Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS and COMMENT)
Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 13 May 2015 10:58 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F5501B2B91; Wed, 13 May 2015 03:58:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K-1uIo_TdSxb; Wed, 13 May 2015 03:58:36 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0DA41B2B8F; Wed, 13 May 2015 03:58:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7DE89BECF; Wed, 13 May 2015 11:58:35 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4tIT2jKSVUQN; Wed, 13 May 2015 11:58:35 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 537ADBECA; Wed, 13 May 2015 11:58:35 +0100 (IST)
Message-ID: <55532E5B.5050204@cs.tcd.ie>
Date: Wed, 13 May 2015 11:58:35 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Simon Perreault <sperreault@jive.com>, Alan Johnston <alan.b.johnston@gmail.com>
References: <20150421153635.27696.5302.idtracker@ietfa.amsl.com> <CAKhHsXGKhsMrjfSZCLiHF971FQeSKRopS7x4caQ6=Nwh4brB4g@mail.gmail.com> <554F461C.4040603@cs.tcd.ie> <554F9339.4090404@jive.com>
In-Reply-To: <554F9339.4090404@jive.com>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/QiKwiR4RUsFjBOjZrxxWqSuSdFQ>
Cc: tram-chairs@ietf.org, "tram@ietf.org" <tram@ietf.org>, draft-ietf-tram-stun-origin.shepherd@ietf.org, draft-ietf-tram-stun-origin.ad@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-tram-stun-origin@ietf.org
Subject: Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS and COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 May 2015 10:58:38 -0000
On 10/05/15 18:19, Simon Perreault wrote: > I don't follow. If the browser lies, then authentication will fail. > Where's the problem? > So let's say that a TURN server works on behalf of two "tenant" services, S1 and S2 (legacy-SIP or WebRTC doesn't matter for this point). S1 are mean and charge the end user per byte/second and when the TURN server is working on behalf of S1 then the TURN server will do loads of accounting that'll eventually turn into billing from S1 to the user at the UA. S2 however are rich new Internet kids and offer calling for nothing - they just use some of their vast advertising revenue to pay the TURN server operator a big pile of cash and the end user never has to pay, because S2 make money elsewhere. As a user, I can have accounts with both, and can authenticate to the TURN server as either. (I'm not saying that is good but it is what you've told me I think.) I will of course always assert that the "origin" for all of my calls is S2 and authenticate with those credentials, even when I'm making a call that is setup by S1 and that properly ought to be billed that way. (And such a call can be to a destination that is simply not reachable via S2's signalling of course.) The fact that this origin is used by the TURN server to pick between those and that there is no binding between that and the in-progress call enables me to succeed when I try the age-old trick of getting calls for nothing. And similar issues will arise if there is any differentiation between what the STUN/TURN server does for any of it's multiple tenants. (Logically, that would seem to imply that the TURN server has to offer the exact same service to all tenants as a result of this protocol feature/flaw, which would presumably de-value all multi-tenant features to the extent they'd just die out. But then logic doesn't always rule I guess:-) Can you tell me what in the current proposal (or the underlying context, and hence perhaps properly not documented here) means that the above is a non-issue? Or where else am I going wrong? Cheers, S. PS: It's obvious I guess, but this isn't directly about the privacy aspects of the draft, though any solutions would impinge on the discussion of the privacy aspects of the draft and hence on this overall discussion.
- [tram] Stephen Farrell's Discuss on draft-ietf-tr… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Barry Leiba
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Spencer Dawkins at IETF
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Alan Johnston
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Spencer Dawkins at IETF
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Alan Johnston
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Simon Perreault
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Alan Johnston
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Spencer Dawkins at IETF
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Simon Perreault
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Spencer Dawkins at IETF
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [tram] Stephen Farrell's Discuss on draft-iet… Simon Perreault