D)TLS is used then STURN ORIGIN attribute cannot be modified by an intermediary. [2] This information is often available in other messages sent by the browser, such as DNS or HTTP requests. Comment> Yes, but all these problems will most likely be addressed in future. DNSOP WG is discussing various mechanisms for DNS privacy like DNS over (D)TLS and HTTP/2.0 mandates TLS. New TLS extensions are discussed in TLS WG to encrypt TLS handshake for privacy reasons [3] Section 2.4 ICE usage Comment> You may also say that for consent checks (http://tools.ietf.org/html/draft-ietf-rtcweb-stun-consent-freshness-04), STUN ORIGIN attribute is not required. [4] 2.4. ICE Usage Comment> Any specific reason to say "NOT RECOMMENDED" ? why not say "MUST NOT use ORIGIN attribute" ? [5] Senders MAY include multiple ORIGIN attributes in a request, and receivers MUST support parsing and receiving multiple ORIGIN attributes. Comment> If path MTU is unknown then STUN messages over IPv4 would need to be less than 548 bytes (Section 7.1 of [RFC5389]). Sender must use this length restriction to limit the number of ORIGIN attributes in the STUN request. [6] STUN defines three authentication modes, depending on the STUN usage. Comment> There are only two authentication modes ! [7] Suggest to split Introduction, have a separate section to discuss the problem. [8] In addition to explicitly provisioning the realm value in the java script the other problem is exposing the user credentials to the JavaScript. http://tools.ietf.org/html/draft-reddy-tram-turn-third-party-authz-02 addresses this problem. Thanks and Regards, -Tiru From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Alan Johnston Sent: Saturday, June 28, 2014 10:35 PM To: tram@ietf.org Subject: [tram] Fwd: New Version Notification for draft-johnston-tram-stun-origin-03.txt All, We have updated the STUN Origin draft. The major changes relate to: 1. Adding sections on media keep-alive and SIP keep-alive usages 2. Adding a section on multiple origins 3. Adding a section on Implementation Status about the open source implementations of the browser and STUN/TURN server that support the ORIGIN attribute 4. Clarified integrity protection of the attribute in the Security Considerations section. These changes are based on all recent reviews and mailing list comments. As always, comments are most welcome! - Alan - ---------- Forwarded message ---------- From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>> Date: Sat, Jun 28, 2014 at 11:50 AM Subject: New Version Notification for draft-johnston-tram-stun-origin-03.txt To: Kundan Singh <kundan10@gmail.com<mailto:kundan10@gmail.com>>, Alan Johnston <alan.b.johnston@gmail.com<mailto:alan.b.johnston@gmail.com>>, John Yoakum <yoakum@avaya.com<mailto:yoakum@avaya.com>>, Justin Uberti <justin@uberti.name<mailto:justin@uberti.name>> A new version of I-D, draft-johnston-tram-stun-origin-03.txt has been successfully submitted by Alan Johnston and posted to the IETF repository. Name: draft-johnston-tram-stun-origin Revision: 03 Title: An Origin Attribute for the STUN Protocol Document date: 2014-06-28 Group: Individual Submission Pages: 13 URL: http://www.ietf.org/internet-drafts/draft-johnston-tram-stun-origin-03.txt Status: https://datatracker.ietf.org/doc/draft-johnston-tram-stun-origin/ Htmlized: http://tools.ietf.org/html/draft-johnston-tram-stun-origin-03 Diff: http://www.ietf.org/rfcdiff?url2=draft-johnston-tram-stun-origin-03 Abstract: STUN, or Session Traversal Utilities for NAT, is a protocol used to assist other protocols traverse Network Address Translators or NATs. STUN, and STUN extensions such as TURN, or Traversal Using Relays around NAT, and ICE, Interactive Communications Establishment, have been around for many years but with WebRTC, Web Real-Time Communications, STUN and related extensions are about to see major deployments and implementation due to these protocols being implemented in browsers. This specification defines an ORIGIN attribute for STUN that can be used in similar ways to the HTTP header field of the same name. WebRTC browsers utilizing STUN and TURN would include this attribute which would provide servers with additional information about the STUN and TURN requests they receive. This specification defines the usage of the STUN ORIGIN attribute for web and SIP contexts. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org<http://tools.ietf.org>. The IETF Secretariat
- [tram] Fwd: New Version Notification for draft-jo… Alan Johnston
- Re: [tram] Fwd: New Version Notification for draf… Martin Thomson
- Re: [tram] Fwd: New Version Notification for draf… Tirumaleswar Reddy (tireddy)
- Re: [tram] Fwd: New Version Notification for draf… Alan Johnston
- Re: [tram] Fwd: New Version Notification for draf… Alan Johnston
- Re: [tram] Fwd: New Version Notification for draf… Martin Thomson