Re: [tram] Alissa Cooper's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS)
Simon Perreault <sperreault@jive.com> Tue, 12 May 2015 16:09 UTC
Return-Path: <sperreault@jive.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 355641ACD7E for <tram@ietfa.amsl.com>; Tue, 12 May 2015 09:09:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CCJEtWnp8a6X for <tram@ietfa.amsl.com>; Tue, 12 May 2015 09:09:56 -0700 (PDT)
Received: from mail-qk0-f179.google.com (mail-qk0-f179.google.com [209.85.220.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D09041ACD75 for <tram@ietf.org>; Tue, 12 May 2015 09:09:55 -0700 (PDT)
Received: by qkgx75 with SMTP id x75so8958622qkg.1 for <tram@ietf.org>; Tue, 12 May 2015 09:09:55 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=olnXdocw9ecl3iZOLDFf46J1I4r4KLEDo6k1pPwGxuc=; b=ET97yes+wNuTrscg4XjBn3FnMhVwQV+yNErbKeIuMqQ28Hx/eim88K8h+S59FrpeG3 AUxoZBbhcBpgXId7AXmbq/whuFexoXXtj8OCdtiY8hkdJ7z8Mgjb34SQwb+pE6crHFst 2ZaXWfsUFZUwIqOJ8prYrvoUrQYVSNyzys4CKWpqyXTLl6WdULRXeihRKn9HsHjtMJS3 IT+2h5vpuwQZR6YCdtp0W0lo7OzP8rd8Fe/kOgQx5Dq61a1U9GCeeiY/8GdmdBL8Yyna 924iRtV9CkyygdyDX9nETQ4lZxHIlKvp2e6x/ljq0TPNEY3ZGBLTgDPXvHQlVk0g2Jxj SIrA==
X-Gm-Message-State: ALoCoQmpogw7ZiSDspYWwDLsBCPbFAxLSnUwkqTURYN8u1MoppwDfUANcvo2Cla5oNOzIiVLPj9F
X-Received: by 10.140.86.47 with SMTP id o44mr20602546qgd.98.1431446994985; Tue, 12 May 2015 09:09:54 -0700 (PDT)
Received: from [192.168.1.131] ([24.53.47.130]) by mx.google.com with ESMTPSA id x142sm13501560qkx.28.2015.05.12.09.09.53 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 May 2015 09:09:54 -0700 (PDT)
Message-ID: <555225CF.9040904@jive.com>
Date: Tue, 12 May 2015 12:09:51 -0400
From: Simon Perreault <sperreault@jive.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Alissa Cooper <alissa@cooperw.in>, The IESG <iesg@ietf.org>
References: <20150511233012.17046.42319.idtracker@ietfa.amsl.com>
In-Reply-To: <20150511233012.17046.42319.idtracker@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/N11xrk8xuMtALZCk01fnFFnAXww>
Cc: tram-chairs@ietf.org, draft-ietf-tram-stun-origin.shepherd@ietf.org, tram@ietf.org, draft-ietf-tram-stun-origin@ietf.org, draft-ietf-tram-stun-origin.ad@ietf.org
Subject: Re: [tram] Alissa Cooper's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2015 16:09:57 -0000
Le 2015-05-11 19:30, Alissa Cooper a écrit : > For requests sent with authentication, I understand that the origin > attribute needs to be accurate in order for the client to authenticate. > In those cases, the STUN server can rely on the attribute it receives. > But for requests without authentication, what prevents the client from > lying? Note that the client does not know in advance whether its request is going to be authenticated or not. Although I supposes it could try to guess, or maybe re-try the request without lying when it receives an authentication challenge. > And if those requests are not (D)TLS-protected, what prevents them > from being modified in transit? Nothing. Per STUN design. Unauthenticated requests cannot be trusted. The server operator can require authentication if trust is a problem. > I understand Alan to be saying that the > justification for the origin in this case is operational troubleshooting, > but if the server can't rely on the origin it receives, doesn't that make > it risky for the server to act on that information? Note that this concern applies to all other pieces of information contained in unauthenticated STUN requests. Simon
- [tram] Alissa Cooper's Discuss on draft-ietf-tram… Alissa Cooper
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Oleg Moskalenko
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Alissa Cooper
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Yoakum, John H (John)
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Stephen Farrell
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Stephen Farrell
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Stephen Farrell
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Alissa Cooper
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Spencer Dawkins at IETF
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Alan Johnston