Re: [tram] [Technical Errata Reported] RFC8489 (6268)

RenThraysk <renthraysk@gmail.com> Tue, 01 September 2020 11:44 UTC

Return-Path: <renthraysk@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76E0D3A0F91 for <tram@ietfa.amsl.com>; Tue, 1 Sep 2020 04:44:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gI5qzpLbV05m for <tram@ietfa.amsl.com>; Tue, 1 Sep 2020 04:44:22 -0700 (PDT)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43D3D3A0F90 for <tram@ietf.org>; Tue, 1 Sep 2020 04:44:22 -0700 (PDT)
Received: by mail-wr1-x42c.google.com with SMTP id k15so1150368wrn.10 for <tram@ietf.org>; Tue, 01 Sep 2020 04:44:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=HNCYbX97Fj2vW2f+8XajffEy7GZBWpOKpf6GSfPkHT0=; b=RykJjRQwOGNZDWrNvK7wBShblY4b8NKmjToDfFj8Dm7j9ycXsAuwKnxMFKzAlbkV8J LZShwRIhkn+3KRhp5Ko+P+Zek2SRBhfRezsbVCUYKfl75FFsIhg5lMSAUwo4cgAA7W2K A/C48an18aJdRCeI1xX1reASIUwpH5ImA907sxBLzY9U4lOYBjpGtqLm28zfHPO9A3As kBEWiL5MY0kAYpBOtojR6RvR6B4KbC9ES+KHPpB0pOIJXr5HOucC6f0GEj+s7GY+/qiB PEBkN/SeG3Zjmy8S9aFesxGy9h+ODuYN1aw7rrXPJFVKmFvfxnVULCVE7Lw0Xx+rHFjO ZLfw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=HNCYbX97Fj2vW2f+8XajffEy7GZBWpOKpf6GSfPkHT0=; b=ch4HCc88ruKEU9foFrbtE6BRLp+HW5JeWLyA9At1bCYUgyTfTcUfRq5xZFJUJf0hrr 4aCepO2YT9rrE413/vrLGuy0fjpWQl/RwpOzEAYf5kiBclXe4C9MBxIl6Iyq03YnznmS l1pe4mASqog1RUigok5gpRwEpkBaDYrZaHFshsqnivE3CZC6LkAMhAAkGBOhajU0UQWR oQvAOK1hHXIfHmmHju4DUjo11JadAMzeGSAIyXuanDO+anKPHBHLeXnbxvbd9od9BVok qZlzu0ZWw8R1H2cjmzQds1gdQ6FPI3cW6QpOF4VLRPnVIHIPARDsClIYFyjtA23eawfj RzNQ==
X-Gm-Message-State: AOAM533OZDVJANHRF9bVis8L/tiZ4m46gDfbEGmaEy0yDbibV01WbvzA 5Fw/oemF2DrQcgQjAd2exsWulRXZ/Nb9i+YylN4=
X-Google-Smtp-Source: ABdhPJyUSP4NGghwIwNh0YTJm2sfWWIzBre0BNFIPHZ0bjCaE4W66sJdFZiRSo9rKJqsLcv1T4g0tyorkxsgtHs8Gk0=
X-Received: by 2002:adf:f64f:: with SMTP id x15mr1582789wrp.180.1598960660557; Tue, 01 Sep 2020 04:44:20 -0700 (PDT)
MIME-Version: 1.0
References: <20200830152251.37CA9F4076B@rfc-editor.org> <bd82edbe82f83f7c92c6cb21924951d35132768f.camel@ericsson.com> <B09AFC19-A790-46C5-A97B-69572411A229@cisco.com> <7bbe51fd9a5a226752597825f276f6baad70add7.camel@ericsson.com>
In-Reply-To: <7bbe51fd9a5a226752597825f276f6baad70add7.camel@ericsson.com>
From: RenThraysk <renthraysk@gmail.com>
Date: Tue, 1 Sep 2020 12:44:09 +0100
Message-ID: <CABNgG1gLQFKE6fbdNdVhb87e=PEexKt1ZWxgBoC8iuGTKdgu8g@mail.gmail.com>
To: Magnus Westerlund <magnus.westerlund@ericsson.com>
Cc: "gsalguei@cisco.com" <gsalguei@cisco.com>, "simon.perreault@logmein.com" <simon.perreault@logmein.com>, "marc@petit-huguenin.org" <marc@petit-huguenin.org>, "martin.h.duke@gmail.com" <martin.h.duke@gmail.com>, "philip_matthews@magma.ca" <philip_matthews@magma.ca>, Gonzalo Camarillo <gonzalo.camarillo@ericsson.com>, "jdrosen@jdrosen.net" <jdrosen@jdrosen.net>, "dwing-ietf@fuggles.com" <dwing-ietf@fuggles.com>, "tram@ietf.org" <tram@ietf.org>, "rohan.ietf@gmail.com" <rohan.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="0000000000002eb40505ae3f0a15"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/TncqOmGxkzVBfI2AxbiKfD-SQeM>
X-Mailman-Approved-At: Tue, 08 Sep 2020 11:40:59 -0700
Subject: Re: [tram] [Technical Errata Reported] RFC8489 (6268)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Sep 2020 13:17:01 -0000

Hi,

I reported this errata, but also think there may be another problem, and
wanted to verify.
I think the Security Feature bits encoded into the test vector Nonce
attribute are incorrect.

In the B.1 Test Vector <https://tools.ietf.org/html/rfc8489#appendix-B>
this is encoded in base64 digits as AAAC or decoded into decimal 0, 0, 0, 2.

In 18.1.  STUN Security Features Registry
<https://tools.ietf.org/html/rfc8489#section-18.2>

A STUN Security Feature set defines 24 bits as flags.

   IANA has created a new registry containing the STUN Security Features
   that are protected by the bid-down attack prevention mechanism
   described in Section 9.2.1.

   The initial STUN Security Features are:

   Bit 0: Password algorithms
   Bit 1: Username anonymity
   Bit 2-23: Unassigned


*Bits are assigned starting from the most significant side of the bit
 set, so Bit 0 is the leftmost bit and Bit 23 is the rightmost bit.*

If bits are counted left to right, I don't see how AAAC is correct.

Cheers

Jared

On Tue, Sep 1, 2020 at 12:04 PM Magnus Westerlund <
magnus.westerlund@ericsson.com> wrote:

> Hi,
>
> I think it is reasonable that we do an RFC Errata for this error to
> provide a
> corrected test vector.
>
> I can edit the Errata request to have a different text. So if you authors
> could
> prepare and review a proposal that fixes this I will edit and approve it.
>
> So if you can provide the text that goes into the three parts:
>
> Original Text: (I assume the full message from B.1 here)
>
> Corrected Text: Full message with corrected message length and recomputed
> Hash
> value.
>
> Notes: If there are any additional that was already written that you like
> to
> remark about this error?
>
> Cheers
>
> Magnus
>
> On Mon, 2020-08-31 at 17:00 +0000, Gonzalo Salgueiro (gsalguei) wrote:
> > Hi Magnus -
> >
> > Marc responded earlier so you may have missed it. Below is his response:
> >
> > +++++++++++
> > This errata is correct, and there is nobody to blame for that mistake
> but me.
> >
> > Magnus, how to you want to proceed for the recomputed test vector?
> >
> > Thanks.
> > +++++++++++
> >
> > Cheers,
> >
> > Gonzalo
> >
> >
> > > On Aug 31, 2020, at 11:08 AM, Magnus Westerlund <
> > > magnus.westerlund@ericsson.com> wrote:
> > >
> > > Hi,
> > >
> > > Author's can you please confirm if this is correct or not?
> > >
> > > Cheers
> > >
> > > Magnus
> > >
> > > On Sun, 2020-08-30 at 08:22 -0700, RFC Errata System wrote:
> > > > The following errata report has been submitted for RFC8489,
> > > > "Session Traversal Utilities for NAT (STUN)".
> > > >
> > > > --------------------------------------
> > > > You may review the report below and at:
> > > >
> > >
> > >
> https://protect2.fireeye.com/v1/url?k=99260d6d-c786cf2b-99264df6-86fc6812c361-2320f3daa9544fe5&q=1&e=c28eb099-e321-4447-80c3-942509fe0974&u=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid6268
> > > > --------------------------------------
> > > > Type: Technical
> > > > Reported by: Jared Williams <renthraysk@gmail.com>
> > > >
> > > > Section: Appendix B.1
> > > >
> > > > Original Text
> > > > -------------
> > > > 00 01 00 9c      Request type and message length
> > > >
> > > >
> > > > Corrected Text
> > > > --------------
> > > > 00 01 00 88      Request type and message length
> > > >
> > > > Notes
> > > > -----
> > > > The message length in the test vector (9c) is the absolute length of
> the
> > > > whole
> > > > test vector. However from section 5. STUN Message Structure
> > > >
> > > > "The message length MUST contain the size of the message in bytes,
> not
> > > >   including the 20-byte STUN header."
> > > >
> > > > So the message length in the header should be 20 less than absolute
> length
> > > > of
> > > > the whole message.
> > > >
> > > > 0x9C - 20, 0x88.
> > > >
> > > > Also the MESSAGE-INTEGRITY-SHA256 HMAC-SHA256 value of the Test
> Vector
> > > > will
> > > > need recomputing.
> > > >
> > > > Instructions:
> > > > -------------
> > > > This erratum is currently posted as "Reported". If necessary, please
> > > > use "Reply All" to discuss whether it should be verified or
> > > > rejected. When a decision is reached, the verifying party
> > > > can log in to change the status and edit the report, if necessary.
> > > >
> > > > --------------------------------------
> > > > RFC8489 (draft-ietf-tram-stunbis-21)
> > > > --------------------------------------
> > > > Title               : Session Traversal Utilities for NAT (STUN)
> > > > Publication Date    : February 2020
> > > > Author(s)           : M. Petit-Huguenin, G. Salgueiro, J. Rosenberg,
> D.
> > > > Wing,
> > > > R. Mahy, P. Matthews
> > > > Category            : PROPOSED STANDARD
> > > > Source              : TURN Revised and Modernized
> > > > Area                : Transport
> > > > Stream              : IETF
> > > > Verifying Party     : IESG
> > >  --
> > > Cheers
> > >
> > > Magnus Westerlund
> > >
> > >
> > > ----------------------------------------------------------------------
> > > Networks, Ericsson Research
> > > ----------------------------------------------------------------------
> > > Ericsson AB                 | Phone  +46 10 7148287
> > > Torshamnsgatan 23           | Mobile +46 73 0949079
> > > SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
> > > ----------------------------------------------------------------------
> >
> >
> --
> Cheers
>
> Magnus Westerlund
>
>
> ----------------------------------------------------------------------
> Networks, Ericsson Research
> ----------------------------------------------------------------------
> Ericsson AB                 | Phone  +46 10 7148287
> Torshamnsgatan 23           | Mobile +46 73 0949079
> SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com
> ----------------------------------------------------------------------
>
>
>