IETF Logo Mail Archive

Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-13: (with DISCUSS and COMMENT)

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Wed, 15 April 2015 16:09 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E14061B2CDF for <tram@ietfa.amsl.com>; Wed, 15 Apr 2015 09:09:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lBl5ey_zdCuA for <tram@ietfa.amsl.com>; Wed, 15 Apr 2015 09:09:02 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01BFC1B2CD8 for <tram@ietf.org>; Wed, 15 Apr 2015 09:09:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3840; q=dns/txt; s=iport; t=1429114142; x=1430323742; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=ENbTQpGqdtXDEy+ze5fcLNjYC9w2UwdcZxTe8bUaBJM=; b=cAUyGBPWLLPNmJzHS9+Y5uK4IMIOtrWSwG4rAkoq3AGPGYhP2n5pzoS2 2WVKkAsOQ4pr3sQ0KbjtU51HuQF+Se1HRzW8+pZEfnOTCV+u8i+ftXt9X P+fv0YaskaND7536iFlJB27kRQJULSu8l90581XSmFM0ri4FO9Xb1lsxl c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BVBQDJiy5V/4cNJK1cgwxSXAXEd4I0CoYDAoE7TAEBAQEBAX6EIAEBAQMBAQEBNy0HEAcGAQgRBAEBAQoUBQQoBgsUCQkBBAESCBOHewMJCA2/UA2FKwEBAQEBAQEBAQEBAQEBAQEBAQEBARMEiyuCSIFpGj6DEYEWBZEOg3mES5ABhjsigjOBPG+BRH8BAQE
X-IronPort-AV: E=Sophos;i="5.11,582,1422921600"; d="scan'208";a="412444519"
Received: from alln-core-2.cisco.com ([173.36.13.135]) by rcdn-iport-2.cisco.com with ESMTP; 15 Apr 2015 16:09:01 +0000
Received: from xhc-rcd-x02.cisco.com (xhc-rcd-x02.cisco.com [173.37.183.76]) by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id t3FG919C027335 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 15 Apr 2015 16:09:01 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.220]) by xhc-rcd-x02.cisco.com ([173.37.183.76]) with mapi id 14.03.0195.001; Wed, 15 Apr 2015 11:09:00 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Brandon Williams <brandon.williams@akamai.com>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-13: (with DISCUSS and COMMENT)
Thread-Index: AdB3louUjzyHQog6Snaz2q2+zUT+kQ==
Date: Wed, 15 Apr 2015 16:09:00 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A4120E570@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.73.110]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/8JvwQpPa5waFHtD3yS4J0Gb7egU>
Subject: Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-13: (with DISCUSS and COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Apr 2015 16:09:04 -0000

> -----Original Message-----
> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Brandon Williams
> Sent: Tuesday, April 14, 2015 6:07 PM
> To: tram@ietf.org
> Subject: Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-
> party-authz-13: (with DISCUSS and COMMENT)
> 
> I don't think OOB communication b/w the STUN and auth servers is a
> solution to the problem of wanting to provide additional details in the
> token. It defeats a large part of the purpose of moving to a token model in
> the first place, which was to avoid the need for these two servers to have to
> communicate directly with each other.

The size of the metadata will determine if in-band or OOB is required.

> 
> I agree with Martin that it would be useful to have the capability to
> communicate additional information in the token, and I don't recall that it
> was decided that the token wouldn't have this capability (unless by decided
> you mean there wasn't enough interest in the discussion). 

Yes, there was not enough interest in the discussion.

-Tiru

> I don't agree that
> this would necessarily be bad for interoperability, provided that individual
> bits of additional information are never required to be present or required
> to be understood if they are present.
> A list of TLVs at the end of the data space would not be particularly difficult
> to support.
> 
> I don't feel strongly enough about providing such a mechanism to push for
> it, but I would be supportive if someone else does.
> 
> --Brandon
> 
> On 04/14/2015 02:02 AM, Tirumaleswar Reddy (tireddy) wrote:
> >> -----Original Message-----
> >> From: Oleg Moskalenko [mailto:mom040267@gmail.com]
> >> Sent: Tuesday, April 14, 2015 10:57 AM
> >> To: Martin Thomson
> >> Cc: Tirumaleswar Reddy (tireddy); tram-chairs@ietf.org;
> >> tram@ietf.org; Brandon Williams; rlb@ipv.sx; Salz, Rich; Stephen
> >> Farrell
> >> (stephen.farrell@cs.tcd.ie)
> >> Subject: Re: [tram] Stephen Farrell's Discuss on
> >> draft-ietf-tram-turn-third-
> >> party-authz-13: (with DISCUSS and COMMENT)
> >>
> >> On Mon, Apr 13, 2015 at 11:17 AM, Martin Thomson
> >> <martin.thomson@gmail.com> wrote:
> >>>
> >>> Section 4 doesn't permit any additional information to be carried in
> >>> the token.  Therefore, the STUN/TURN server is unable to apply any
> >>> additional policies that the authorization server might impose, such
> >>> as limits on the length of the session, the number of ports
> >>> allocated, or the bandwidth that is allocated.  (Or whatever we
> >>> might later conceive of.)
> >>
> >> I believe that extra token information is a very very bad idea - it
> >> kills the whole interoperability thing in the draft. If we are adding "extra"
> >> information to the token, we can as well just kill the draft and tell
> >> the STUN server developers "do whatever you want, secure the stuff
> >> somehow, we do not care".
> >
> > It was discussed in the WG and decision was not to carry any extra token
> information so as to keep the token size small. In future an out-of-band
> communication mechanism b/w STUN and authorization server to exchange
> the token related metadata can be defined similar to the OAuth 2.0 Token
> Introspection method defined in https://tools.ietf.org/html/draft-ietf-oauth-
> introspection-07.
> >
> > -Tiru
> > _______________________________________________
> > tram mailing list
> > tram@ietf.org
> > https://www.ietf.org/mailman/listinfo/tram
> >
> 
> --
> Brandon Williams; Senior Principal Software Engineer Emerging Products
> Engineering; Akamai Technologies Inc.
> 
> _______________________________________________
> tram mailing list
> tram@ietf.org
> https://www.ietf.org/mailman/listinfo/tram

v2.23.0 | Report a Bug | By Email