Re: [tram] signature based 3rd party scheme
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Wed, 29 April 2015 02:59 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 404BE1A872C for <tram@ietfa.amsl.com>; Tue, 28 Apr 2015 19:59:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.511
X-Spam-Level:
X-Spam-Status: No, score=-14.511 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bBUjqIv-Dp9l for <tram@ietfa.amsl.com>; Tue, 28 Apr 2015 19:59:19 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B45A1A870C for <tram@ietf.org>; Tue, 28 Apr 2015 19:59:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3454; q=dns/txt; s=iport; t=1430276355; x=1431485955; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=hC4n1A+AQVva3S4dHXIvyjWGUBsUJfgKgUmAUcZs3FA=; b=QCw6w6rIseWqkTTJ0ZGrmT7jCdZ7yScgISZYRHNqBwH1e1Rj2LmCixWS MrxDBWy+amqiSg1c1jgv4MOoLHNBST1nXg4QSoXXSv6cuOj6JgOyv3giF jv5eE85FII+ljTWBlv3ouVhQKr+FJrzQ2dirgzcd+afzkj5OGGd4BlXH0 U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0BCBQDDSEBV/5JdJa1cgwxTXAXGOoI4CoYEAoE2TAEBAQEBAYELhCABAQEDAQEBATc0FwYBCBEEAQELFAkuCxQJCQEEARIIiBsIDcctAQEBAQEBAQEBAQEBAQEBAQEBAQEBEwSLOIQzAQEFGj6DEYEWBZFlhAScJyOBZYIPb4EEBxcGHIEBAQEB
X-IronPort-AV: E=Sophos;i="5.11,668,1422921600"; d="scan'208";a="415664848"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-4.cisco.com with ESMTP; 29 Apr 2015 02:59:14 +0000
Received: from xhc-aln-x09.cisco.com (xhc-aln-x09.cisco.com [173.36.12.83]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id t3T2xEa9032341 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 29 Apr 2015 02:59:14 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.218]) by xhc-aln-x09.cisco.com ([173.36.12.83]) with mapi id 14.03.0195.001; Tue, 28 Apr 2015 21:59:14 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: [tram] signature based 3rd party scheme
Thread-Index: AdCCKHW9CjsMzThwTKab4ELJ3vVgMQ==
Date: Wed, 29 Apr 2015 02:59:13 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A47821E90@xmb-rcd-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.67.11]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/K3UU7rSre07aIlGcrJkZj01VGdQ>
Subject: Re: [tram] signature based 3rd party scheme
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2015 02:59:21 -0000
> -----Original Message----- > From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Stephen Farrell > Sent: Wednesday, April 29, 2015 2:24 AM > To: tram@ietf.org > Subject: [tram] signature based 3rd party scheme > > > Hiya, > > As part of my discuss [1] on draft-ietf-tram-turn-third-party-authz [2] I > questioned why the WG have only defined a shared secret based scheme > (with the secret between the TURN and WebRTC servers in that case). That > requires pre-arrangement between WebRTC servers and TURN servers, which > I think isn't always going to be easily done, and seems to me to assume > certain business models and to be more suited for larger providers (for both > servers) and less suited for what may well be a fairly substantial long tail of > WebRTC and TURN servers. Note that I am not saying that the scheme from > [2] is broken but that it has some properties that are less desirable and the > DISCUSS point is to ask if the WG had looked at other possibilities. I'm told > that the WG have not, so this mail is to ask the question in more detail. > (When this thread has run it's course, or if the response to this is crickets, I'll > clear that discuss point.) > > I could envisage a signature based scheme, where the WebRTC server > digitally signs some form of token that the browser can then present to the > TURN server and that the TURN server can then validate (if it wants to). That > could provide accountability and be a sufficient counter against abuse of the > TURN server's bandwidth. I could actually see lots of potential usage models > that could be built on such a scheme, some involving someone billing > someone and others not. But the main point is that the would be no a-priori > need for co-ordination between the TURN server and the WebRTC server > ahead of time. > > The above is obviously just a sketch and a real scheme derived from that > would not have otherwise identical properties to [2] but should I think be > something that could be used and more easily deployed than the scheme > from [2]. > > So - would such a scheme be attractive to the WG, and if so, then what's the > right course of action wrt [2]? (That could be to push [2] along and start > another draft on a signature based scheme, or to just push [2[ along, or > something else.) Passive attacks could occur in TURN due to lack of integrity protection. For example, a passive attacker could monitor Allocate request/response between the client and TURN server and make a Refresh request with a requested lifetime of 0 to delete the allocation. Message integrity of TURN messages ensures that passive attacker cannot spoof TURN messages. TURN client and server can compute message integrity using [2], but it is not possible with the signature based scheme. However signature scheme could work if (D)TLS is used b/w TURN client and server. -Tiru > > Thanks, > S. > > PS: I'm not subscribed to this list, so would appreciate if you'd cc me on > responses. > > [1] > https://datatracker.ietf.org/doc/draft-ietf-tram-turn-third-party- > authz/ballot/#stephen-farrell > [2] https://tools.ietf.org/html/draft-ietf-tram-turn-third-party-authz-15 > > _______________________________________________ > tram mailing list > tram@ietf.org > https://www.ietf.org/mailman/listinfo/tram
- [tram] signature based 3rd party scheme Stephen Farrell
- Re: [tram] signature based 3rd party scheme Tirumaleswar Reddy (tireddy)
- Re: [tram] signature based 3rd party scheme Stephen Farrell
- Re: [tram] signature based 3rd party scheme Tirumaleswar Reddy (tireddy)
- Re: [tram] signature based 3rd party scheme Stephen Farrell
- Re: [tram] signature based 3rd party scheme Tirumaleswar Reddy (tireddy)
- Re: [tram] signature based 3rd party scheme Stephen Farrell
- Re: [tram] signature based 3rd party scheme Tirumaleswar Reddy (tireddy)
- Re: [tram] signature based 3rd party scheme Stephen Farrell
- Re: [tram] signature based 3rd party scheme Tirumaleswar Reddy (tireddy)
- Re: [tram] signature based 3rd party scheme Brandon Williams