Re: [tram] draft-ietf-tram-stunbis
Marc Petit-Huguenin <marc@petit-huguenin.org> Sun, 11 March 2018 13:26 UTC
Return-Path: <marc@petit-huguenin.org>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7EC0B124217; Sun, 11 Mar 2018 06:26:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.108
X-Spam-Level:
X-Spam-Status: No, score=-1.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FmzwIaQTRuzg; Sun, 11 Mar 2018 06:26:48 -0700 (PDT)
Received: from implementers.org (unknown [IPv6:2001:4b98:dc0:45:216:3eff:fe7f:7abd]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEC0A126D05; Sun, 11 Mar 2018 06:26:47 -0700 (PDT)
Received: from [IPv6:2601:648:8301:730f:ac0b:c7cc:59a:561f] (unknown [IPv6:2601:648:8301:730f:ac0b:c7cc:59a:561f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id 55028AE8D9; Sun, 11 Mar 2018 14:26:45 +0100 (CET)
To: Noriyuki Torii <torii0573@gmail.com>, draft-ietf-tram-stunbis@ietf.org
Cc: tram@ietf.org
References: <CABEjbRJjU2LVb0iDkBavpSxtw-+PowvsyDdg9hhvwX+Gi9Awzw@mail.gmail.com>
From: Marc Petit-Huguenin <marc@petit-huguenin.org>
Message-ID: <9b5529b3-5d0d-e6a6-9481-a947a890acc3@petit-huguenin.org>
Date: Sun, 11 Mar 2018 06:26:42 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <CABEjbRJjU2LVb0iDkBavpSxtw-+PowvsyDdg9hhvwX+Gi9Awzw@mail.gmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="V9Ok67EScuVCJXFQcDQH2Phq5672i5Vuv"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/DFlHrJaeZNFArPZRsc_gjhG2FYI>
Subject: Re: [tram] draft-ietf-tram-stunbis
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Mar 2018 13:26:49 -0000
Hi, Thanks for the review, please see inline. Note that the draft submission tool will reopen on 2018-03-18, so no new version of this draft will be published before that. On 03/07/2018 04:10 AM, Noriyuki Torii wrote: > To whom it may concern. > > I'm Noriyuki Torii. I have red the updated I-D of STUNbis-16 and found > some issues would like to be shared. > > Hope this may help for improvement. > > - Section 9.1.1 and 9.2.2 defines the HMAC key calculation based on some > elements such that the password, username and realm. > Sections say those elements should be proccessed using OpaqueString > profile > defined in RFC8265. > > On the other hand, RFC8265 says in its "Changes from RFC 7613" that > "Removed UTF-8 as a mandatory encoding, because that is a matter > for the application." > > So, the specification of applied encoding for those elements on > calculating > HMAC key is up to STUNbis document. > > Please note that username and realm have the applied encoding > specification > as UTF-8 in its corresponding STUN attribute description. > (please see section 14.3 and 14.9) > But the password doesn't have such a description, therefore some care need > to be taken. Section 9.1.1 and 9.2.2 now have the following text: For short-term credentials the HMAC key is defined as follow: key = OpaqueString(password) where the OpaqueString profile is defined in [RFC8265]. The encoding used is UTF-8 [RFC3629]. [...] For long-term credentials that do not use a different algorithm, as specified by the PASSWORD-ALGORITHM attribute, the key is 16 bytes: key = MD5(username ":" OpaqueString(realm) ":" OpaqueString(password)) Where MD5 is defined in [RFC1321] and the OpaqueString profile is defined in [RFC8265]. The encoding used is UTF-8 [RFC3629]. > > - Section 14.6 mentions to the HMAC truncation, but as far as I read, I > couldn't precisely find out the minimum byte of length of the HMAC. > > From my understandings, minimum length > maybe 16 because > > The HMAC MUST NOT be truncated below a minimum size of 16 bytes. > > OR > maybe 8 because > > The value (snip) MUST be a positive multiple of 4 bytes > AND > > STUN Usages may specify a minimum length longer than 4 bytes. > > Here above I conceived "longer than (but not equal to) 4 bytes". > IMHO, some clarification will be preferable. I removed the last sentence of the paragraph, which did not make sense. > > - There are some occurence such like > > a UTF-8 [RFC3629] encoded > > sequence of less than 128 characters (which can be as long as 509 > > bytes when encoding them or 763 bytes when decoding them). > > The sentence inside parenthesis have off-by-one error. > To be exact, > > (which can be less than 509 bytes when encoding them or 763 bytes > when decoding them) > > or alternatively > > (which can be as long as 508 bytes when encoding them or 762 bytes > when decoding them) I gave you an answer to that last time, but you did not responded to it. Again, here's the email that justify these values: https://www.ietf.org/mail-archive/web/behave/current/msg02535.html Please give arguments why that answer is wrong. > > - In Section 9.2.4, there are some typoes. > Unnecessary extra white space such that "PASSWORD- ALGORITHM". Fixed. > > - At page 40, bizzare (perhaps unintended) page break occurs. Fixed. -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: https://marc.petit-huguenin.org Profile: https://www.linkedin.com/in/petithug
- Re: [tram] draft-ietf-tram-stunbis Marc Petit-Huguenin
- Re: [tram] draft-ietf-tram-stunbis Noriyuki Torii