IETF Logo Mail Archive

Re: [tram] New Version Notification - draft-ietf-tram-turn-third-party-authz-13.txt

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Wed, 11 March 2015 04:39 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CE7F1A01D5; Tue, 10 Mar 2015 21:39:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RXLFA7DkVHJ8; Tue, 10 Mar 2015 21:39:22 -0700 (PDT)
Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EF531A008F; Tue, 10 Mar 2015 21:39:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=6870; q=dns/txt; s=iport; t=1426048761; x=1427258361; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=NWqEZyqEUUYdIX0oA6tNSqW1Hd5Kb0fs9kIDtxSME4o=; b=WXPI2Wxc8JY5GQRB/AaCIkz9ESAWSmpY3rFasOF8X++s7/mi/vyqruqI KXUv2ae7sg8o1WIeTHFZD9kc1+bZpM1bJcDN3b+5MSiISEOFK3RYzh7xH 7Lazq1fza6Q7VXgtqM8yTpvBzQCDD/5nwJ3hOcpZ6JXrEhSJ7H+ow5aiM c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0DECQC3xv9U/5JdJa1cgwNSVQUEgwa9dYI5hW4CHIEXTQEBAQEBAXyEDwEBAQQjEUMOBAIBCBEEAQEBAgIGHQMCAgIfERQBCAgBAQQBEggBiBIDEQgFqyyVeg2FKAEBAQEBAQEBAQEBAQEBAQEBAQEBAReBIYl2gkSBeRYiBoJiL4EWBYYAihmDZ4QqgmQ5gm+JIYJRg0MjggIcgVBvAYFDfwEBAQ
X-IronPort-AV: E=Sophos;i="5.11,379,1422921600"; d="scan'208";a="130850788"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-7.cisco.com with ESMTP; 11 Mar 2015 04:39:13 +0000
Received: from xhc-aln-x01.cisco.com (xhc-aln-x01.cisco.com [173.36.12.75]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id t2B4dDDe028042 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 11 Mar 2015 04:39:13 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.156]) by xhc-aln-x01.cisco.com ([173.36.12.75]) with mapi id 14.03.0195.001; Tue, 10 Mar 2015 23:39:12 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>, "tram-chairs@ietf.org" <tram-chairs@ietf.org>, "tram@ietf.org" <tram@ietf.org>, "draft-ietf-tram-turn-third-party-authz@ietf.org" <draft-ietf-tram-turn-third-party-authz@ietf.org>, "draft-ietf-tram-turn-third-party-authz.ad@ietf.org" <draft-ietf-tram-turn-third-party-authz.ad@ietf.org>, "draft-ietf-tram-turn-third-party-authz.shepherd@ietf.org" <draft-ietf-tram-turn-third-party-authz.shepherd@ietf.org>, "spencerdawkins.ietf@gmail.com" <spencerdawkins.ietf@gmail.com>, "rlb@ipv.sx" <rlb@ipv.sx>, "stephen.farrell@cs.tcd.ie" <stephen.farrell@cs.tcd.ie>, "The IESG (iesg@ietf.org)" <iesg@ietf.org>
Thread-Topic: New Version Notification - draft-ietf-tram-turn-third-party-authz-13.txt
Thread-Index: AdBTBA4y4KcyM1WqQy+n0K4q1vICBAFKQmeAAOHNCsA=
Date: Wed, 11 Mar 2015 04:39:11 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A366B3375@xmb-rcd-x10.cisco.com>
References: <913383AAA69FF945B8F946018B75898A366AA244@xmb-rcd-x10.cisco.com> <54F98585.7070203@ericsson.com>
In-Reply-To: <54F98585.7070203@ericsson.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.77.198]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/8F9PbrxhcAynvclhd0cEfQv-SuM>
X-Mailman-Approved-At: Wed, 11 Mar 2015 00:40:04 -0700
Subject: Re: [tram] New Version Notification - draft-ietf-tram-turn-third-party-authz-13.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Mar 2015 04:39:24 -0000

Hi Richard,

Resending our responses to discussion points, Please have a look.

Let's talk about Section 6.2 and custom crypto.

(1) You have tried to invent your own authenticated encryption, and fallen into the trap of Encrypt-Then-MAC [0]. 

[TR] No, the authenticated encryption algorithms are already covered in http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40#section-5.1.

(EDIT: Actually, it's MAC-then-Encrypt that's bad.  See why you should just use AEAD?)  Please use a real AEAD mode, such as AES-GCM [1].  That will also remove the need for padding, which is fraught with peril as well [2].

[TR] Padding attack as discussed in [2] is prevented by appending HMAC to the cipher-text. The encrypted_block in the token is integrity protected using HMAC.

(2) It's a bad idea to hard-wire cryptographic algorithms into protocols, because they inevitably go bad [3].  

[TR] The cryptographic algorithms are not hard-coded, they can be negotiated b/w the STUN server and Authorization server using the mechanisms in 
Section 4.1.1; 4.1.2 allows Authorization server to convey any algorithm of choice; 4.1.3 allows any number of algorithms to be configured on the STUN server and authorization server, the algorithm picked by the authorization server is determined by the STUN server using the kid conveyed in the STUN request.

(STUN itself is an anti-pattern here.)  Please add an algorithm indicator to the top of your token structure.  You don't need to create a registry now, since you've only got one value.

That gives you something like the following, much simpler structure:

struct {
  uint8_t algorithm;
  uint16_t length;
  opaque encrypted_block[length];
}

struct {
  uint16_t key_length;
  opaque mac_key[key_length];
  uint64_t timestamp;
  uint32_t lifetime;
}

It also means that you can simplify the key management routines in Section 4.1, since you only need one key.

(3) Section 5 should be more clear about how this mechanism changes STUN processing.  Namely, it adds a third parallel method of computing the message integrity value, which the server MUST use if an ACCESS-TOKEN attribute is present.  

[TR] The client is unaware of the technique used to encrypt and integrity protect the self-contained token. It just uses the mac_key provided by the authorization server to compute the message integrity of the STUN request.

Cheers,
-Tiru

[0] https://eprint.iacr.org/2001/045
[1] http://tools.ietf.org/html/rfc5116
[2] http://en.wikipedia.org/wiki/Padding_oracle_attack
[3] https://tools.ietf.org/html/draft-housley-crypto-alg-agility-00

> -----Original Message-----
> From: Gonzalo Camarillo [mailto:Gonzalo.Camarillo@ericsson.com]
> Sent: Friday, March 06, 2015 4:16 PM
> To: Tirumaleswar Reddy (tireddy); tram-chairs@ietf.org; tram@ietf.org; draft-
> ietf-tram-turn-third-party-authz@ietf.org; draft-ietf-tram-turn-third-party-
> authz.ad@ietf.org; draft-ietf-tram-turn-third-party-authz.shepherd@ietf.org;
> spencerdawkins.ietf@gmail.com; rlb@ipv.sx; stephen.farrell@cs.tcd.ie
> Subject: Re: New Version Notification - draft-ietf-tram-turn-third-party-authz-
> 13.txt
> 
> Stephen, Richard,
> 
> you have discusses on this draft:
> 
> https://datatracker.ietf.org/doc/draft-ietf-tram-turn-third-party-authz/ballot/
> 
> Could you please look at the new revision Tiru has put together and let him know
> if you are happy with it?
> 
> Thanks,
> 
> Gonzalo
> 
> On 28/02/2015 5:10 AM, Tirumaleswar Reddy (tireddy) wrote:
> > We have responded to comments from ISEG and published updated draft.
> >
> > -Tiru
> >
> >> -----Original Message-----
> >> From: internet-drafts@ietf.org [mailto:internet-drafts@ietf.org]
> >> Sent: Thursday, February 26, 2015 10:26 AM
> >> To: tram-chairs@ietf.org; tram@ietf.org;
> >> draft-ietf-tram-turn-third-party- authz@ietf.org;
> >> gonzalo.camarillo@ericsson.com; draft-ietf-tram-turn-third-
> >> party-authz.ad@ietf.org; draft-ietf-tram-turn-third-party-
> >> authz.shepherd@ietf.org; spencerdawkins.ietf@gmail.com; rlb@ipv.sx;
> >> stephen.farrell@cs.tcd.ie
> >> Subject: New Version Notification -
> >> draft-ietf-tram-turn-third-party-authz-
> >> 13.txt
> >>
> >>
> >> A new version (-13) has been submitted for
> >> draft-ietf-tram-turn-third-party-
> >> authz:
> >> http://www.ietf.org/internet-drafts/draft-ietf-tram-turn-third-party-
> >> authz-
> >> 13.txt
> >>
> >> Sub state has been changed to AD Followup from Revised ID Needed
> >>
> >>
> >> The IETF datatracker page for this Internet-Draft is:
> >> https://datatracker.ietf.org/doc/draft-ietf-tram-turn-third-party-aut
> >> hz/
> >>
> >> Diff from previous version:
> >> http://www.ietf.org/rfcdiff?url2=draft-ietf-tram-turn-third-party-aut
> >> hz-13
> >>
> >> Please note that it may take a couple of minutes from the time of
> >> submission until the htmlized version and diff are available at tools.ietf.org.
> >>
> >> IETF Secretariat.
> >

v2.23.0 | Report a Bug | By Email