IETF Logo Mail Archive

Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-13: (with DISCUSS and COMMENT)

Oleg Moskalenko <mom040267@gmail.com> Mon, 13 April 2015 07:04 UTC

Return-Path: <mom040267@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B4BF1B2E51 for <tram@ietfa.amsl.com>; Mon, 13 Apr 2015 00:04:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.95
X-Spam-Level:
X-Spam-Status: No, score=0.95 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P85mT_wni-5u for <tram@ietfa.amsl.com>; Mon, 13 Apr 2015 00:04:35 -0700 (PDT)
Received: from mail-wi0-x233.google.com (mail-wi0-x233.google.com [IPv6:2a00:1450:400c:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CDEA1B2E4E for <tram@ietf.org>; Mon, 13 Apr 2015 00:04:35 -0700 (PDT)
Received: by wizk4 with SMTP id k4so60281934wiz.1 for <tram@ietf.org>; Mon, 13 Apr 2015 00:04:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=KBHg4rkkyHaHXD/iTQUb13BWWg3VGNmfIJYtgBYq8ys=; b=Sql6iylGcOKaQKg3b/rXOlGxWggKhQVBuZB/v+oAMU5Jm7o7bfg/Om4MGGIUSFV5uC PGRGrlbE7AoyAMwjvBgMfWpf6MzZirpwT5h+dESoXQp+a1pS9wVJCD4JqJEb9woeH5K5 R4XVTTAsTeOaPG1i4TTHfOho2o9k7MMBKBPOaXs19OoO18xoce+mAIW40OopCYSgBkhc YrHlt9ddHc+fit6spG9tGO2xjGRGAEePxRvWCJ0bqGLuEvjVMvXF1nLH//YiP2fmZdrf 8rPb20iVqMiY7uewmKoq8qG44fkSrNV9VLkFeHKR0AdIiSVJkYQJYRhZWKH9XT4huxPW 0Liw==
MIME-Version: 1.0
X-Received: by 10.180.206.98 with SMTP id ln2mr18694700wic.94.1428908674225; Mon, 13 Apr 2015 00:04:34 -0700 (PDT)
Received: by 10.194.190.7 with HTTP; Mon, 13 Apr 2015 00:04:34 -0700 (PDT)
In-Reply-To: <913383AAA69FF945B8F946018B75898A411FFCB9@xmb-rcd-x10.cisco.com>
References: <20150410193813.20376.40907.idtracker@ietfa.amsl.com> <913383AAA69FF945B8F946018B75898A411FFCB9@xmb-rcd-x10.cisco.com>
Date: Mon, 13 Apr 2015 00:04:34 -0700
Message-ID: <CALDtMrK20_MroVZpZrsYx2j9thBU9a+mZHXULMcXn6vFwksNDA@mail.gmail.com>
From: Oleg Moskalenko <mom040267@gmail.com>
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/PgL-JbTroxL6BnSmhaJZm-c1-bI>
Cc: "tram@ietf.org" <tram@ietf.org>
Subject: Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-13: (with DISCUSS and COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Apr 2015 07:04:37 -0000

I noticed that the encrypted token has odd number of bytes, because
the nonce_length is just one byte. I'd suggest to make it two bytes.
Saving a byte by making the data size odd usually does not work well.
It is really not saving any space or CPU cycles.


Thanks
Oleg


On Fri, Apr 10, 2015 at 8:07 PM, Tirumaleswar Reddy (tireddy)
<tireddy@cisco.com> wrote:
>> -----Original Message-----
>> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
>> Sent: Saturday, April 11, 2015 1:08 AM
>> To: The IESG
>> Cc: tram-chairs@ietf.org; tram@ietf.org; draft-ietf-tram-turn-third-party-
>> authz@ietf.org; gonzalo.camarillo@ericsson.com; draft-ietf-tram-turn-third-
>> party-authz.ad@ietf.org; draft-ietf-tram-turn-third-party-
>> authz.shepherd@ietf.org
>> Subject: Stephen Farrell's Discuss on draft-ietf-tram-turn-third-party-authz-
>> 13: (with DISCUSS and COMMENT)
>>
>> Stephen Farrell has entered the following ballot position for
>> draft-ietf-tram-turn-third-party-authz-13: Discuss
>>
>> When responding, please keep the subject line intact and reply to all email
>> addresses included in the To and CC lines. (Feel free to cut this introductory
>> paragraph, however.)
>>
>>
>> Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
>> for more information about IESG DISCUSS and COMMENT positions.
>>
>>
>> The document, along with other ballot positions, can be found here:
>> http://datatracker.ietf.org/doc/draft-ietf-tram-turn-third-party-authz/
>>
>>
>>
>> ----------------------------------------------------------------------
>> DISCUSS:
>> ----------------------------------------------------------------------
>>
>>
>> Edited discuss ballot after chats around Dallas.
>>
>> (1) Please fix the crypto as per Richard's discuss. (I think the plan here is for
>> Rich Salz to help with that, which I'm confident will work out ok.)
>
> Yes, comments from Richard are addressed.
>
>>
>> (2) Please consider whether a signature based scheme that does not require
>> pre-shared keys between the TURN and (in particular) WebRTC server could
>> be useful to support. (Either in this document or
>> elsewhere.) There should be use cases where that offers sufficient
>> accountability for use of TURN and it ought allow some deployments that
>> are less easy with this kind of pre-shared keys approach. The DISCUSS here is
>> to check if the WG want to take that approach, either now or later.
>
> Passive attacks could occur in TURN due to lack of integrity protection. For example, a passive attacker could monitor Allocate request/response between the client and TURN server and make a Refresh request with a requested lifetime of 0 to delete the allocation. Message integrity of TURN messages ensures that passive attacker cannot spoof subsequent TURN messages.
>
>>
>> (3) I think the plan is to take out some of the options that are not needed so
>> as make interop more likely.
>> Please do so. (I think we discussed taking out the DKSPP stuff at least, but
>> the more options we can get rid of, the better).
>
> Yes, DKSPP is removed from the draft.
>
>>
>>
>> ----------------------------------------------------------------------
>> COMMENT:
>> ----------------------------------------------------------------------
>>
>>
>> - COMMENTS below are unchanged since before Dallas.
>> We can look over then as we go.
>>
>> - I really think this would benefit from some wider review and I don't think
>> it's ready as-is.
>
> This draft is also reviewed in OAuth WG.
>
>>
>> - I agree with Richard's discuss points.
>>
>> - intro: "impossible in web applications" isn't really true in principle, but
>> impossible in WebRTC as it uses JS is true.
>
> NEW:
>    However, in web applications
>    like WebRTC [I-D.ietf-rtcweb-overview] where JavaScript uses the
>    browser functionality to make real-time audio and/or video calls, Web
>    conferencing, and direct data transfer, ensuring this secrecy is
>    typically not possible.
>
>>
>> - Assuming the AS that can authorize the user shares a secret with the STUN
>> server chosen by the WebRTC server seems very brittle. Why would that be
>> true in general?
>
> The AS and WebRTC server are in the same administrative domain of the application provider. The user never sends the session key learned  from the AS to the STUN server it only uses the session key to compute  message integrity of STUN request and to validate the  message integrity of  the STUN response. The STUN server will only know the session key if it can decrypt the token.
>
>>
>> - 4.1.1: Hmmm. How many people use KeyProv I wonder?
>
> Already removed DKSPP.
>
>>
>> - 4.1.2 - which "two servers"? WebRTC can have more servers than that.
>
> The STUN server and the AS. As far as the STUN server is concerned, it only deals with the AS of interest for key establishment. The AS could be the application server itself or could be a Key management  function syncing the keying material to the WebRTC servers.
>
> NEW:
>    The STUN and AS servers could choose to use REST API over HTTPS to
>    establish a symmetric key.
>
>>
>> - 4.1.2 - now we're using TLS mutual auth? And how does the TLS client know
>> which CA to use that'll work with the TLS server here? I don't think that'll
>> scale will it?
>
> We presume the two parties involved know what CA to consider when using the REST APIs ­ they would have to do this to trust each other. Please note that the AS is allocating symmetric keys meant exclusively for  that STUN Server, so some level of co-ordination is already involved.
>
>>
>> - 4.1.3 - this looks like what the WG/authors really want, would that be a fair
>> statement?
>
> As per our discussion we have changed the specification to recommend REST
>
> NEW:
>
>    Note : The mechanism specified in Section 4.1.2 compared to REST
>    lacks encryption and HMAC algorithm agility.  Hence a STUN server and
>    authorization server implementation SHOULD support REST explained in
>    Section 4.1.1.
>
>
>>
>> - 9: Figure 2 should be way up at the top of the document and not here
>
> In the previous versions it was in the top of the document but moved down after comments received from the WG that WebRTC is only an  example usage of third party authorization.
>
>>
>> - 9: Why 5 seconds ?
>
> STUN messages can be sent over UDP, 5 seconds is to accommodate packet loss and RTO interval.
>
> -Tiru
>
>>
>
> _______________________________________________
> tram mailing list
> tram@ietf.org
> https://www.ietf.org/mailman/listinfo/tram

v2.23.0 | Report a Bug | By Email