IETF Logo Mail Archive

Re: [tram] WGLC draft-ietf-tram-turn-third-party-authz-03

Oleg Moskalenko <mom040267@gmail.com> Fri, 19 September 2014 06:08 UTC

Return-Path: <mom040267@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B52FA1A884E for <tram@ietfa.amsl.com>; Thu, 18 Sep 2014 23:08:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.749
X-Spam-Level:
X-Spam-Status: No, score=-1.749 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KvhPPvJ371Jd for <tram@ietfa.amsl.com>; Thu, 18 Sep 2014 23:08:52 -0700 (PDT)
Received: from mail-we0-x230.google.com (mail-we0-x230.google.com [IPv6:2a00:1450:400c:c03::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 98C1A1A883F for <tram@ietf.org>; Thu, 18 Sep 2014 23:08:51 -0700 (PDT)
Received: by mail-we0-f176.google.com with SMTP id q58so1931382wes.35 for <tram@ietf.org>; Thu, 18 Sep 2014 23:08:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=SDygj2SpAZlJBdc4vJdBp2OIBtViEKiTncUuhymGiZk=; b=W3STUJ42Siseft7xaVcouSCSQshbDaIEfuu9jrg3b9HPewjvaZLkHIevRWU94x8Peh eEu4Ez54M51Bt4kxig34MTkyrfoeMBVVb6aNkQmuS2BYBbETVR3clz4Ne0hXRePs65O1 SGtCaWg963FxNadEulmNmLAjcRyBWRY84Q8Ta8nOVENuTyy/42fNsUX+DAd7EYpS5giy U3sBOXPiJ86QynfzLDb3egTPGRUJanNE4qwDlEm2RDecsXddRoKrsm/BVvgBR/14V4bs vcxg5089UdqlOKasevAHt9nAQLgujPvXrcXSGL/YN0iFrZQEfYQCeDkby2j3fMBuVSOI ReFg==
MIME-Version: 1.0
X-Received: by 10.194.209.207 with SMTP id mo15mr9608314wjc.6.1411106930170; Thu, 18 Sep 2014 23:08:50 -0700 (PDT)
Received: by 10.194.67.167 with HTTP; Thu, 18 Sep 2014 23:08:50 -0700 (PDT)
In-Reply-To: <CALDtMr+CG7z+OaiO02iS+PmTqacz22fWaaPP5tbWYeV5w0z2dA@mail.gmail.com>
References: <913383AAA69FF945B8F946018B75898A28328E81@xmb-rcd-x10.cisco.com> <CALDtMrLetBrxZL4OGqPW_sCi9VU6wEunA1sA8qWSfFzD-YC4_Q@mail.gmail.com> <913383AAA69FF945B8F946018B75898A28328F3F@xmb-rcd-x10.cisco.com> <CANO7kWB91ba4fPx+_YBqS_U9C1OC6B6AiZ-ds89teV-FFw_g9w@mail.gmail.com> <CALDtMr+CG7z+OaiO02iS+PmTqacz22fWaaPP5tbWYeV5w0z2dA@mail.gmail.com>
Date: Thu, 18 Sep 2014 23:08:50 -0700
Message-ID: <CALDtMrLPZSZDUJROhBRQ3pC_XMomO0k8X8=Uo7PSQakQmntL2Q@mail.gmail.com>
From: Oleg Moskalenko <mom040267@gmail.com>
To: Simon Perreault <sperreault@jive.com>
Content-Type: multipart/alternative; boundary="047d7b3a831450236a050364effe"
Archived-At: http://mailarchive.ietf.org/arch/msg/tram/Vla1SdvFhbj4r6BTY1M5EDgp-cI
Cc: "Dan Wing (dwing)" <dwing@cisco.com>, "tram@ietf.org" <tram@ietf.org>, "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
Subject: Re: [tram] WGLC draft-ietf-tram-turn-third-party-authz-03
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Sep 2014 06:08:58 -0000

I have another comment, on Section 6.2.

I do not think that the ACCESS-TOKEN must be a comprehension-optional
attribute. The optional attributes are used when the message recipient may
be of a limited functionality (like in backward compatibility cases or
minimal clients or minimal servers). There are two reasons why the optional
attribute does not fit well here in the dialog:

1) When the client sends the request with ACCESS-TOKEN, the server already
made a commitment that the server understands the oAuth credentials (by
sending the THIRD-PARTY-AUTHORIZATION attribute). So the server may not be
a legacy server.
2) The message cannot be handled properly if the server does not
understands the ACCESS-TOKEN - because the KID is not a valid username,
anyway, and the server does not know the mac even if somehow miraculously
the server had a username with KID as the value.

If there are valid reasons why the ACCESS-TOKEN is a comprehension-optional
attribute, I'd like to hear them.

Thanks !
Oleg



On Tue, Sep 16, 2014 at 3:21 PM, Oleg Moskalenko <mom040267@gmail.com>
wrote:

> I'd also suggest to create an Appendix, with the content similar to RFC
> 5769, with ticket encoding/decoding sample examples. That would benefit
> both client and server implementations, to avoid ambiguity and
> misunderstandings.
>
> Thanks
> Oleg
>
>
> On Mon, Sep 15, 2014 at 5:26 AM, Simon Perreault <sperreault@jive.com>
> wrote:
>
>>
>> On Mon, Sep 15, 2014 at 6:34 AM, Tirumaleswar Reddy (tireddy) <
>> tireddy@cisco.com> wrote:
>>
>>> Second, even with unknown nonce, knowing the exact nonce field
>>> positions, the client still can try the same attack - the client will just
>>> ignore the nonce positions, and the client will obtain the same attack
>>> result as without the nonce (with very high degree of probability). If the
>>> client finds a key that decrypts properly all positions except the nonce,
>>> then the client can be almost sure that he found the real long-term key.
>>>
>>>
>>>
>>> [TR] Yup, the client will have to try all possible key combinations (2
>>> to the power 256 key combinations which takes very very long time) and
>>> check if the decrypted token matches the plain token. Looks like we don’t
>>> have to address this attack.
>>> http://en.wikipedia.org/wiki/Talk%3ASalt_%28cryptography%29 mentions
>>> that “modern ciphers such as Advanced Encryption Standard are not
>>> susceptible to known-plaintext attacks”.
>>>
>>
>> Whatever you decide, please mention it in the Security Considerations
>> section, and explain why you think your decision makes sense.
>>
>> Thanks,
>> Simon
>>
>
>

v2.23.0 | Report a Bug | By Email