Re: [tram] Alissa Cooper's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS)
Simon Perreault <sperreault@jive.com> Tue, 12 May 2015 17:00 UTC
Return-Path: <sperreault@jive.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40B441ACD0E for <tram@ietfa.amsl.com>; Tue, 12 May 2015 10:00:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6cT_8u337kgC for <tram@ietfa.amsl.com>; Tue, 12 May 2015 10:00:10 -0700 (PDT)
Received: from mail-qk0-f176.google.com (mail-qk0-f176.google.com [209.85.220.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D45B01ACD14 for <tram@ietf.org>; Tue, 12 May 2015 10:00:03 -0700 (PDT)
Received: by qkgx75 with SMTP id x75so10044749qkg.1 for <tram@ietf.org>; Tue, 12 May 2015 10:00:03 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=nKMvnqRpEjB1zvbGQUGnXLAOsFNf0QEY+/cO0lMwrAg=; b=R+Drp1E65K3UogwAWGwa0nLV69Ldpqjwkh27EumwUQXGEFT2xq98f528iwpWQQcUlN ejmXQMC3wMsV93cIipmDeExzMOwtGnra4KXvjStXnnOXy8I75qkLRC8kHAEYNnqcqTtQ LoXaLriqqI7E51faHpckt+gDFoUACfE3GyFIITgWTKEyjn3cYn/YG7nCNGMHUv1uJyee 3nxS9F/PUz3MaMlEQpMcuA4JjqUBbgjamtGlAaGmGhJCvKgi3NN1O1xQxpNirczilLoG JYScOdBZwBlTudD4AAlTznNU1lZi3VWgSo45SJ+m9PGNbhRyrZA0j8QNe8fYBZRSSB6W A5Ng==
X-Gm-Message-State: ALoCoQmcw2Z/DPgakFf/kHCNEyrgDQH/9mP1l8bM7G/ebQIOQ+Ht+26RdFAQxqVH+0kIbmurRTSn
X-Received: by 10.141.18.202 with SMTP id u193mr21636805qhd.16.1431450003101; Tue, 12 May 2015 10:00:03 -0700 (PDT)
Received: from [192.168.1.131] ([24.53.47.130]) by mx.google.com with ESMTPSA id 5sm13755258qgg.28.2015.05.12.10.00.00 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 12 May 2015 10:00:02 -0700 (PDT)
Message-ID: <5552318F.6050508@jive.com>
Date: Tue, 12 May 2015 12:59:59 -0400
From: Simon Perreault <sperreault@jive.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Alissa Cooper <alissa@cooperw.in>, Oleg Moskalenko <mom040267@gmail.com>
References: <20150511233012.17046.42319.idtracker@ietfa.amsl.com> <CALDtMr+x2Mi8v0jwFUscryccjc7Zf0o-mPo64S2dpHPqnnoXUA@mail.gmail.com> <A14F5400-21EB-4EE0-B988-CDA929EAE5A2@cooperw.in> <555153F0.4050204@cs.tcd.ie> <55522411.10104@jive.com> <55522D57.8090009@cs.tcd.ie>
In-Reply-To: <55522D57.8090009@cs.tcd.ie>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/sg6E4hPJWhf7NCOzznDJ7ckYEyg>
Cc: tram-chairs@ietf.org, "tram@ietf.org" <tram@ietf.org>, draft-ietf-tram-stun-origin.shepherd@ietf.org, draft-ietf-tram-stun-origin.ad@ietf.org, IESG <iesg@ietf.org>, draft-ietf-tram-stun-origin@ietf.org
Subject: Re: [tram] Alissa Cooper's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 May 2015 17:00:15 -0000
Le 2015-05-12 12:41, Stephen Farrell a écrit : >> In the case where a single entity controls the authentication databases >> for all tenants of a single server, you're right. However, that >> condition does not hold in general. That is, we really do need to >> properly handle username collisions across realms. > > Sorry, I'm really not getting that. It is not a name for > a person, at least in WebRTC, right? It is some name > agreed between the WebRTC JS code and the TURN server. And > I'd hope it ought change frequently if it matters at all > or else it'll be scraped from the JS (or debug tooling). What you say is true for WebRTC. A REST API for obtaining ephemeral usernames was even proposed: https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00 For SIP, however, usernames are not ephemeral, are not easily changed, and, depending on what client provisioning allows, are often constrained to be identical to the SIP username, while the realm is often constrained to be identical to the SIP domain name. WebRTC front-ends to SIP infrastructure could also have the same constraints. >> I'd appreciate if we could recognize that there is a problem with >> current practice, > > I believe I did that already. Sorry, I understood your last email as suggesting that username hacks made ORIGIN unnecessary. >> 1) Are those concerns identical or different from those applying to, >> e.g., the Host HTTP header, or the SNI TLS extension? If they're >> different, how are they different? > > They may or may not be different but doing something better also > may or may not be more tractable. And the world has changed since > e.g. SNI was defined. (There is also desire to hide SNI in the > TLS 1.3 handshake if possible. We don't know if it will be possible > or not but the desire is there and is real.) I'm all for discussing something better, but at the moment I don't know what that could be... Maybe it is obvious to security folks, but it is not to me! >> 2) Is there a proposal that could fix the privacy issue? So far I've >> seen IESG members pointing out the issue, authors acknowledging the >> issue, but no discussion of solutions. > > From my POV, that is the discussion we are having and that is not > yet done. Ok, I'm happy to continue then! :) Simon
- [tram] Alissa Cooper's Discuss on draft-ietf-tram… Alissa Cooper
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Oleg Moskalenko
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Alissa Cooper
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Yoakum, John H (John)
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Stephen Farrell
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Stephen Farrell
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Stephen Farrell
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Simon Perreault
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Alissa Cooper
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Spencer Dawkins at IETF
- Re: [tram] Alissa Cooper's Discuss on draft-ietf-… Alan Johnston