[tram] STUN Origin Security Considerations
Brandon Williams <brandon.williams@akamai.com> Wed, 19 November 2014 01:25 UTC
Return-Path: <brandon.williams@akamai.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C69201ACE30 for <tram@ietfa.amsl.com>; Tue, 18 Nov 2014 17:25:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.794
X-Spam-Level:
X-Spam-Status: No, score=-1.794 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.594] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cTmyolnnleIQ for <tram@ietfa.amsl.com>; Tue, 18 Nov 2014 17:25:02 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (prod-mail-xrelay07.akamai.com [72.246.2.115]) by ietfa.amsl.com (Postfix) with ESMTP id B5F6E1ACE2E for <tram@ietf.org>; Tue, 18 Nov 2014 17:25:02 -0800 (PST)
Received: from prod-mail-xrelay07.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id E095F47529 for <tram@ietf.org>; Wed, 19 Nov 2014 01:25:01 +0000 (GMT)
Received: from prod-mail-relay06.akamai.com (prod-mail-relay06.akamai.com [172.17.120.126]) by prod-mail-xrelay07.akamai.com (Postfix) with ESMTP id CF19947504 for <tram@ietf.org>; Wed, 19 Nov 2014 01:25:01 +0000 (GMT)
Received: from [172.28.115.172] (bowill.kendall.corp.akamai.com [172.28.115.172]) by prod-mail-relay06.akamai.com (Postfix) with ESMTP id 618A52036 for <tram@ietf.org>; Wed, 19 Nov 2014 01:25:01 +0000 (GMT)
Message-ID: <546BF16D.2030004@akamai.com>
Date: Tue, 18 Nov 2014 20:25:01 -0500
From: Brandon Williams <brandon.williams@akamai.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: "tram@ietf.org" <tram@ietf.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/tram/uVTyjN7rqzzwdJHAMlpAisvjDRg
Subject: [tram] STUN Origin Security Considerations
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Nov 2014 01:25:04 -0000
Hi all,
In the meeting, I promised to follow up on this with a note to the list.
Text in the current draft states the following:
The STUN ORIGIN attribute also has privacy implications in that the
origin information is shared with a STUN or TURN server which
otherwise might not know this information. This information could be
used to track usage of real-time communication services. A STUN or
TURN server will always know the public IP address of each user, but
the ORIGIN attribute provides more information about which service or
provider is being used. The particular STUN and TURN servers used
are selected by the real-time communications service provider (i.e.
the web provider for WebRTC or the SIP or XMPP service provider). In
addition, they are usually also run by the same provider, or by a
trusted partner, especially for TURN. However, a service or provider
using a public STUN server needs to recognize that the operator of
the public STUN server will learn the identity of the service or
provider through this extension.
The last three sentences give the impression that the privacy concern
does not apply to TURN servers, only to STUN servers, because TURN
servers are more likely to be run by the application provider or a
trusted partner of the application provider. This might not be true for
auto-discovered, public, and other types of untrusted 3rd party TURN
servers. The draft refers to "public STUN server" privacy implications,
but I think the language could be broadened to cover all untrusted 3rd
party relay servers.
I propose the following minor modifications to the text, which I think
clarify the intent. My changes are inclosed in [ ].
The particular STUN and TURN servers used are [usually] selected by
the real-time communications provider ...
However, a service or provider using an [untrusted third party] STUN
[or TURN] server needs to recognize that the operator of the
[third party] STUN [or TURN] server will learn the identity of the
service or provider through this extension.
Does this seem reasonable?
--Brandon
--
Brandon Williams; Senior Principal Software Engineer
Emerging Products Engineering; Akamai Technologies Inc.
- [tram] STUN Origin Security Considerations Brandon Williams
- Re: [tram] STUN Origin Security Considerations Oleg Moskalenko
- Re: [tram] STUN Origin Security Considerations Alan Johnston
- Re: [tram] STUN Origin Security Considerations Simon Perreault
- Re: [tram] STUN Origin Security Considerations Tirumaleswar Reddy (tireddy)