[tram] some more nits in draft-ietf-tram-turnbis-27
Noriyuki Torii <torii0573@gmail.com> Thu, 11 July 2019 05:32 UTC
Return-Path: <torii0573@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 355B0120048 for <tram@ietfa.amsl.com>; Wed, 10 Jul 2019 22:32:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.454
X-Spam-Level:
X-Spam-Status: No, score=-0.454 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, PDS_NO_HELO_DNS=1.295, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WtH5gMpr9tF9 for <tram@ietfa.amsl.com>; Wed, 10 Jul 2019 22:32:51 -0700 (PDT)
Received: from mail-oi1-x234.google.com (mail-oi1-x234.google.com [IPv6:2607:f8b0:4864:20::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CC2E120018 for <tram@ietf.org>; Wed, 10 Jul 2019 22:32:51 -0700 (PDT)
Received: by mail-oi1-x234.google.com with SMTP id w196so3539169oie.7 for <tram@ietf.org>; Wed, 10 Jul 2019 22:32:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=XCSfKBMHlA5hK2+1ARxWGwAdPcacx//OaFGaqTmXbIg=; b=Pi/2seCuW/sTYwJL6U16Yt/5/CHevDdTgFJ6fRoYjlY0C0TNY/pttx1wEBvlgP4m7F BASMC6CqoGRwebEc9TE+UArh0gjsE1ADzdmv0g+TVMC6Ukbpzc830QqRiiPB/rKZTSCT l7uCHZdPSTlsWK1MU9ihCQzm++VeXDTir62sWGxaKTN5/MbCEvqMcOr+GZlB/rhyC3nG BjnTGCY5kz8SZE6TzJhanxAasEX184x7o5E1+sGY0jWSPXfuRpUoC2UrCwWZv6ZBuIXQ HvAzTlOpECen7POe5ikMezGLiSboOIGFecOtNHEdkdY7NMN3rKEZEGhWAQ1wPUSFPqJO +XWw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=XCSfKBMHlA5hK2+1ARxWGwAdPcacx//OaFGaqTmXbIg=; b=HzRtgXNepv08AkodpUqx2G/qg6NXzC2MxOXYoUtP4ayjSYhwdX6fTvIR4uJ9Mo0d9P D6iYxMT2DDV437IP/KFbdwz0rpVvYQXCKagdrB2nGheT/9QuYJ1XnsL6LaRSx+zVpk1+ VhasrEbiJVGSNNHk9kAlRIOYNkkrwN+XKrkWdU1rOG1L91E4aBluDfFC/6BkJsrEPJPn zVav4nyZBszYruceauyuQYmMP3ydxx+0hJGJHqhv4H8cB1q1vU1vlP9tMZbKsRL+AMTI DFI9NvY1gZC01VhclRKDsieUzc5vUO+ATWJNIF+EIkrCyH9YSuw+r7Kj6CGnicTkcv/r 7Tow==
X-Gm-Message-State: APjAAAXBqIJXLXJuu5BP81UdlHPprRDEDGRumoInXF+ZpFvXcMdwQ2p3 OPAxonGT0KF3zdF5Hd/SoPen/BhUafnA4/2xj2HiAd5R
X-Google-Smtp-Source: APXvYqz0Z3qfaYESrx0T27senZVbTx+kgfxYMSZ3q7/7/ZlSZar2dNA1sqxAhujJz57gKuDOfDTiMeFq6k7/ztyf/Rs=
X-Received: by 2002:aca:4bce:: with SMTP id y197mr1322244oia.38.1562823170659; Wed, 10 Jul 2019 22:32:50 -0700 (PDT)
MIME-Version: 1.0
From: Noriyuki Torii <torii0573@gmail.com>
Date: Thu, 11 Jul 2019 14:32:39 +0900
Message-ID: <CABEjbRLmB4S3ot70iLxrNmUx_2f1ato8X1kTHeby9LGske+mew@mail.gmail.com>
To: tram@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/gOhHg4j1VX-xoOtOj342SVM4EmM>
Subject: [tram] some more nits in draft-ietf-tram-turnbis-27
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Jul 2019 05:32:53 -0000
To whom it may concern,
I found some more points in draft-ietf-tram-turnbis-27, in addition to
my previos mail.
So I would like to report here. Hope this may help for improvements.
in page 67
TURN TURN Peer Peer
client server A B
| | | |
|--- Allocate request -------------->| | |
| Transaction-Id=0xA56250D3F17ABE679422DE85 | |
| SOFTWARE="Example client, version 1.03" | |
| LIFETIME=3600 (1 hour) | | |
| REQUESTED-TRANSPORT=17 (UDP) | | |
| DONT-FRAGMENT | | |
| | | |
|<-- Allocate error response --------| | |
| Transaction-Id=0xA56250D3F17ABE679422DE85 | |
| SOFTWARE="Example server, version 1.17" | |
| ERROR-CODE=401 (Unauthorized) | | |
| REALM="example.com" | | |
| NONCE="obMatJos2AAABadl7W7PeDU4hKE72jda" | |
| PASSWORD-ALGORITHMS=MD5 and SHA256 | |
| | | |
|--- Allocate request -------------->| | |
| Transaction-Id=0xC271E932AD7446A32C234492 | |
| SOFTWARE="Example client 1.03" | | |
| LIFETIME=3600 (1 hour) | | |
| REQUESTED-TRANSPORT=17 (UDP) | | |
| DONT-FRAGMENT | | |
| USERNAME="George" | | |
| REALM="example.com" | | |
| NONCE="obMatJos2AAABadl7W7PeDU4hKE72jda" | |
| PASSWORD-ALGORITHMS=MD5 and SHA256 | |
| PASSWORD-ALGORITHM=SHA256 | | |
| MESSAGE-INTEGRITY=... | | |
| MESSAGE-INTEGRITY-SHA256=... | | |
| | | |
|<-- Allocate success response ------| | |
| Transaction-Id=0xC271E932AD7446A32C234492 | |
| SOFTWARE="Example server, version 1.17" | |
| LIFETIME=1200 (20 minutes) | | |
| XOR-RELAYED-ADDRESS=192.0.2.15:50000 | |
| XOR-MAPPED-ADDRESS=192.0.2.1:7000 | |
| MESSAGE-INTEGRITY=... | | |
Above example shows the server's final response includes MESSAGE-INTEGRITY.
But the section 9.2.4 of STUNbis says
---
If these checks pass, the server continues to process the request.
Any response generated by the server MUST include MESSAGE-INTEGRITY-
SHA256 attribute, computed using the username and password utilized
to authenticate the request, unless the request was processed as
though PASSWORD-ALGORITHM was MD5 (because the request contained
neither PASSWORD-ALGORITHMS nor PASSWORD-ALGORITHM). In that case
the MESSAGE-INTEGRITY attribute MUST be used instead of the MESSAGE-
INTEGRITY-SHA256 attribute.
---
So, the final response in this diagram must include the MESSAGE-INTEGRITY-
SHA256, not the MESSAGE-INTEGRITY.
in page 71 (and subsequent diagrams ...)
TURN TURN Peer Peer
client server A B
|--- CreatePermission request ------>| | |
| Transaction-Id=0xE5913A8F460956CA277D3319 | |
| XOR-PEER-ADDRESS=192.0.2.150:0 | | |
| USERNAME="George" | | |
| REALM="example.com" | | |
| NONCE="obMatJos2AAABadl7W7PeDU4hKE72jda" | |
| MESSAGE-INTEGRITY=... | | |
| | | |
|<-- CreatePermission success resp.--| | |
| Transaction-Id=0xE5913A8F460956CA277D3319 | |
| MESSAGE-INTEGRITY=... | | |
The MESSAGE-INTEGRITY is utilized here nevertheless the
MESSAGE-INTEGRITY-SHA256 should be chosen in previous Allocate example.
As a result, the authentication strength is degraded.
Section 9.2.3.2 of STUNbis says
---
The client SHOULD
cache the username, password, realm, and nonce for subsequent
communications with the server. When the client sends a subsequent
request, it MUST include either the USERNAME or USERHASH, REALM,
NONCE, and PASSWORD-ALGORITHM attributes with these cached values.
It MUST include a MESSAGE-INTEGRITY attribute or a MESSAGE-INTEGRITY-
SHA256 attribute, computed as described in Section 14.5 and
Section 14.6 using the cached password. The choice between the two
attributes depends on the attribute received in the response to the
first request.
---
Thus, the example CreatePermission request must have the PASSWORD-ALGORITHM
and also the MESSAGE-INTEGRITY-SHA256, not the MESSAGE-INTEGRITY.
In fact, the PASSWORD-ALGORITHMS also would be required because any requests
having only the PASSWORD-ALGORITHM without the PASSWORD-ALGORITHMS will be
rejected by the server, according to the section 9.2.4 of STUNbis.
(Although the section 9.2.3.2 of STUNbis does not explicitly point it out.
I wonder it might be a nit of STUNbis.)
Likely, the example response must have the MESSAGE-INTEGRITY-SHA256 in place
of the MESSAGE-INTEGRITY.
These points will apply to all subsequent example diagrams which are involved
in authentication.
Please note that such a degradation may be regarded as a result of bid-down
attack therefore the request will be probably rejected by the server.
Best regards,
Noriyuki Torii
- [tram] some more nits in draft-ietf-tram-turnbis-… Noriyuki Torii
- Re: [tram] some more nits in draft-ietf-tram-turn… Konda, Tirumaleswar Reddy