Re: [tram] Alissa Cooper's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS)
Alissa Cooper <alissa@cooperw.in> Tue, 12 May 2015 00:52 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1F0D1B2AF7 for <tram@ietfa.amsl.com>; Mon, 11 May 2015 17:52:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TsYY7GFIfziR for <tram@ietfa.amsl.com>; Mon, 11 May 2015 17:52:19 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 838C41B2AE2 for <tram@ietf.org>; Mon, 11 May 2015 17:52:19 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 5DD5320AAB for <tram@ietf.org>; Mon, 11 May 2015 20:43:55 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Mon, 11 May 2015 20:43:55 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=6m+3q3/2GhDAKX1DYTfLG1dtzbw=; b=withay mQs76wiy+Pp//BvhhlZKk85bRd41Gf3VZvJI9g+yo07fN0PVuUaetZ4CA6TAYXn0 YZiUxx/R9FE0fTY54z/4qFaQLaTvHlaXnl7FJfAQtuEJpHBeYC3w52Txrts4OeI+ W2Zdv9giN8NCSg3rU3SllpkVUwdBXHlDiaZyM=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=6m+3q3/2GhDAKX1 DYTfLG1dtzbw=; b=c5RWRG4dvzElg9B3xGbo+nrjcn3IULRntekOfTWgm51qNel HqP85BcvvJcaBkM5zxFo0q9eGTaHNURtDknk7YJFGKzDdeEkW4QpOZQWoDlfahVb ZomqZP6bE+0a1vf0xrbHNkbc7W5Gi+cMyrxk64OWAaSOfRaS2mjGRecPLBAU=
X-Sasl-enc: wFB9Z0t0DAJfb7PH4CK3YrXZ2zO6DkF3wVgLzcit4FDU 1431391435
Received: from sjc-alcoop-8817.cisco.com (unknown [128.107.241.181]) by mail.messagingengine.com (Postfix) with ESMTPA id 0CFDE6800FE; Mon, 11 May 2015 20:43:52 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <CALDtMr+x2Mi8v0jwFUscryccjc7Zf0o-mPo64S2dpHPqnnoXUA@mail.gmail.com>
Date: Mon, 11 May 2015 17:43:53 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <A14F5400-21EB-4EE0-B988-CDA929EAE5A2@cooperw.in>
References: <20150511233012.17046.42319.idtracker@ietfa.amsl.com> <CALDtMr+x2Mi8v0jwFUscryccjc7Zf0o-mPo64S2dpHPqnnoXUA@mail.gmail.com>
To: Oleg Moskalenko <mom040267@gmail.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/j_t927pz3NOfnnxUiIjlBzGPuAw>
Cc: tram-chairs@ietf.org, "tram@ietf.org" <tram@ietf.org>, draft-ietf-tram-stun-origin.shepherd@ietf.org, draft-ietf-tram-stun-origin.ad@ietf.org, Simon Perreault <sperreault@jive.com>, IESG <iesg@ietf.org>, draft-ietf-tram-stun-origin@ietf.org
Subject: Re: [tram] Alissa Cooper's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2015 00:52:20 -0000
Hi Oleg, On May 11, 2015, at 4:45 PM, Oleg Moskalenko <mom040267@gmail.com> wrote: >> >> For requests sent with authentication, I understand that the origin >> attribute needs to be accurate in order for the client to authenticate. >> In those cases, the STUN server can rely on the attribute it receives. >> But for requests without authentication, what prevents the client from >> lying? > > if the client is lying, then the request will not be authenticated and > it will be rejected - because the client's credentials will be > incorrect. My question was about requests without authentication, as I said. I assume the origin is not used for authentication in that case, since authentication is not performed. > I see that many people cannot grasp that very simple > concept. I would appreciate if you would use a more respectful tone in the future. Thanks, Alissa > There is no benefits in lying in this case. Think about > ORIGIN as simply a logical virtual database name where the user > account will be searched and against that database the credentials > will be verified. This information is not sensitive, and lying is not > giving you any unjust benefits. The only outcome that you can achieve > by lying is screwing your own request - that's it. > >> And if those requests are not (D)TLS-protected, what prevents them >> from being modified in transit? I understand Alan to be saying that the >> justification for the origin in this case is operational troubleshooting, >> but if the server can't rely on the origin it receives, doesn't that make >> it risky for the server to act on that information? > > No, as I explained above. > >> >> My additional concern is about the use of "logging" as a justification >> for including and origin attribute. Logging in and of itself is not a >> reasonable justification. > > Why ? > >> Alan's mail discussed the use of the origin for >> operational troubleshooting, which seems like what might actually be >> intended instead of "logging." In any event the purpose for the logging >> either needs to be explained or "logging" should not be listed as a >> justification. > > Why ? > >> >> >> >> >> _______________________________________________ >> tram mailing list >> tram@ietf.org >> https://www.ietf.org/mailman/listinfo/tram
- [tram] Alissa Cooper's Discuss on draft-ietf-tram… Alissa Cooper
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Oleg Moskalenko
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Alissa Cooper
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Yoakum, John H (John)
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Stephen Farrell
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Stephen Farrell
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Stephen Farrell
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Alissa Cooper
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Spencer Dawkins at IETF
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Alan Johnston