Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-13: (with DISCUSS and COMMENT)
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Sat, 11 April 2015 01:58 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBAA31A0045; Fri, 10 Apr 2015 18:58:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.19
X-Spam-Level:
X-Spam-Status: No, score=-6.19 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_DKIM_INVALID=0.01, T_HTML_ATTACH=0.01, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hk0Hi1yy9AYG; Fri, 10 Apr 2015 18:58:10 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 093B51A0033; Fri, 10 Apr 2015 18:58:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=322992; q=dns/txt; s=iport; t=1428717490; x=1429927090; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=/mGTgJybxM9YYpfi3zdmExpYv4gZqmMuQP4K3z0fzME=; b=fVeR9ULvJqfUDMd1IF3S3Wv2K4gpamu33eS8R7uxpYe/X0JZPNC1G5t4 /bRbuuGcBHQRwBP8dUss0f+lV/okYCRHxjLio7F+iBo0VY3whqvqbImst 5VFidu99foGzPHHKoqmv6hFt4qjoqHE0QRfNxKlKB013IcX35OdHmWh+D I=;
X-Files: Diff draft-ietf-tram-turn-third-party-authz-13.txt - draft-ietf-tram-turn-third-party-authz-14.txt.htm, draft-ietf-tram-turn-third-party-authz-14.txt : 181318, 50401
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BvCQCWfihV/4sNJK3JEopJAgIB
X-IronPort-AV: E=Sophos;i="5.11,559,1422921600"; d="htm'217?txt'217?scan'217,208,217";a="3115104"
Received: from alln-core-6.cisco.com ([173.36.13.139]) by rcdn-iport-8.cisco.com with ESMTP; 11 Apr 2015 01:58:09 +0000
Received: from xhc-rcd-x13.cisco.com (xhc-rcd-x13.cisco.com [173.37.183.87]) by alln-core-6.cisco.com (8.14.5/8.14.5) with ESMTP id t3B1w919008345 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Sat, 11 Apr 2015 01:58:09 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.175]) by xhc-rcd-x13.cisco.com ([173.37.183.87]) with mapi id 14.03.0195.001; Fri, 10 Apr 2015 20:58:08 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Brandon Williams <brandon.williams@akamai.com>
Thread-Topic: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-13: (with DISCUSS and COMMENT)
Thread-Index: AQHQc8XlvscJvCv8tEiY7AOvXxiXD51G/ZcAgAALUcA=
Date: Sat, 11 Apr 2015 01:58:08 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A411FFC5F@xmb-rcd-x10.cisco.com>
References: <20150410193813.20376.40907.idtracker@ietfa.amsl.com> <55282B4E.4000409@akamai.com>
In-Reply-To: <55282B4E.4000409@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.78.245]
Content-Type: multipart/mixed; boundary="_003_913383AAA69FF945B8F946018B75898A411FFC5Fxmbrcdx10ciscoc_"
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/5oCImqgj5w0BcCYUJCuQsJahQ84>
Cc: "rlb@ipv.sx" <rlb@ipv.sx>, "Salz, Rich" <rsalz@akamai.com>, "Stephen Farrell (stephen.farrell@cs.tcd.ie)" <stephen.farrell@cs.tcd.ie>, "tram@ietf.org" <tram@ietf.org>, "tram-chairs@ietf.org" <tram-chairs@ietf.org>
Subject: Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-13: (with DISCUSS and COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Apr 2015 01:58:19 -0000
Hi Brandon, Richard and we have already have discussed the comments further and resolved them, attached updated draft with diff. Main changes [1] Removed DKSPP [2] Removed non-AEAD algorithms; using AEAD modes AES-GCM and aead-aes-cbc [3] Updated the token format -Tiru > -----Original Message----- > From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Brandon Williams > Sent: Saturday, April 11, 2015 1:28 AM > Cc: Salz, Rich; tram@ietf.org; tram-chairs@ietf.org > Subject: Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third- > party-authz-13: (with DISCUSS and COMMENT) > > Hi all, > > I will try to touch base with Rich Salz re: Richard's crypto comments next > week in order to help drive getting his feedback. > > --Brandon > > On 04/10/2015 03:38 PM, Stephen Farrell wrote: > > Stephen Farrell has entered the following ballot position for > > draft-ietf-tram-turn-third-party-authz-13: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut > > this introductory paragraph, however.) > > > > > > Please refer to > > http://www.ietf.org/iesg/statement/discuss-criteria.html > > for more information about IESG DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > http://datatracker.ietf.org/doc/draft-ietf-tram-turn-third-party-authz > > / > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > > > Edited discuss ballot after chats around Dallas. > > > > (1) Please fix the crypto as per Richard's discuss. (I think the plan > > here is for Rich Salz to help with that, which I'm confident will work > > out ok.) > > > > (2) Please consider whether a signature based scheme that does not > > require pre-shared keys between the TURN and (in particular) WebRTC > > server could be useful to support. (Either in this document or > > elsewhere.) There should be use cases where that offers sufficient > > accountability for use of TURN and it ought allow some deployments > > that are less easy with this kind of pre-shared keys approach. The > > DISCUSS here is to check if the WG want to take that approach, either > > now or later. > > > > (3) I think the plan is to take out some of the options that are not > > needed so as make interop more likely. > > Please do so. (I think we discussed taking out the DKSPP stuff at > > least, but the more options we can get rid of, the better). > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > > > - COMMENTS below are unchanged since before Dallas. > > We can look over then as we go. > > > > - I really think this would benefit from some wider review and I don't > > think it's ready as-is. > > > > - I agree with Richard's discuss points. > > > > - intro: "impossible in web applications" isn't really true in > > principle, but impossible in WebRTC as it uses JS is true. > > > > - Assuming the AS that can authorize the user shares a secret with the > > STUN server chosen by the WebRTC server seems very brittle. Why would > > that be true in general? > > > > - 4.1.1: Hmmm. How many people use KeyProv I wonder? > > > > - 4.1.2 - which "two servers"? WebRTC can have more servers than that. > > > > - 4.1.2 - now we're using TLS mutual auth? And how does the TLS client > > know which CA to use that'll work with the TLS server here? I don't > > think that'll scale will it? > > > > - 4.1.3 - this looks like what the WG/authors really want, would that > > be a fair statement? > > > > - 9: Figure 2 should be way up at the top of the document and not here > > > > - 9: Why 5 seconds? > > > > > > _______________________________________________ > > tram mailing list > > tram@ietf.org > > https://www.ietf.org/mailman/listinfo/tram > > > > -- > Brandon Williams; Senior Principal Software Engineer Emerging Products > Engineering; Akamai Technologies Inc. > > -- > Brandon Williams; Senior Principal Software Engineer Emerging Products > Engineering; Akamai Technologies Inc. > > _______________________________________________ > tram mailing list > tram@ietf.org > https://www.ietf.org/mailman/listinfo/tram
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Brandon Williams
- [tram] Stephen Farrell's Discuss on draft-ietf-tr… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Oleg Moskalenko
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Oleg Moskalenko
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Salz, Rich
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Martin Thomson
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Oleg Moskalenko
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Oleg Moskalenko
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Brandon Williams
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Brandon Williams
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Martin Thomson
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Oleg Moskalenko
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Martin Thomson
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Oleg Moskalenko
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Martin Thomson
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Oleg Moskalenko
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Brandon Williams
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Brandon Williams
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Brandon Williams
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Salz, Rich
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Salz, Rich
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Salz, Rich
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Spencer Dawkins at IETF
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Spencer Dawkins at IETF
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Tirumaleswar Reddy (tireddy)
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Salz, Rich