Re: [tram] Secdir last call review of draft-ietf-tram-stunbis-16
Marc Petit-Huguenin <marc@petit-huguenin.org> Sun, 11 March 2018 13:55 UTC
Return-Path: <marc@petit-huguenin.org>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC163126D05; Sun, 11 Mar 2018 06:55:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.108
X-Spam-Level:
X-Spam-Status: No, score=-1.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RDNS_NONE=0.793, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A25aYAUy_WSx; Sun, 11 Mar 2018 06:55:19 -0700 (PDT)
Received: from implementers.org (unknown [92.243.22.217]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AF311201FA; Sun, 11 Mar 2018 06:55:19 -0700 (PDT)
Received: from [IPv6:2601:648:8301:730f:ac0b:c7cc:59a:561f] (unknown [IPv6:2601:648:8301:730f:ac0b:c7cc:59a:561f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "Marc Petit-Huguenin", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id CA1C3AE8D9; Sun, 11 Mar 2018 14:55:16 +0100 (CET)
To: Matthew Miller <linuxwolf+ietf@outer-planes.net>, secdir@ietf.org
Cc: draft-ietf-tram-stunbis.all@ietf.org, ietf@ietf.org, tram@ietf.org
References: <152063220998.11155.12669577501214588133@ietfa.amsl.com>
From: Marc Petit-Huguenin <marc@petit-huguenin.org>
Message-ID: <a9a7c497-3815-f022-f9a9-2fe53d3394f5@petit-huguenin.org>
Date: Sun, 11 Mar 2018 06:55:13 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <152063220998.11155.12669577501214588133@ietfa.amsl.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="JepqGcMYKMNSj0OfaJE8H9s7Wn8JeDWtk"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/a-u39QZo5NAxw6vR68vvOvF_2yg>
Subject: Re: [tram] Secdir last call review of draft-ietf-tram-stunbis-16
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Mar 2018 13:55:21 -0000
Hi, Thanks for the review. Please see inline. On 03/09/2018 01:50 PM, Matthew Miller wrote: > Reviewer: Matthew Miller > Review result: Has Issues > > [ I realize how unfortunate it is this arrives well past last call. > I beg forgiveness and ask that you accept the comments as you would > have if they arrived on time. ] > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should > treat these comments just like any other last call comments. > > Document: draft-ietf-stunbis-16 > Reviewer: Matthew A. Miller > Review Date: 2018-03-07 > IETF LC End Date: 2018-02-20 > IESG Telechat date: 2018-04-05 > > Summary: This document obsoletes 5389, adding some protection to > downgrade attacks against message integrity usage, as well > incorporating DTLS (over UDP). > > The document is mostly ready, but there are a couple of issues I > have. > > Major Issues: N/A > > Minor Issues: > > * I am wondering why a more robust password algorithm (key derivation > function) was not defined (e.g., HKDF-SHA-256) instead of or in addition > to, a simple salted "SHA-256" hash. Some amount of parameterization is > accounted for in the PASSWORD-ALGORITHM/S attributes. I think it is > perfectly fair and appropriate to take this issue as "asking for a quick > rationale (that maybe ought to be highlighted better in the document)" > over "use a real key derivation function". We proposed other algorithms to the Working Group but there was no consensus past using what we have today in the draft. We basically wanted to keep STUN aligned with HTTP Digest and SIP Digest as much as possible. Rereading both RFC 7616 and draft-yusef-sipcore-digest-scheme I can not find mention of using a key derivation function for these. Can you explain how that could be used with STUN (and potentially with HTPP and SIP)? > > * The description for 17.5.1. "MD5" list the key size as 20 bytes, but the > hash length of MD5 is 16 bytes (128 bits). I think this is merely a typo, > since the purpose appears to be for backwards compatibility with existing > systems. Fixed. > > * Both 17.5.1.1. "MD5" Section 9.2.2. "HMAC Key" (long-term credential) > and Section appear to define the same functional algorithm, but with subtle > syntax differences. As far as I can tell, they are actually the same > algorithm; would it not be acceptable to have Section 9.2.2 point to > Section 17.5.1.1 for the algorithm description? > > This is going into the IANA registry so I left things there. I fixed the discrepancy with section 9.2.2. I also fixed the definition of the key for SHA-256, which must use OpaqueString for the realm. -- Marc Petit-Huguenin Email: marc@petit-huguenin.org Blog: https://marc.petit-huguenin.org Profile: https://www.linkedin.com/in/petithug
- [tram] Secdir last call review of draft-ietf-tram… Matthew Miller
- Re: [tram] Secdir last call review of draft-ietf-… Marc Petit-Huguenin
- Re: [tram] Secdir last call review of draft-ietf-… Matthew A. Miller