Re: [tram] Benjamin Kaduk's No Record on draft-ietf-tram-stunbis-16: (with COMMENT)
Rohan Mahy <rohan.mahy@gmail.com> Thu, 03 May 2018 00:44 UTC
Return-Path: <rohan.mahy@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 043E8127275; Wed, 2 May 2018 17:44:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R89AuwrEs-Oq; Wed, 2 May 2018 17:44:02 -0700 (PDT)
Received: from mail-vk0-x244.google.com (mail-vk0-x244.google.com [IPv6:2607:f8b0:400c:c05::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FCC2127241; Wed, 2 May 2018 17:44:02 -0700 (PDT)
Received: by mail-vk0-x244.google.com with SMTP id g72-v6so5810283vke.2; Wed, 02 May 2018 17:44:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=Af7lxBqQW6I0gm5ib8/3WaY9p0XlNF8plzzIIHtv7fo=; b=o8VoGR2CnTxINHm/L12iPpfpuoYRde8NEXnUXXQk6ad9+ELgizXIGuqZb4SA/lCCCS x+hDJO91d6OWAhtBE0hAyfXZDxrRjPSeET61ePQIiu3ARvckQ9cs//SFkVAtYxyPQRGp 6ETq6/o45jUpCFwE3j9n6mDhLOLglaSPP8ZWEWM6bxmhnHi5xsPcz2XFkF60DZe79uro xc+63m4gN4645B8kWXxS+x361p1y+Ww4XXy1LPjVKxZfM1doJ2Ey+m4brDJzodEQtQ1f BAg6EaLAv+JDXadUV7N8CjcSDGWUGgnzdVJ89FtvRlohvbteO1j4NM12QU0xELtDbB1R MPQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=Af7lxBqQW6I0gm5ib8/3WaY9p0XlNF8plzzIIHtv7fo=; b=qrI6iFpk0rZU125xmLGw29Ufxcas2QI8q6vmLXHObTeqGbThC5GteKSGau8i3Upo3i peadbDEDEsEROitl++fChSew2E58HG1a4jQfnlEx+7osskUhCkhzsISx3bESkCLMEJCS ifJ8yshjAph96pHNrfzDLVHLRTbTz4yeCRct4tCfrS7tO7aNAftBvf6gGTHLNwiBT8Ae IT4zWHS64FrSZWGNlZjlINVwX5rNUKW3PVLrHXkEUPRx3dr+1RrxKaBg+B1UoIcYrUr9 VN88l23f/zwgWyw/zIUn7nMny1Vg0RscdOboJd+ZSJw9DATezJ2ypvGnB29SFlmDmXz6 jlJA==
X-Gm-Message-State: ALQs6tA5bBlPGUJ1Vvne9X4rRsO8shh+6DwezWCWk2fLUUkYxNGitVbz 5lTK8JJo/9sy5Jer9oflEs4/j/MV/j0lv+yo6NU=
X-Google-Smtp-Source: AB8JxZqnvOwJrOkTopITUvu/lCQVgBqvE5X3hP3VsQbGpyKb5gwu3gtaUgUjGtok4g9u1quJqDvO9LfijFkvQNeeNUc=
X-Received: by 2002:a1f:954c:: with SMTP id x73-v6mr14535010vkd.129.1525308241082; Wed, 02 May 2018 17:44:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.103.112.66 with HTTP; Wed, 2 May 2018 17:44:00 -0700 (PDT)
In-Reply-To: <152410023763.28841.5479872591399614102.idtracker@ietfa.amsl.com>
References: <152410023763.28841.5479872591399614102.idtracker@ietfa.amsl.com>
From: Rohan Mahy <rohan.mahy@gmail.com>
Date: Wed, 02 May 2018 17:44:00 -0700
Message-ID: <CAKoiRubiargH3eo66em57KY8xfk6sg9sUN5OwekoFwi9R=H5bQ@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, draft-ietf-tram-stunbis@ietf.org, Gonzalo Camarillo <Gonzalo.Camarillo@ericsson.com>, Tolga Asveren <tasveren@rbbn.com>, tram-chairs@ietf.org, tram@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e1fda8056b427f7e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/dal4yeSz-Q1H5JFuhr988G18wLc>
Subject: Re: [tram] Benjamin Kaduk's No Record on draft-ietf-tram-stunbis-16: (with COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 May 2018 00:44:04 -0000
I had a quick question about your comment on stale nonce error handling (below). If I were implementing, I would check if the nonce was fresh before checking if the password was valid. Would this potential attack be prevented if a stale nonce MUST return a 438 response whether or not the password is correct? Thanks, -rohan > The Stale Nonce behavior seems potentially worrisome, in that it > opens up a side channel for a distinguishing attack, > between a 401 and 438 response. (That is, "password correct" vs. > "password incorrect".) The impact seems rather muted, though, since > the gain to the attacker is to be able to precompute a bunch of > requests using a nonce of the attacker's choosing and blindly replay > the precomputed object against (possibly multiple) servers looking > for a guess. The realm and username are still in play, so the scope > for the attacker to gain from the precomputation seems limited. > (The same level of brute-force guessing can be obtained "live" just > by computing the trial responses against a live server, using a > valid nonce.) So, while it might be nice to give guidance that 438 > should only be used when the server can validate that it did > generate the nonce and the nonce was valid "recently", and to treat > other cases as authentication failures, it's not clear to me that > there's enough of a benefit from the change to make it worth doing. >
- [tram] Benjamin Kaduk's No Record on draft-ietf-t… Benjamin Kaduk
- Re: [tram] Benjamin Kaduk's No Record on draft-ie… Marc Petit-Huguenin
- Re: [tram] Benjamin Kaduk's No Record on draft-ie… Rohan Mahy
- Re: [tram] Benjamin Kaduk's No Record on draft-ie… Benjamin Kaduk
- Re: [tram] Benjamin Kaduk's No Record on draft-ie… Benjamin Kaduk