Re: [tram] STUN Origin Security Considerations
Alan Johnston <alan.b.johnston@gmail.com> Wed, 19 November 2014 03:29 UTC
Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BBAD1ACF6B for <tram@ietfa.amsl.com>; Tue, 18 Nov 2014 19:29:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3bA_dmb_iodR for <tram@ietfa.amsl.com>; Tue, 18 Nov 2014 19:29:42 -0800 (PST)
Received: from mail-wg0-x229.google.com (mail-wg0-x229.google.com [IPv6:2a00:1450:400c:c00::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38AC91ACF68 for <tram@ietf.org>; Tue, 18 Nov 2014 19:29:42 -0800 (PST)
Received: by mail-wg0-f41.google.com with SMTP id y19so10229731wgg.28 for <tram@ietf.org>; Tue, 18 Nov 2014 19:29:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HXa82AhEs3+k0G4g7V91IfBo+uloiw0Y2RvqAg7H9pU=; b=J5Jdzvjy/wLUGw1GRX+0DyMhW2kwydvBQmEDLK4i9pmSgb/KkTXYx7pcuFQGy9CRFX 8JFpv2RC/kMjSTd5J2IsgE8Q6Be+v2Q6FQAD8tUapUq9B4moy4CpWdmUkG/dxlAgFQhS OzGcO301llq0dYyIx4q/W+vXAVf7xtClcfhaALqKbdatKNNMq0le7tDQx9LZXLnAQR2k aNCbhBteUy6V6jcjQlGac1x+TE/7qeHPee12ZLHYXuEeNv2e6FZKnLp3Z0hlv2l+9WdK AEBvYZnTU4ShmVnfiwhanMvYMbUsE5lyZZf4hyHI7uCCSuejaOf7vkJxiUlHlW+8Y/AS IMEg==
MIME-Version: 1.0
X-Received: by 10.180.8.130 with SMTP id r2mr1375907wia.60.1416367780941; Tue, 18 Nov 2014 19:29:40 -0800 (PST)
Received: by 10.216.117.137 with HTTP; Tue, 18 Nov 2014 19:29:40 -0800 (PST)
In-Reply-To: <FF448F15-42B1-47FF-8CD0-13860979F5D1@gmail.com>
References: <546BF16D.2030004@akamai.com> <FF448F15-42B1-47FF-8CD0-13860979F5D1@gmail.com>
Date: Tue, 18 Nov 2014 21:29:40 -0600
Message-ID: <CAKhHsXHAqKee6LkXNdXNqpp5_Vkh4BZmpw2UQ5f_433d6neyig@mail.gmail.com>
From: Alan Johnston <alan.b.johnston@gmail.com>
To: Oleg Moskalenko <mom040267@gmail.com>
Content-Type: multipart/alternative; boundary="f46d0444029a74556405082dd2c3"
Archived-At: http://mailarchive.ietf.org/arch/msg/tram/Fh1XXzflRj44qpV7KLr4CXVxmn4
Cc: "tram@ietf.org" <tram@ietf.org>, Brandon Williams <brandon.williams@akamai.com>
Subject: Re: [tram] STUN Origin Security Considerations
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Nov 2014 03:29:45 -0000
Agreed. Thanks for sending this, Brandon. I will change this text and rev the document, unless someone disagrees. - Alan - On Tue, Nov 18, 2014 at 9:08 PM, Oleg Moskalenko <mom040267@gmail.com> wrote: > That's a reasonable change. > > Oleg > > > On Nov 18, 2014, at 5:25 PM, Brandon Williams < > brandon.williams@akamai.com> wrote: > > > > Hi all, > > > > In the meeting, I promised to follow up on this with a note to the list. > > > > Text in the current draft states the following: > > > > The STUN ORIGIN attribute also has privacy implications in that the > > origin information is shared with a STUN or TURN server which > > otherwise might not know this information. This information could be > > used to track usage of real-time communication services. A STUN or > > TURN server will always know the public IP address of each user, but > > the ORIGIN attribute provides more information about which service or > > provider is being used. The particular STUN and TURN servers used > > are selected by the real-time communications service provider (i.e. > > the web provider for WebRTC or the SIP or XMPP service provider). In > > addition, they are usually also run by the same provider, or by a > > trusted partner, especially for TURN. However, a service or provider > > using a public STUN server needs to recognize that the operator of > > the public STUN server will learn the identity of the service or > > provider through this extension. > > > > The last three sentences give the impression that the privacy concern > does not apply to TURN servers, only to STUN servers, because TURN servers > are more likely to be run by the application provider or a trusted partner > of the application provider. This might not be true for auto-discovered, > public, and other types of untrusted 3rd party TURN servers. The draft > refers to "public STUN server" privacy implications, but I think the > language could be broadened to cover all untrusted 3rd party relay servers. > > > > I propose the following minor modifications to the text, which I think > clarify the intent. My changes are inclosed in [ ]. > > > > The particular STUN and TURN servers used are [usually] selected by > > the real-time communications provider ... > > > > However, a service or provider using an [untrusted third party] STUN > > [or TURN] server needs to recognize that the operator of the > > [third party] STUN [or TURN] server will learn the identity of the > > service or provider through this extension. > > > > Does this seem reasonable? > > > > --Brandon > > > > -- > > Brandon Williams; Senior Principal Software Engineer > > Emerging Products Engineering; Akamai Technologies Inc. > > > > _______________________________________________ > > tram mailing list > > tram@ietf.org > > https://www.ietf.org/mailman/listinfo/tram > > _______________________________________________ > tram mailing list > tram@ietf.org > https://www.ietf.org/mailman/listinfo/tram >
- [tram] STUN Origin Security Considerations Brandon Williams
- Re: [tram] STUN Origin Security Considerations Oleg Moskalenko
- Re: [tram] STUN Origin Security Considerations Alan Johnston
- Re: [tram] STUN Origin Security Considerations Simon Perreault
- Re: [tram] STUN Origin Security Considerations Tirumaleswar Reddy (tireddy)