Re: [tram] draft-ietf-tram-stun-origin-06.txt review
Alan Johnston <alan.b.johnston@gmail.com> Thu, 19 November 2015 17:20 UTC
Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 823EE1B2DE6 for <tram@ietfa.amsl.com>; Thu, 19 Nov 2015 09:20:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2gQbG7OVIuOu for <tram@ietfa.amsl.com>; Thu, 19 Nov 2015 09:20:35 -0800 (PST)
Received: from mail-io0-x232.google.com (mail-io0-x232.google.com [IPv6:2607:f8b0:4001:c06::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A1B711B2DAE for <tram@ietf.org>; Thu, 19 Nov 2015 09:20:34 -0800 (PST)
Received: by ioir85 with SMTP id r85so96319009ioi.1 for <tram@ietf.org>; Thu, 19 Nov 2015 09:20:34 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RXIO8dzgjei+0B2UpCbvhI3XIsVVXpAagpgTvn9lNYE=; b=YwsGaMoNSuXX+gsFky9sIKMDab8v6IjC2xZ1pVPtKBCbm6+1eJ6E6Riwyu2g4tGBPy R+czP2L7+IuaC+Sw+4qNXBHDKVUnoqoBfIFGbIk6TDltozpxch3KA/fNqAmFPx4fffvy 1Mg6IFFnQ8ZS2qKYzcwJPXDOwshnYOKZNqZDWEonFGWfizE5K1wcwd9spXCwh65/STY5 z4oFFd0FxPiXIZfm4/QCSrdhrp7vu2Lqhtpz6PgpUtnSmznvju87IPzD4o6VNbQbZjKD x43+Tqd27IhQCJv7Yjsv+vLna4hBEukF846pSVnym//Jv+Vxxe8M+7abvIEG08+2wGA6 pPsQ==
MIME-Version: 1.0
X-Received: by 10.107.11.166 with SMTP id 38mr9811771iol.186.1447953633812; Thu, 19 Nov 2015 09:20:33 -0800 (PST)
Received: by 10.79.33.137 with HTTP; Thu, 19 Nov 2015 09:20:33 -0800 (PST)
In-Reply-To: <5642628C.2050400@akamai.com>
References: <56426125.20204@akamai.com> <5642628C.2050400@akamai.com>
Date: Thu, 19 Nov 2015 11:20:33 -0600
Message-ID: <CAKhHsXH0LH96CwnFqmUbzr1s6r3khh9TLa6=HwMCG6pRgTJYXg@mail.gmail.com>
From: Alan Johnston <alan.b.johnston@gmail.com>
To: Brandon Williams <brandon.williams@akamai.com>
Content-Type: multipart/alternative; boundary="001a113ed818feaa860524e7f9be"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/uTVAGfuGajg-EuO4sLHGrBwSv30>
Cc: "tram@ietf.org" <tram@ietf.org>
Subject: Re: [tram] draft-ietf-tram-stun-origin-06.txt review
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2015 17:20:43 -0000
Brandon, Thanks for sending your comments to the list. We'll get answers to you soon, along with some discussion about the HOST alternative that has been raised. - Alan - On Tue, Nov 10, 2015 at 3:33 PM, Brandon Williams < brandon.williams@akamai.com> wrote: > Here's the review that I promised to write up. Sorry I didn't get it out > before the meeting. > > I already raised my biggest concerns in the meeting last week, but will > repeat them for the list: > > * Although I understand the privacy concerns that have been raised, I > think that the new "Origin Matching Rules" makes the attribute enough > less useful that I likely would not implement support. We do some fairly > unique things for client-specific relay mapping, so I understand if I'm > in the minority on this point, and I don't consider the draft bad to > publish if there are enough others who still consider it useful with > this limitation. > > * I am concerned that some of the suggested uses for the attribute > provide an incentive to lie. I'm not convinced by the argument that the > system won't work if you lie, because there is no requirement to use > ORIGIN as a realm selector for auth purposes. As a result, the client > could lie in order to get through a related firewall restriction or to > get around a service limitation on the relay. > > OK, as for the minor comments ... > > S2.2 The new text requires the client to send ORIGIN in any case that > matches the constraints in S2.1. The old text only required it for web > origins and only recommended it for others. What's the reason for the > change? The section would benefit from a rationale for the MUST. > > S2.3 The same comment about changed requirements and providing a > rationale applies. > > S4 This probably should have occurred to me in earlier reviews, but I > now see that the Security Considerations section conflicts with the > requirements text in S2.2 and S2.3. The earlier sections require ORIGIN > to be sent in some messages where Security Considerations directly > allows it to be omitted if not using (D)TLS. It's a little confusing for > it to be expressed as required in one place and not required in another. > > > That's it. Please let me know if you have any questions about the above. > > --Brandon > > _______________________________________________ > tram mailing list > tram@ietf.org > https://www.ietf.org/mailman/listinfo/tram >
- [tram] draft-ietf-tram-stun-origin-06.txt review Brandon Williams
- Re: [tram] draft-ietf-tram-stun-origin-06.txt rev… Alan Johnston