[tram] Comments on draft-ietf-tram-stun-bis-01
Alan Johnston <alan.b.johnston@gmail.com> Tue, 17 March 2015 14:12 UTC
Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25E591A1A63 for <tram@ietfa.amsl.com>; Tue, 17 Mar 2015 07:12:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZNboA9L8v6OI for <tram@ietfa.amsl.com>; Tue, 17 Mar 2015 07:12:07 -0700 (PDT)
Received: from mail-vc0-x22d.google.com (mail-vc0-x22d.google.com [IPv6:2607:f8b0:400c:c03::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E834F1A03A3 for <tram@ietf.org>; Tue, 17 Mar 2015 07:11:58 -0700 (PDT)
Received: by mail-vc0-f173.google.com with SMTP id im6so2401639vcb.4 for <tram@ietf.org>; Tue, 17 Mar 2015 07:11:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=AiOF3dapE/zSHzCH7rA0HJlcwhFfimP5W7pI65yvTaY=; b=t2w4y2hVOVi3hNEBWo3y2mI80dXu9gwZxdHIsiD7xFnp7uopWYx8uUceSUv6Q14HkG 1u+ZbKdgLAkLPp5qH666j+egYHRSQzkTVJYAYssiheBW2DSw2x/9Sv9eqSOh1MWCfMea klVm6uXRVfIsJCuvWRgVBgAyAkhsUvDXkr6H0f+e9EnB17u2KDGhSORkIdXjEeh1uXYZ SgprTS2eS+1Ud2vMtrF13c6BKEx9Qap/pOopxVsBWERII5xOHnQ4W1/2tWDxTXKoTTjB ycUEJderZnX3nIYwTRymP6IWgrC8NzhB5IdgXv6jtNE/3QEI7N4vWQ+2+zw/FOedHmrZ IFqA==
MIME-Version: 1.0
X-Received: by 10.52.7.228 with SMTP id m4mr69935901vda.31.1426601518100; Tue, 17 Mar 2015 07:11:58 -0700 (PDT)
Received: by 10.52.121.111 with HTTP; Tue, 17 Mar 2015 07:11:58 -0700 (PDT)
Date: Tue, 17 Mar 2015 09:11:58 -0500
Message-ID: <CAKhHsXEcvr8W7qk3Czx1E+DqqVOk_8V_+Bn3ZB5yjXdf=7aGJQ@mail.gmail.com>
From: Alan Johnston <alan.b.johnston@gmail.com>
To: "tram@ietf.org" <tram@ietf.org>
Content-Type: multipart/alternative; boundary="20cf3033449db8f60d05117c8c7d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/VnuFE9nEu6cd7Sv_y1JuP8uNJMw>
Subject: [tram] Comments on draft-ietf-tram-stun-bis-01
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Mar 2015 14:12:14 -0000
All,
Here are some comments on STUNbis. Minor comments are listed below, but
the most important one is listed here:
Does the use of salted SHA256 for passwords match up with what is planned
for SIP? See:
https://tools.ietf.org/html/draft-yusef-sipcore-digest-scheme
Does H(A1) match up? Also, I'm not aware if this draft is moving forward:
https://tools.ietf.org/html/draft-veltri-sip-alt-auth
while the other one is under active discussion in SIPCORE and HTTPAUTH -
see https://tools.ietf.org/html/draft-ietf-httpauth-digest-update
I think it is important that STUNbis is aligned with the changes to digest
being worked on in SIP and HTTP.
- Alan -
Shouldn't STUNbis reference ICEbis instead of ICE?
I presume "obMatJos2" is just a random string used to indicate support for
STUNbis - it might be worth stating this in 9.2.3.
Section 11 Backwards Compatibility with RFC 3489: do we really need to
still be backwards compatible? Is anyone still using RFC 3489 that hasn't
upgraded? Do we leave ourselves open to any downgrade attacks by doing so?
Section 14 says only first of multiple attributes are processed. (“Any
attribute type MAY appear more than once in a STUN message. Unless
specified otherwise, the order of appearance is significant: only the first
occurrence needs to be processed by a receiver, and any duplicates MAY be
ignored by a receiver.”) I guess this rules out multiple ORIGIN
attributes, which is fine since we had chosen that path forward. However,
this means that no future STUN attributes can really appear more than
once. Do we need to emphasize this more?
In Section 14.2 what are the x's in |x x x x x x x x|?
The text in Section 15.3. Hash Agility Plan seems to be out of date now.
Section 17.5 says “The UDP port is not currently defined; however, it is
reserved for future use.” What port?
The change log says that STUNbis normatively references
draft-ietf-tram-stun-origin, but I don't see it listed in the references.
Perhaps a mention of ORIGIN in section 9.2 or 9.2.3 would be good, too.
- [tram] Comments on draft-ietf-tram-stun-bis-01 Alan Johnston
- Re: [tram] Comments on draft-ietf-tram-stun-bis-01 Marc Petit-Huguenin
- [tram] Sync STUN and SIP auth Simon Perreault
- Re: [tram] Sync STUN and SIP auth Marc Petit-Huguenin
- Re: [tram] Sync STUN and SIP auth Alan Johnston