Re: [tram] Fwd: Re: [rtcweb] draft-schwartz-rtcweb-return
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Wed, 08 April 2015 12:41 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A938E1A1A9E for <tram@ietfa.amsl.com>; Wed, 8 Apr 2015 05:41:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -12.211
X-Spam-Level:
X-Spam-Status: No, score=-12.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MANGLED_TRNFER=2.3, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id K_lPWdZ2BYRt for <tram@ietfa.amsl.com>; Wed, 8 Apr 2015 05:41:00 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DC82E1A1A9A for <tram@ietf.org>; Wed, 8 Apr 2015 05:40:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=3209; q=dns/txt; s=iport; t=1428496859; x=1429706459; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=9A6ODN+Tqab8SyBdXrVy7EKW2KA03cKwWeM2M6SgGM4=; b=hoHV0bEDy5yXY2MxC8cNMCOp/0h6kJXNVmcDp/pXRpTN2Y265xQGB9Wq DVdf0dtBtLBBxJYAVo+4ybp35sq2slWs+kICkIDrX2uC5RlEpNXno0rjw Aw50mN6ou0PQFMn5L2JdyjOBXU+9KSpMWKz0MfTqLI5NZJl8ORVwMrW1i 8=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0CuBQBBISVV/5BdJa1cgwhSXAXDA4I3DIUtTgKBKUwBAQEBAQF+hB8BAQEDAQEBAQliFwQCAQgOAwQBAQEKHQcnCxQJCAIEARIIAYgZCA3LagEBAQEBAQEBAQEBAQEBAQEBAQEBAReLK4QkDRo4BoMRgRYFinaFfoN4hyw6jzqDSiKDb2+BA0F/AQEB
X-IronPort-AV: E=Sophos;i="5.11,544,1422921600"; d="scan'208";a="2295471"
Received: from rcdn-core-8.cisco.com ([173.37.93.144]) by rcdn-iport-8.cisco.com with ESMTP; 08 Apr 2015 12:40:59 +0000
Received: from xhc-aln-x06.cisco.com (xhc-aln-x06.cisco.com [173.36.12.80]) by rcdn-core-8.cisco.com (8.14.5/8.14.5) with ESMTP id t38CexR7008361 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Wed, 8 Apr 2015 12:40:59 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.175]) by xhc-aln-x06.cisco.com ([173.36.12.80]) with mapi id 14.03.0195.001; Wed, 8 Apr 2015 07:40:58 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Simon Perreault <sperreault@jive.com>, "tram@ietf.org" <tram@ietf.org>
Thread-Topic: [tram] Fwd: Re: [rtcweb] draft-schwartz-rtcweb-return
Thread-Index: AQHQcZcf28hxyyH3AUSBICjncygYyZ1DWjmA//+ykyA=
Date: Wed, 08 Apr 2015 12:40:58 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A411FE350@xmb-rcd-x10.cisco.com>
References: <6042868B-57EB-4C5A-B93E-C58D846E14E4@cisco.com> <55251A5B.5040909@jive.com>
In-Reply-To: <55251A5B.5040909@jive.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [173.39.67.245]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/p_DEcc6pU1kIICLACWRyuYzbN6I>
Subject: Re: [tram] Fwd: Re: [rtcweb] draft-schwartz-rtcweb-return
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Apr 2015 12:41:01 -0000
> -----Original Message----- > From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Simon Perreault > Sent: Wednesday, April 08, 2015 5:39 PM > To: tram@ietf.org > Subject: [tram] Fwd: Re: [rtcweb] draft-schwartz-rtcweb-return > > TRAMsters, > > I'd like to see some discussion on how this impacts the server-discovery > draft. This part in particular... > > "endpoints MUST NOT implement a configuration based on > unauthenticated > network multicast (e.g. mDNS)" > > ...seems at odds with what was decided in Dallas (i.e., define mDNS > discovery). > > Thoughts? Yes. After TURN server is discovered using mDNS, client must authenticate the TURN server to avoid some malicious host advertising that it offers TURN service. Further mDNS http://tools.ietf.org/html/rfc6762#section-21 also refers to using DNSSEC so that the client can ensure that the service is provided by a trusted participant and not a rouge participant. -Tiru > > I see having a coherent story for return and server-discovery as somewhat > required... > > Simon > > -------- Message transféré -------- > Sujet : Re: [rtcweb] draft-schwartz-rtcweb-return Date : Wed, 8 Apr 2015 > 00:58:29 +0000 De : Cullen Jennings (fluffy) <fluffy@cisco.com> Pour : > rtcweb@ietf.org <rtcweb@ietf.org> > > > > On Mar 26, 2015, at 9:20 AM, Cullen Jennings <fluffy@cisco.com> wrote: > > > > I'd like to point out that the combination of ietf-tram-turn-server-discovery > and draft-schwartz-rtcweb-return allow any network you are connected to > more or less MITM your media and do things like rate limit it, generate > analytics on who you are talking to, force your traffic through an > intermediary that is in a different legal jurisdiction and so on. > > We discussed this after the meeting and came up with a way to resolve this > concern. Benjamin has added some text to the -06 to that specifically > addresses this issue > > http://www.ietf.org/rfcdiff?url1=draft-schwartz-rtcweb-return-05&url2=draft- > schwartz-rtcweb-return-06 > > This completely deals with the issue I raised and with that change I support > adopting this as a WG document. > > After adoption, I think the WG should consider if any text is needed around > the issue of TURN credentials. (If you run TURN with no credentials and an > attacker can spoof the IP address in UDP packets, you can end up with the > TURN servers in a nasty forwarding loop that allows an huge amplification > factor for an attacker trying do DOS the turn servers - this is still possible > with authentication but you know who to blame. When TURN was first done > with was one of the reason TURN requires auth and STUN does not). > However, I believe this issue can solved and should not block adopting the > draft. ) > > Cullen > > > > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb > > > _______________________________________________ > tram mailing list > tram@ietf.org > https://www.ietf.org/mailman/listinfo/tram
- [tram] Fwd: Re: [rtcweb] draft-schwartz-rtcweb-re… Simon Perreault
- Re: [tram] Fwd: Re: [rtcweb] draft-schwartz-rtcwe… Tirumaleswar Reddy (tireddy)
- Re: [tram] Fwd: Re: [rtcweb] draft-schwartz-rtcwe… Benjamin Schwartz
- Re: [tram] Fwd: Re: [rtcweb] draft-schwartz-rtcwe… Tirumaleswar Reddy (tireddy)
- Re: [tram] Fwd: Re: [rtcweb] draft-schwartz-rtcwe… Martin Thomson