[tram] Removing Permissionless ICE relay support from turnbis draft

"Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com> Thu, 14 February 2019 10:36 UTC

Return-Path: <TirumaleswarReddy_Konda@mcafee.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FDF5124408 for <tram@ietfa.amsl.com>; Thu, 14 Feb 2019 02:36:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mcafee.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id diwpehmacgjx for <tram@ietfa.amsl.com>; Thu, 14 Feb 2019 02:36:16 -0800 (PST)
Received: from DNVWSMAILOUT1.mcafee.com (dnvwsmailout1.mcafee.com [161.69.31.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C91712870E for <tram@ietf.org>; Thu, 14 Feb 2019 02:36:16 -0800 (PST)
X-NAI-Header: Modified by McAfee Email Gateway (5500)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mcafee.com; s=s_mcafee; t=1550140477; h=From: To:Subject:Thread-Topic:Thread-Index:Date: Message-ID:Accept-Language:Content-Language: X-MS-Has-Attach:X-MS-TNEF-Correlator:dlp-product: dlp-version:dlp-reaction:authentication-results: x-originating-ip:x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-microsoft-antispam:x-ms-traffictypediagnostic: x-ms-exchange-purlcount:x-microsoft-exchange-diagnostics: x-microsoft-antispam-prvs:x-forefront-prvs: x-forefront-antispam-report:received-spf:x-ms-exchange-senderadcheck: x-microsoft-antispam-message-info:Content-Type: MIME-Version:X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-Transport-CrossTenantHeadersStamped: X-OriginatorOrg:X-NAI-Spam-Flag:X-NAI-Spam-Level: X-NAI-Spam-Threshold:X-NAI-Spam-Score:X-NAI-Spam-Version; bh=C+/WMs+lbUB4eDoVjQgsFEGFeanF7N6ZpBwQoP 7XyEk=; b=ePhhaNIHl/2uI+QLrv24wCFkDN1qc7yDHQjFz43W 5XQ5DAOU5NRAKAh0fcIMffUkLuW1b5Pd42AmsE3xAZgm/FrWd7 jjGgA2eGMkYbMLYvxiyT7T4Ya80wkCNt4TP/1+Z4bhLkQIcc0o YJON4LfJCHzzOwPG8wa2oB7eyn8ldoU=
Received: from DNVEXAPP1N05.corpzone.internalzone.com (unknown [10.44.48.89]) by DNVWSMAILOUT1.mcafee.com with smtp (TLS: TLSv1/SSLv3,256bits,ECDHE-RSA-AES256-SHA384) id 0f6b_c3b4_9679144b_be6b_4892_af05_8b526b392eda; Thu, 14 Feb 2019 03:34:36 -0700
Received: from DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) by DNVEXAPP1N05.corpzone.internalzone.com (10.44.48.89) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 14 Feb 2019 03:35:44 -0700
Received: from DNVO365EDGE1.corpzone.internalzone.com (10.44.176.66) by DNVEXAPP1N06.corpzone.internalzone.com (10.44.48.90) with Microsoft SMTP Server (TLS) id 15.0.1395.4 via Frontend Transport; Thu, 14 Feb 2019 03:35:44 -0700
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (10.44.176.240) by edge.mcafee.com (10.44.176.66) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Thu, 14 Feb 2019 03:35:42 -0700
Received: from BYAPR16MB2790.namprd16.prod.outlook.com (20.178.233.91) by BYAPR16MB2455.namprd16.prod.outlook.com (20.177.227.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1601.22; Thu, 14 Feb 2019 10:35:42 +0000
Received: from BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::a92f:410f:4068:d183]) by BYAPR16MB2790.namprd16.prod.outlook.com ([fe80::a92f:410f:4068:d183%5]) with mapi id 15.20.1622.016; Thu, 14 Feb 2019 10:35:42 +0000
From: "Konda, Tirumaleswar Reddy" <TirumaleswarReddy_Konda@McAfee.com>
To: "tram@ietf.org" <tram@ietf.org>
Thread-Topic: Removing Permissionless ICE relay support from turnbis draft
Thread-Index: AdTETftl2mcoSJVDQoiDoDOnmNuC5g==
Date: Thu, 14 Feb 2019 10:35:42 +0000
Message-ID: <BYAPR16MB2790A7816E3F66518BF8E679EA670@BYAPR16MB2790.namprd16.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
authentication-results: spf=none (sender IP is ) smtp.mailfrom=TirumaleswarReddy_Konda@McAfee.com;
x-originating-ip: [103.245.47.20]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 309b5d07-1cce-4bf1-b77b-08d692682b7c
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600110)(711020)(4605077)(2017052603328)(7153060)(7193020); SRVR:BYAPR16MB2455;
x-ms-traffictypediagnostic: BYAPR16MB2455:
x-ms-exchange-purlcount: 2
x-microsoft-exchange-diagnostics: =?us-ascii?Q?1; BYAPR16MB2455; 23:Ce9HdKsMdHuwNuag8asU7Rig+gpRZGy3kv/DKI8av?= =?us-ascii?Q?pErWQFjU9uIfHHcrU+vI5Txad3awqHK/vlH1QuL4suwUKJMxv2lHoOKSGaQn?= =?us-ascii?Q?JXXyHtR+7NOVoWNI8zHz4H2x1yNDF/A0bkPBmlwkgwd8rpCqPNb0Iw90S2Nw?= =?us-ascii?Q?7CjdMbBH6IBdMJdhMATsdkdNyelazumRwdMJe7MIoBX7pjfbiGF2XIaAFwwc?= =?us-ascii?Q?+mHGltm+3l0Y0Y8tOAHZhosVAY1thuLXNMK6Eyhbjq1rHD4f7mjmtC1hPGwu?= =?us-ascii?Q?WFQfWRBkiDnbq9uFZUXoJohqz/YtF0iK6b1QPICPhjvdC6VyTD4Mfqscg9kp?= =?us-ascii?Q?rLN7l84/5giG8qK2TURGRvAnungF/+VfCcXZFrRhoGZEe5PrP3JCUMXuiTdM?= =?us-ascii?Q?kgqr4wdc9i2f/CiShvMXCE5DtoL/Ky7/lA2E++RV4R0Bw2ah/pxv4Nr84A6J?= =?us-ascii?Q?iHJ9YYIUBg58NqQ12595iWcZCLHdAnYdyYyIFQWcx7e+NeGpz2MozUfXCLqS?= =?us-ascii?Q?k6nh5/PvdRtYXYQlu4UmQqdCt+xzf1AjnRbzxqubd4CBsILK97eXZ9BQgNtU?= =?us-ascii?Q?NnsSEcbldNlxcGL3Dy89+zJjXjWSnv4ItLfdkYVnWBz4n6DeLJDLkiTfnDGW?= =?us-ascii?Q?yESzkysjACDMrIM8yWlAIAYLZwClEP2FeJHtzwxlkuq4gNNUmo/Rv0SDJeUP?= =?us-ascii?Q?De3+wbOyAt2e539CDvz642PdcZc4SlOUhBv3WELlm+klII8Tj0kOP4HpbxLp?= =?us-ascii?Q?Dpbn1DvDGqu0kJYMhrmbwc91c9PfbbS9E7GybJvQS0Cft4nSR1qRHKG18PZn?= =?us-ascii?Q?VHwKdov4wiZgkgm8MMzBgYyFxPsypFvvu2BdsVwPZksU7ChggZPwzrppwcIw?= =?us-ascii?Q?pTHj2cobsRxhJHB4wxw/jjmSbuw9ffGa6hRy9fY3Rvas0em2xOTyhSdJ7U6Q?= =?us-ascii?Q?o9Crv7NlZsEJrlC2kICN9tZaaO8lrwNoHXI5uN8bhwc12Hh4E/HfNlEEgKKZ?= =?us-ascii?Q?q9Jt8eh/Ej2na94kBNmX+XwBa0z4bTcJykRri0ZZYKU1/+qxhitCwrMZu/yO?= =?us-ascii?Q?faXZ7QGWZKhID83UNgV/8fBTu7l/YTchGbDpeDlUPGG5XoNjibcUsVv65PsJ?= =?us-ascii?Q?D5NbeapMAMRDu32/psyafZAjBF2zTrToZxjQBrJ0h7mPAqM0gxX+hNQxiTI5?= =?us-ascii?Q?aFfzftjOAHMLr5bFtPnCh8gEoeFri/lRLrusUfd1/qt35DPY0/+L10LYPwSN?= =?us-ascii?Q?RNRho85AbkGtzvmOL7tWi1BDTDYc4gE//4l99gvre8fpiYnK9BVhQ+hzZ/0d?= =?us-ascii?Q?D7U0Ty9guinkle1N+ho47VcNlBsUBbgZq4ULmmbE1q8?=
x-microsoft-antispam-prvs: <BYAPR16MB2455782AF5384C686515D410EA670@BYAPR16MB2455.namprd16.prod.outlook.com>
x-forefront-prvs: 09480768F8
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(376002)(396003)(366004)(346002)(39860400002)(189003)(199004)(32952001)(53754006)(6436002)(6306002)(2906002)(9686003)(106356001)(236005)(105586002)(6916009)(97736004)(80792005)(476003)(54896002)(74316002)(86362001)(68736007)(5640700003)(316002)(99286004)(478600001)(26005)(186003)(72206003)(102836004)(14444005)(8676002)(6506007)(606006)(8936002)(33656002)(71200400001)(966005)(7696005)(6116002)(486006)(2351001)(256004)(790700001)(3846002)(55016002)(25786009)(71190400001)(66066001)(53936002)(81166006)(1730700003)(81156014)(7736002)(14454004)(2501003)(85282002); DIR:OUT; SFP:1101; SCL:1; SRVR:BYAPR16MB2455; H:BYAPR16MB2790.namprd16.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: McAfee.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: wmazvHueh5HDaAM7rveecJq6fExgtL533dRVvjtMKOTUDiwDM9WGE/+c3z41w1tn2i+OM87ZpJWPDuH8p5RhPyiU28DiGMV2AlVVfIYwMKLMQVEa6lmaj2gTye7rfQhpKytQhJP71EjQ/ymYF74MR+9JK23yhT49qZvFqjvenB4V7so4KMBMAOQLpWn5tsEvzY8G0y+8Dmr4QbyCu0tB30k1hhT6LqsU/sRUjgNV510QpLGYG04VZpSip7KCWAKCOxdzo+9eh4WYMyZ5sucGHYSKcGrd1XTIe+9QdAdJ+CGb4PU7zqgWfwiKO2VkiSAZJTPHO65X7AHKyoI8KAO+LZDcNYU6aTo5IoFKC9azVtaFOD3RMVkVHvnzLWNu0LBPkOjjWkcSsjKpyiUl+8avGRY1Dlea9nLfssMi5bIllv8=
Content-Type: multipart/alternative; boundary="_000_BYAPR16MB2790A7816E3F66518BF8E679EA670BYAPR16MB2790namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 309b5d07-1cce-4bf1-b77b-08d692682b7c
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Feb 2019 10:35:42.1780 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4943e38c-6dd4-428c-886d-24932bc2d5de
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR16MB2455
X-OriginatorOrg: mcafee.com
X-NAI-Spam-Flag: NO
X-NAI-Spam-Level:
X-NAI-Spam-Threshold: 15
X-NAI-Spam-Score: 0.1
X-NAI-Spam-Version: 2.3.0.9418 : core <6482> : inlines <7017> : streams <1813003> : uri <2796149>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/AQzDqSzV5xsvD08opKMDsjpdluw>
Subject: [tram] Removing Permissionless ICE relay support from turnbis draft
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Feb 2019 10:36:23 -0000

Hi all,

The Permissionless ICE relay support added to the turnbis draft has hit a roadblock during the security review by Eric, Martin and Christian. The security attack identified is as follows:

The TURN client currently expects that it will not receive anything via the
server from a peer that it did not explicitly permit. Based on that
assumption, the client could assume that receiving such an unsolicited
packets indicates compromise of either the local network or the server
itself, and it could reasonably decide not to trust the local network or
the server to transport its communication.

In order to address the above threat additional changes are required to the draft to incorporate one of the following proposals:

[1] Martin suggested to add an extension that the client can include when creating the binding to request this behavior, and a signal in the response that indicates that this configuration has been applied.

[2] Dan proposed to create permissions based on STUN username to avoid the permissionless problem in the TRAM mailing list, see https://mailarchive.ietf.org/arch/msg/tram/T66px9mcjcqyvBypHpnMutKOEfk).

[3] Brandon and Justin had submitted a draft (https://tools.ietf.org/html/draft-williams-tram-ufrag-permission-00) to introduce a new type of TURN permission that will allow any ICE connectivity check message that contains the offerer's ufrag value to be accepted on a relay address for delivery over the associated TURN tunnel.

Since it too late in the process to discuss and adopt one of these proposals, we are planning to remove this optimization from turnbis draft.

If there is interest in the WG to pursue Permissionless ICE relay support, a new draft can be published.

Cheers,
-Tiru