IETF Logo Mail Archive

Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-13: (with DISCUSS and COMMENT)

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Sat, 11 April 2015 01:58 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBAA31A0045; Fri, 10 Apr 2015 18:58:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.19
X-Spam-Level:
X-Spam-Status: No, score=-6.19 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, T_HTML_ATTACH=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hk0Hi1yy9AYG; Fri, 10 Apr 2015 18:58:10 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 093B51A0033; Fri, 10 Apr 2015 18:58:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=322992; q=dns/txt; s=iport; t=1428717490; x=1429927090; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=/mGTgJybxM9YYpfi3zdmExpYv4gZqmMuQP4K3z0fzME=; b=fVeR9ULvJqfUDMd1IF3S3Wv2K4gpamu33eS8R7uxpYe/X0JZPNC1G5t4 /bRbuuGcBHQRwBP8dUss0f+lV/okYCRHxjLio7F+iBo0VY3whqvqbImst 5VFidu99foGzPHHKoqmv6hFt4qjoqHE0QRfNxKlKB013IcX35OdHmWh+D I=;
X-Files: Diff draft-ietf-tram-turn-third-party-authz-13.txt - draft-ietf-tram-turn-third-party-authz-14.txt.htm, draft-ietf-tram-turn-third-party-authz-14.txt : 181318, 50401
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BvCQCWfihV/4sNJK3JEopJAgIB
X-IronPort-AV: E=Sophos;i="5.11,559,1422921600"; d="htm'217?txt'217?scan'217,208,217";a="3115104"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-8.cisco.com with ESMTP; 11 Apr 2015 01:58:09 +0000
Received: from xhc-rcd-x13.cisco.com (xhc-rcd-x13.cisco.com [173.37.183.87]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id t3B1w919008345 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sat, 11 Apr 2015 01:58:09 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.175]) by xhc-rcd-x13.cisco.com ([173.37.183.87]) with mapi id 14.03.0195.001; Fri, 10 Apr 2015 20:58:08 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Brandon Williams <brandon.williams@akamai.com>
Thread-Topic: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-13: (with DISCUSS and COMMENT)
Thread-Index: AQHQc8XlvscJvCv8tEiY7AOvXxiXD51G/ZcAgAALUcA=
Date: Sat, 11 Apr 2015 01:58:08 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A411FFC5F@xmb-rcd-x10.cisco.com>
References: <20150410193813.20376.40907.idtracker@ietfa.amsl.com> <55282B4E.4000409@akamai.com>
In-Reply-To: <55282B4E.4000409@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.78.245]
Content-Type: multipart/mixed; boundary="_003_913383AAA69FF945B8F946018B75898A411FFC5Fxmbrcdx10ciscoc_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/5oCImqgj5w0BcCYUJCuQsJahQ84>
Cc: "rlb@ipv.sx" <rlb@ipv.sx>, "Salz, Rich" <rsalz@akamai.com>, "Stephen Farrell (stephen.farrell@cs.tcd.ie)" <stephen.farrell@cs.tcd.ie>, "tram@ietf.org" <tram@ietf.org>, "tram-chairs@ietf.org" <tram-chairs@ietf.org>
Subject: Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-13: (with DISCUSS and COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2015 01:58:19 -0000

Hi Brandon,

Richard and we have already have discussed the comments further and resolved them, attached updated draft with diff.
Main changes

[1] Removed DKSPP
[2] Removed non-AEAD algorithms; using AEAD modes AES-GCM and aead-aes-cbc
[3] Updated the token format

-Tiru

> -----Original Message-----
> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Brandon Williams
> Sent: Saturday, April 11, 2015 1:28 AM
> Cc: Salz, Rich; tram@ietf.org; tram-chairs@ietf.org
> Subject: Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-
> party-authz-13: (with DISCUSS and COMMENT)
> 
> Hi all,
> 
> I will try to touch base with Rich Salz re: Richard's crypto comments next
> week in order to help drive getting his feedback.
> 
> --Brandon
> 
> On 04/10/2015 03:38 PM, Stephen Farrell wrote:
> > Stephen Farrell has entered the following ballot position for
> > draft-ietf-tram-turn-third-party-authz-13: Discuss
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut
> > this introductory paragraph, however.)
> >
> >
> > Please refer to
> > http://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > http://datatracker.ietf.org/doc/draft-ietf-tram-turn-third-party-authz
> > /
> >
> >
> >
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> >
> > Edited discuss ballot after chats around Dallas.
> >
> > (1) Please fix the crypto as per Richard's discuss. (I think the plan
> > here is for Rich Salz to help with that, which I'm confident will work
> > out ok.)
> >
> > (2) Please consider whether a signature based scheme that does not
> > require pre-shared keys between the TURN and (in particular) WebRTC
> > server could be useful to support. (Either in this document or
> > elsewhere.) There should be use cases where that offers sufficient
> > accountability for use of TURN and it ought allow some deployments
> > that are less easy with this kind of pre-shared keys approach. The
> > DISCUSS here is to check if the WG want to take that approach, either
> > now or later.
> >
> > (3) I think the plan is to take out some of the options that are not
> > needed so as make interop more likely.
> > Please do so. (I think we discussed taking out the DKSPP stuff at
> > least, but the more options we can get rid of, the better).
> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> >
> > - COMMENTS below are unchanged since before Dallas.
> > We can look over then as we go.
> >
> > - I really think this would benefit from some wider review and I don't
> > think it's ready as-is.
> >
> > - I agree with Richard's discuss points.
> >
> > - intro: "impossible in web applications" isn't really true in
> > principle, but impossible in WebRTC as it uses JS is true.
> >
> > - Assuming the AS that can authorize the user shares a secret with the
> > STUN server chosen by the WebRTC server seems very brittle. Why would
> > that be true in general?
> >
> > - 4.1.1: Hmmm. How many people use KeyProv I wonder?
> >
> > - 4.1.2 - which "two servers"? WebRTC can have more servers than that.
> >
> > - 4.1.2 - now we're using TLS mutual auth? And how does the TLS client
> > know which CA to use that'll work with the TLS server here? I don't
> > think that'll scale will it?
> >
> > - 4.1.3 - this looks like what the WG/authors really want, would that
> > be a fair statement?
> >
> > - 9: Figure 2 should be way up at the top of the document and not here
> >
> > - 9: Why 5 seconds?
> >
> >
> > _______________________________________________
> > tram mailing list
> > tram@ietf.org
> > https://www.ietf.org/mailman/listinfo/tram
> >
> 
> --
> Brandon Williams; Senior Principal Software Engineer Emerging Products
> Engineering; Akamai Technologies Inc.
> 
> --
> Brandon Williams; Senior Principal Software Engineer Emerging Products
> Engineering; Akamai Technologies Inc.
> 
> _______________________________________________
> tram mailing list
> tram@ietf.org
> https://www.ietf.org/mailman/listinfo/tram

v2.23.0 | Report a Bug | By Email