Re: [tram] [Technical Errata Reported] RFC8489 (6268)
Magnus Westerlund <magnus.westerlund@ericsson.com> Mon, 28 September 2020 14:37 UTC
Return-Path: <magnus.westerlund@ericsson.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F6473A121E for <tram@ietfa.amsl.com>; Mon, 28 Sep 2020 07:37:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.3
X-Spam-Level:
X-Spam-Status: No, score=-3.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-1.2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XiBJokJd31tE for <tram@ietfa.amsl.com>; Mon, 28 Sep 2020 07:37:00 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2083.outbound.protection.outlook.com [40.107.20.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 582CC3A0F3D for <tram@ietf.org>; Mon, 28 Sep 2020 07:37:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KX2Di0J0bFMnVJHd6Irlw9gb8q0iaYfcgCwopay245cZXKyEeQpjZJIdFJyYLv5fVwHZkdakZ8VP3/gO41dtcRy6Pk7H42jj/L5JsSJAdATb07PfsoytFjz8vvidoZzWJ9B5/oYK2P6mVLxDkqh+CVAPnh/4UE2sKYiZaAa3soAzcYcer7Qri/cEV74AJPf6qBL7hP++4V7AhrU9KIAY+m3zx3R97iDq3HqeYHYvkQ4TcYZLMaJjn64+y011s+4zV7WZch/bhoYMVvYJFP1GX53X8MAAft5KHZaBUbdCZMBKvCdPWiqLjOgY5by4gOjunF40yHdLR0bt3gfHQHUbGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V21C8zWIzpe9KKiO3ZNutGt7wnVNty+HrA6XlMm8V1w=; b=Bw9qywkmSBnVQRmzfRtXau126Qg5+APssLprPfejFyd45K8k8wq+2x0IeUJG6MA2QUIpQ9/wlmyUXC7jj6hBvsEJs1zQ/w2VQO7d7SblqRmXwNqcXcbjrY162euotLnC9eLunCdAymL/XG/EBeP+61/30tiLruCKv7eVsh1kIEDLJ8LOCohk+rr0LaWyRGWanZZHMtZRSl5Jw2cHeumu2cP/IgepEyag43d1TB9xErEPiAAwuLWzb7w9lk3jmUxlaJcMR2DckhS4Oa/H35Yc5q7qt6jQrgWWMmACGjwq39+jmyoUrCfKu1CYDyhUY0t/Q/4MrcSicO+D9xIwlv/zlw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=V21C8zWIzpe9KKiO3ZNutGt7wnVNty+HrA6XlMm8V1w=; b=HTa5OmoJcfxOU+2093mkKFKyThxCpfqi5GUiaFQkvNhnEBE0rhbkv/k2KlgXBhOR5WsJ8z2Y5CNcUvCuwa4/WNVZwZlI/Y2M6+HGvrB8zRiVGS4mYEpNKOh5KDSlJ7uJBOWAQ+En7p194hNmRv4XnV4EzXA1WppnLD/i4XQsFZo=
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com (2603:10a6:7:8e::14) by HE1PR0702MB3770.eurprd07.prod.outlook.com (2603:10a6:7:84::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3433.20; Mon, 28 Sep 2020 14:36:52 +0000
Received: from HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::c98a:9a0c:1eea:3fdc]) by HE1PR0702MB3772.eurprd07.prod.outlook.com ([fe80::c98a:9a0c:1eea:3fdc%6]) with mapi id 15.20.3433.030; Mon, 28 Sep 2020 14:36:52 +0000
From: Magnus Westerlund <magnus.westerlund@ericsson.com>
To: "petithug@acm.org" <petithug@acm.org>, "renthraysk@gmail.com" <renthraysk@gmail.com>
CC: "jdrosen@jdrosen.net" <jdrosen@jdrosen.net>, "tram@ietf.org" <tram@ietf.org>, "martin.h.duke@gmail.com" <martin.h.duke@gmail.com>, "dwing-ietf@fuggles.com" <dwing-ietf@fuggles.com>, "philip_matthews@magma.ca" <philip_matthews@magma.ca>, "rohan.ietf@gmail.com" <rohan.ietf@gmail.com>
Thread-Topic: [tram] [Technical Errata Reported] RFC8489 (6268)
Thread-Index: AQHWfuF5dRZ7aF/vA0OYP087ogZzZKlSU3kAgAAfVoCAAS6igIAJpSSAgAARDgCAAA2PgIAAAGWQgAACowCACswlAIAAGeGAgAASQACADgqBAIAALMwAgAKNPoCABN/GAIAARwUA
Date: Mon, 28 Sep 2020 14:36:52 +0000
Message-ID: <404d19bd2192de644dbc61c64e82605c96446450.camel@ericsson.com>
References: <20200830152251.37CA9F4076B@rfc-editor.org> <bd82edbe82f83f7c92c6cb21924951d35132768f.camel@ericsson.com> <B09AFC19-A790-46C5-A97B-69572411A229@cisco.com> <7bbe51fd9a5a226752597825f276f6baad70add7.camel@ericsson.com> <f48eb512-5c17-20bd-dfd6-2d368e9fd4b9@petit-huguenin.org> <CABNgG1g3Tx1QroP+eo+WeQXxD2XPvf+n67pekBqRi8+QzgX8_Q@mail.gmail.com> <65838ad3-7ee9-3339-1326-8c2d212f6fa6@petit-huguenin.org> <HE1PR0702MB3772F26F7B3E91B8DC6982D695280@HE1PR0702MB3772.eurprd07.prod.outlook.com> <d0498051-d762-855d-bf74-d65a8bdf88da@petit-huguenin.org> <b3cae3bd-2b7f-d8c5-fcb4-55be9f11a3ce@petit-huguenin.org> <CABNgG1hzNyM-qqCpprXBUJ4y-X7OOMZHK72wpPL_rJ+TLXrz-g@mail.gmail.com> <4803aae689ab3839beb9f2a65762001495bc31f8.camel@ericsson.com> <4fb78f8080c69a727fb392d1c4462ffa63fe45c2.camel@ericsson.com> <CABNgG1gXeekROCX4_aHo4RYX8fZg6b967AZEPRRhxTH9PxQdGA@mail.gmail.com> <78fdd4cae92837f303b13e5d9412467fdecca870.camel@ericsson.com> <1b3ee8eb-1d0b-4991-e6c1-f65dd2d4154a@acm.org>
In-Reply-To: <1b3ee8eb-1d0b-4991-e6c1-f65dd2d4154a@acm.org>
Accept-Language: sv-SE, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Evolution 3.28.5-0ubuntu0.18.04.2
authentication-results: acm.org; dkim=none (message not signed) header.d=none;acm.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [158.174.130.68]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 968c87ac-594c-45d6-9e2e-08d863bbf117
x-ms-traffictypediagnostic: HE1PR0702MB3770:
x-microsoft-antispam-prvs: <HE1PR0702MB3770B0F9C365D7812DC1971C95350@HE1PR0702MB3770.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: pixd1fjfZyIq4dAIaJJYHSr8DL4o6neadnSZhp9OMnLIZJXXuP8JXWmwN0EX0/mN/lD2vSLehK+VtOtRgNE+6rMTrA+35szes9gvdWbIV24jt6wh6fqeDO7RbyyYuIlUdsf5MwqEb56J0IayYUSs7HBIP4/6IwZQJzVEkMwpU2AiY2DgCGDa6e0CKYxyMw+G2l4OoypRRof8zF24E5D+5LKnVrKrWq6BpH8Pi25fS3dYZFB/4HPgHZmhiTAEK6k2lERlmKD8R7P0+D+jC+PnBsBInTMY5V6xm2XW6Hh3s/Y0VflxIXKT+wPOW1ROC4qiECOl+lNT80sFndyf77pgfOxjNZs/SmnxrJXBfKu/ekWTnY2ZdepIXuy2grQpUIJuV4Ah0cn2DFHryMF6XosRLtB380xcMwQ3aNvhVwLbtKBhaMBgnajFSvZxvVfr2Q/YQadY0zgICXtZgN23IWcOGg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3772.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(346002)(366004)(396003)(376002)(136003)(186003)(83080400001)(2906002)(36756003)(6512007)(44832011)(966005)(30864003)(8676002)(5660300002)(4326008)(26005)(6506007)(53546011)(66946007)(76116006)(16799955002)(86362001)(8936002)(478600001)(66446008)(110136005)(64756008)(2616005)(66556008)(83380400001)(54906003)(316002)(66476007)(6486002)(71200400001)(99106002)(579004); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: /d76pakRUzDXHvv7tqqJirgUQSbxbaMJwgGAyP7z3EriW+Eqdy5WmMjCE6Ow3gJUslZsy3w9wQJKfseDpLZeFId/Fbn5ihNk7zkriL34s4tDXEXv4ehPgqLVpYBeuosz8RltsEB/ajy6j7KXVsuw0cPTpSuaYk+ZeJc1qKXoC641OMTvfVi0o7Bo3AvFfsmrtn2+ttw7sroc2bOWBBgYcBzDW5xFIpL3rN1xP1XSKSOZ1uOYO304xVyowC7WRMdR4K3Iz1LH0Uu56Su0fd8aAj9P2hFDBwtxcg5OFqASHjPVcJ3AG3RD78bq+NyAry9slpar6A5BoMu0Puy/GLU7GDc0R4+iwPhaDms8qX0gegyBkh35KyHYvcw1kcafXQChtjeTBY69FeEc1+VNdloslu27IdWgnB2IJ0WWgo6AIwrZk37c0XZPnKukDY/1AjeUIWn4Nz0bjxDojdzEgRd9qLJ5RD1W2r/2StBhIJBY/I8HgCMINrrbX5RCAtLLWiqs7nH9MFhV8/XKlEi+riW0IZ/6du8dnm5PSqnIe1z/hqILlHfTDHrbdtBm0pdfJyTkIzE+p08oKXc77VZYcde+FW7FUua139ihecJEhv4p9IaVgyYzMLJgKsRN41JDlxyBnit4IdhK6dhyf7ZTmG/vPg==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <52AB82408F6FE846A1C0AE9620BC7E75@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3772.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 968c87ac-594c-45d6-9e2e-08d863bbf117
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Sep 2020 14:36:52.5697 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oyYTnwhg4HOXtLRD6NmfEPTUg5zuvOz7RdDBwx0C9ktF8zCMR5mO37AOUnDGXq2uCg50Ir5OSs73kZsxXTYUzMqrZUtueI0Z0iVGU8O+tc0=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3770
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/vwKo7s2esxrXbyvL4yAWxppMeqI>
Subject: Re: [tram] [Technical Errata Reported] RFC8489 (6268)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Sep 2020 14:37:04 -0000
Hi, A question here. Is the key used in the MESSAGE-INTEGRITY-SHA256 the MD5 derived one, or one derived using SHA256? If it is the former, then fine the lets just add a sentence of clarification as the option exist. But, Jared's previous comments appear to indicate the the key for the HMAC-SHA256 used in the intergrity was derived using SHA256. If it is the later, then I don't see any option than to include the password algorithm attribute and its algorithm indicator as it is a necessary component to correctly derive the key and thus being able to verify the MESSAGE-INTEGRITY. I am just trying to ensure that the necessary information to be able to take this as test vector for this specific purpose actually works. But I think it needs to follow the updated version of STUN this RFC actually describe, not the old one. Cheers Magnus On Mon, 2020-09-28 at 03:22 -0700, Marc Petit-Huguenin wrote: > I do not concur. > > Appendix B clearly states that this test vector augments the ones in RFC 5769, > and RFC 5769 also clearly states in its abstract that "[t]he content of some > of these [attributes] -- FINGERPRINT, MESSAGE-INTEGRITY, and XOR-MAPPED- > ADDRESS -- involve binary-logical operations (hashing, xor). This document > provides test vectors for those attributes." > > In other words this is not an example of STUN message, but an example of > attributes encoding, namely USERHASH and MESSAGE-INTEGRITY-SHA256. > > So it does not matter if the message is incorrect, it still fulfills the > reason it was created which is to show a correct encoding of these > attributes. Even the message length errata is not really necessary, as the > MESSAGE-INTEGRITY-SHA256 was still correct. > > Now there may be a need for a separate document that contains STUN and STUN > usages call flows, with correctly encoded messages, but that's a completely > different topic. > > On 9/25/20 12:56 AM, Magnus Westerlund wrote: > > Hi Jared, > > > > Thanks for the clarification. Section 9.2.3.2. (Subsequent Requests) states > > > > When the client sends a subsequent > > request, it MUST include either the USERNAME or USERHASH, REALM, > > NONCE, and PASSWORD-ALGORITHM attributes with these cached values. > > > > So my interpretation is that this Binding Request (sub sequent) is lacking > > the > > PASSWORD-ALGORITHM attribute. In Section 9.2.4 also states: > > > > * If the request contains neither the PASSWORD-ALGORITHMS nor the > > PASSWORD-ALGORITHM algorithm, then the request is processed as > > though PASSWORD-ALGORITHM were MD5. > > > > I think the discrepancy between the requirement on sending and what to do > > when > > receiving the request comes from backwards compatibility. But there are no > > reason that the B.1 should not contain the mandated PASSWORD-ALGORITHM > > attribute. > > > > Thus, it looks like the Appendix B.2 initial text should be clarified with: > > > > 1. That this is a subsequent binding request (for context setting). > > 2. Make it clear that it is using SHA-256 as password alrgorithm, and thus > > PASSWORD-ALGORITH: Algorithm = 0x0002 (SHA-256) > > 3. Update the message and its integrity to contain a PASSWORD-ALGORITHM > > > > Authors, are you concurring? > > > > Cheers > > > > Magnus > > > > > > On Wed, 2020-09-23 at 17:58 +0100, RenThraysk wrote: > > > Hi > > > > > > Apologies for the delay. > > > > > > Yes, MESSAGE-INTEGRITY-SHA256 and USERHASH both explicitly specify using > > > SHA256. > > > However this RFC adds some agility to computing the long term HMAC key > > > used to > > > compute the MESSAGE-INTEGRITY-SHA256. > > > See https://tools.ietf.org/html/rfc8489#section-18.5 > > > > > > If using MESSAGE-INTEGRITY-SHA256 implies that the SHA-256 algorithm ( > > > https://tools.ietf.org/html/rfc8489#section-18.5.1.2 ) then it's not clear > > > in > > > the RFC. > > > If it doesn't imply how the key is generated then suggest adding following > > > line to the test vector parameters > > > > > > "MESSAGE-INTEGRITY-SHA256 long term key algorithm: SHA-256" > > > > > > Jared. > > > > > > > > > On Wed, Sep 23, 2020 at 3:18 PM Magnus Westerlund < > > > magnus.westerlund@ericsson.com> wrote: > > > > Jared, > > > > > > > > Any follow up on the the below question? I would like to conclude on > > > > this > > > > Errata. > > > > > > > > /Magnus > > > > > > > > On Mon, 2020-09-14 at 15:53 +0000, Magnus Westerlund wrote: > > > > > Hi, > > > > > > > > > > Thanks Marc for the new test vector. > > > > > > > > > > Thanks Jared for verifying it. > > > > > > > > > > I have updated the Errata with Marc latest test vector. > > > > > > > > > https://protect2.fireeye.com/v1/url?k=c2b8810a-9c18434c-c2b8c191-86fc6812c361-deb1c6e569244be5&q=1&e=1eef972f-1e6d-4430-97e5-2b968535970d&u=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata_search.php%3Feid%3D6268 > > > > > > > > > > Please check this. > > > > > > > > > > Jared, I don't understand your request about noting SHA-256 password > > > > > algorithm. > > > > > To me it appears very clear in this section and in the message exactly > > > > > > > > what > > > > > protocol elements are being used. USERHASH and MESSAGE-INTEGRITY- > > > > > SHA256 > > > > > > > > are > > > > > both > > > > > clear that they use SHA256. So if you want any change to the note, can > > > > > you > > > > > provide what text you propse? > > > > > > > > > > > > > > > B.1. Sample Request with Long-Term Authentication with MESSAGE- > > > > > INTEGRITY-SHA256 and USERHASH > > > > > > > > > > This request uses the following parameters: > > > > > > > > > > Username: "<U+30DE><U+30C8><U+30EA><U+30C3><U+30AF><U+30B9>" > > > > > (without > > > > > quotes) unaffected by OpaqueString [RFC8265] processing > > > > > > > > > > Password: "The<U+00AD>M<U+00AA>tr<U+2168>" and "TheMatrIX" (without > > > > > quotes) respectively before and after OpaqueString [RFC8265] > > > > > processing > > > > > > > > > > Nonce: "obMatJos2AAACf//499k954d6OL34oL9FSTvy64sA" (without quotes) > > > > > > > > > > Realm: "example.org" (without quotes) > > > > > > > > > > > > > > > > > > > > > > > > > On Mon, 2020-09-14 at 15:47 +0100, RenThraysk wrote: > > > > > > Hi > > > > > > > > > > > > Ok, this is using the SHA256 Password Algorithm, so I suggest that > > > > > > > > should be > > > > > > noted in the errata as part of the parameters listed in B.1 > > > > > > But can now successfully create the test vector from my code. > > > > > > > > > > > > Will open the other > > > > > > errata proposing to strike the line about the right to left bit > > > > > > > > ordering. > > > > > > > > > > > > Jared > > > > > > > > > > > > On Mon, Sep 14, 2020 at 2:15 PM Marc Petit-Huguenin < > > > > > > > > marc@petit-huguenin.org > > > > > > > > > > > > > > > > > > > wrote: > > > > > > > After looking at the emails exchanged at that time, the reason the > > > > > > > userhash > > > > > > > was different was because we tentatively changed the username > > > > > > > during > > > > > > > AUTH48, > > > > > > > then decided to use the original one, but my code got stuck with > > > > > > > the > > > > > > > > new > > > > > > > username. I updated the code and the test-vector is now: > > > > > > > > > > > > > > 00 01 00 88 Request type and message length > > > > > > > 21 12 a4 42 Magic cookie > > > > > > > 78 ad 34 33 } > > > > > > > c6 ad 72 c0 } Transaction ID > > > > > > > 29 da 41 2e } > > > > > > > 00 1e 00 20 USERHASH attribute header > > > > > > > 4a 3c f3 8f } > > > > > > > ef 69 92 bd } > > > > > > > a9 52 c6 78 } > > > > > > > 04 17 da 0f } Userhash value (32 bytes) > > > > > > > 24 81 94 15 } > > > > > > > 56 9e 60 b2 } > > > > > > > 05 c4 6e 41 } > > > > > > > 40 7f 17 04 } > > > > > > > 00 15 00 29 NONCE attribute header > > > > > > > 6f 62 4d 61 } > > > > > > > 74 4a 6f 73 } > > > > > > > 32 41 41 41 } > > > > > > > 43 66 2f 2f } > > > > > > > 34 39 39 6b } Nonce value and padding (3 bytes) > > > > > > > 39 35 34 64 } > > > > > > > 36 4f 4c 33 } > > > > > > > 34 6f 4c 39 } > > > > > > > 46 53 54 76 } > > > > > > > 79 36 34 73 } > > > > > > > 41 00 00 00 } > > > > > > > 00 14 00 0b REALM attribute header > > > > > > > 65 78 61 6d } > > > > > > > 70 6c 65 2e } Realm value (11 bytes) and padding (1 byte) > > > > > > > 6f 72 67 00 } > > > > > > > 00 1c 00 20 MESSAGE-INTEGRITY-SHA256 attribute header > > > > > > > 23 41 12 fb } > > > > > > > d4 e2 7f 98 } > > > > > > > 3e b4 03 28 } > > > > > > > 36 f9 98 21 } HMAC-SHA256 value > > > > > > > 6f 5b 23 f8 } > > > > > > > d9 27 75 3f } > > > > > > > bc 4f 88 2b } > > > > > > > fb df 0d ec } > > > > > > > > > > > > > > > > > > > > > I think that the note in the errata is fine (after updating the > > > > > > > test- > > > > > > > vector). > > > > > > > > > > > > > > Let's open a separate errata for the other issue. > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > > > > > > > > > > On 9/7/20 9:21 AM, Marc Petit-Huguenin wrote: > > > > > > > > Yes, I will provide text. > > > > > > > > > > > > > > > > On 9/7/20 9:13 AM, Magnus Westerlund wrote: > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > I will hold, but please consider if you directly have any text > > > > > > > > > proposal > > > > > > > > > > > > > > for > > > > > > > > > the note part of the errata to explain the changes that are in > > > > > > > > there > > > > > > > > > and > > > > > > > > > > > > > > if we > > > > > > > > > need to change the text above the message itself to clarify > > > > > > > > thingS? > > > > > > > > > > > > > > > > > > Cheers > > > > > > > > > > > > > > > > > > Magnus > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > > > > > From: Marc Petit-Huguenin <marc@petit-huguenin.org> > > > > > > > > > > Sent: den 7 september 2020 18:11 > > > > > > > > > > To: RenThraysk <renthraysk@gmail.com> > > > > > > > > > > Cc: Magnus Westerlund <magnus.westerlund@ericsson.com>; > > > > > > > > > > gsalguei@cisco.com; simon.perreault@logmein.com; > > > > > > > > > > martin.h.duke@gmail.com; philip_matthews@magma.ca; Gonzalo > > > > > > > > Camarillo > > > > > > > > > > <gonzalo.camarillo@ericsson.com>; jdrosen@jdrosen.net; > > > > > > > > > > dwing- > > > > > > > > > > ietf@fuggles.com; tram@ietf.org; rohan.ietf@gmail.com > > > > > > > > > > Subject: Re: [Technical Errata Reported] RFC8489 (6268) > > > > > > > > > > > > > > > > > > > > That's a good question. We changed the username after we > > > > > > > > discovered > > > > > > > > > > > > > > that > > > > > > > > > > the one I used previously was in fact invalid with the new > > > > > > > > PRECIS > > > > > > > > > > rules, > > > > > > > > > > > > > > but > > > > > > > > > > I > > > > > > > > > > am not sure why the one in the RFC is different. I'll have > > > > > > > > > > to > > > > > > > > look > > > > > > > > > > into > > > > > > > > > > > > > > my > > > > > > > > > > archives to find exactly what is what, but that will have to > > > > > > > > wait > > > > > > > > > > until > > > > > > > > > > > > > > next > > > > > > > > > > Monday morning. > > > > > > > > > > > > > > > > > > > > Meanwhile, Magnus, please hold on the errata modification. > > > > > > > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 9/7/20 8:22 AM, RenThraysk wrote: > > > > > > > > > > > Hi > > > > > > > > > > > > > > > > > > > > > > Why has the Userhash value changed from the original test > > > > > > > > vector? > > > > > > > > > > > > > > > > > > > > > > Jared > > > > > > > > > > > > > > > > > > > > > > On Mon, Sep 7, 2020 at 3:21 PM Marc Petit-Huguenin > > > > > > > > > > > <marc@petit-huguenin.org> > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > Hi Magnus, > > > > > > > > > > > > > > > > > > > > > > > > Here's the corrected test-vector: > > > > > > > > > > > > > > > > > > > > > > > > <begins> > > > > > > > > > > > > 00 01 00 88 Request type and message length > > > > > > > > > > > > 21 12 a4 42 Magic cookie > > > > > > > > > > > > 78 ad 34 33 } > > > > > > > > > > > > c6 ad 72 c0 } Transaction ID > > > > > > > > > > > > 29 da 41 2e } > > > > > > > > > > > > 00 1e 00 20 USERHASH attribute header > > > > > > > > > > > > 63 aa 09 fc } > > > > > > > > > > > > 23 81 0a 46 } > > > > > > > > > > > > c9 76 e9 59 } > > > > > > > > > > > > 23 10 ee 1e } Userhash value (32 bytes) > > > > > > > > > > > > 59 b7 06 e1 } > > > > > > > > > > > > 9d e1 bd 21 } > > > > > > > > > > > > a9 f6 f7 40 } > > > > > > > > > > > > 28 d5 ba 71 } > > > > > > > > > > > > 00 15 00 29 NONCE attribute header > > > > > > > > > > > > 6f 62 4d 61 } > > > > > > > > > > > > 74 4a 6f 73 } > > > > > > > > > > > > 32 41 41 41 } > > > > > > > > > > > > 43 66 2f 2f } > > > > > > > > > > > > 34 39 39 6b } Nonce value and padding (3 bytes) > > > > > > > > > > > > 39 35 34 64 } > > > > > > > > > > > > 36 4f 4c 33 } > > > > > > > > > > > > 34 6f 4c 39 } > > > > > > > > > > > > 46 53 54 76 } > > > > > > > > > > > > 79 36 34 73 } > > > > > > > > > > > > 41 00 00 00 } > > > > > > > > > > > > 00 14 00 0b REALM attribute header > > > > > > > > > > > > 65 78 61 6d } > > > > > > > > > > > > 70 6c 65 2e } Realm value (11 bytes) and > > > > > > > > > > > > padding (1 > > > > > > > > > > > > byte) > > > > > > > > > > > > 6f 72 67 00 } > > > > > > > > > > > > 00 1c 00 20 MESSAGE-INTEGRITY-SHA256 > > > > > > > > > > > > attribute > > > > > > > > header > > > > > > > > > > > > 8e 57 3d 97 } > > > > > > > > > > > > 75 33 21 ae } > > > > > > > > > > > > 47 8c b6 a2 } > > > > > > > > > > > > 7b 8a 6b 3a } HMAC-SHA256 value > > > > > > > > > > > > 89 08 9e e1 } > > > > > > > > > > > > 5f 62 6b 38 } > > > > > > > > > > > > 40 9f 48 ed } > > > > > > > > > > > > 47 a5 df 57 } > > > > > > > > > > > > <ends> > > > > > > > > > > > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > > > > > > > > > > > > > On 9/1/20 4:04 AM, Magnus Westerlund wrote: > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > > > > > > > > > I think it is reasonable that we do an RFC Errata for > > > > > > > > > > > > > this > > > > > > > > > > > > > error to > > > > > > > > > > > > > > > > > > > > > > > > provide a > > > > > > > > > > > > > corrected test vector. > > > > > > > > > > > > > > > > > > > > > > > > > > I can edit the Errata request to have a different > > > > > > > > > > > > > text. So > > > > > > > > if > > > > > > > > > > > > > you > > > > > > > > > > > > > > > > > > > > > > > > authors could > > > > > > > > > > > > > prepare and review a proposal that fixes this I will > > > > > > > > > > > > > edit > > > > > > > > and > > > > > > > > > > > > > > approve > > > > > > > > > > > > > it. > > > > > > > > > > > > > > > > > > > > > > > > > > So if you can provide the text that goes into the > > > > > > > > > > > > > three > > > > > > > > parts: > > > > > > > > > > > > > > > > > > > > > > > > > > Original Text: (I assume the full message from B.1 > > > > > > > > > > > > > here) > > > > > > > > > > > > > > > > > > > > > > > > > > Corrected Text: Full message with corrected message > > > > > > > > > > > > > length > > > > > > > > and > > > > > > > > > > > > > > > > > > > > > > > > recomputed Hash > > > > > > > > > > > > > value. > > > > > > > > > > > > > > > > > > > > > > > > > > Notes: If there are any additional that was already > > > > > > > > written > > > > > > > > > > > > > that you > > > > > > > > > > > > > > > > > > > > > > > > like to > > > > > > > > > > > > > remark about this error? > > > > > > > > > > > > > > > > > > > > > > > > > > Cheers > > > > > > > > > > > > > > > > > > > > > > > > > > Magnus > > > > > > > > > > > > > > > > > > > > > > > > > > On Mon, 2020-08-31 at 17:00 +0000, Gonzalo Salgueiro > > > > > > > > > > > > > (gsalguei) > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > Hi Magnus - > > > > > > > > > > > > > > > > > > > > > > > > > > > > Marc responded earlier so you may have missed it. > > > > > > > > > > > > > > Below > > > > > > > > is > > > > > > > > > > > > > > his > > > > > > > > > > > > > > > > > > > > response: > > > > > > > > > > > > > > > > > > > > > > > > > > > > +++++++++++ > > > > > > > > > > > > > > This errata is correct, and there is nobody to blame > > > > > > > > > > > > > > for > > > > > > > > > > > > > > that > > > > > > > > > > > > > > mistake > > > > > > > > > > > > > > > > > > > > > > > > but me. > > > > > > > > > > > > > > > > > > > > > > > > > > > > Magnus, how to you want to proceed for the > > > > > > > > > > > > > > recomputed > > > > > > > > test > > > > > > > > > > > > > > vector? > > > > > > > > > > > > > > > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > > > +++++++++++ > > > > > > > > > > > > > > > > > > > > > > > > > > > > Cheers, > > > > > > > > > > > > > > > > > > > > > > > > > > > > Gonzalo > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Aug 31, 2020, at 11:08 AM, Magnus Westerlund < > > > > > > > > > > > > > > > magnus.westerlund@ericsson.com> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Author's can you please confirm if this is correct > > > > > > > > > > > > > > > or > > > > > > > > not? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Cheers > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Magnus > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Sun, 2020-08-30 at 08:22 -0700, RFC Errata > > > > > > > > > > > > > > > System > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > The following errata report has been submitted > > > > > > > > > > > > > > > > for > > > > > > > > > > > > > > > > RFC8489, > > > > > > > > > > > > > > > > "Session Traversal Utilities for NAT (STUN)". > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------- > > > > > > > > > > > > > > > > You may review the report below and at: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > https://protect2.fireeye.com/v1/url?k=99260d6d-c786cf2b-99264df6-86fc > > > > > > > > > > > > 6812c361-2320f3daa9544fe5&q=1&e=c28eb099-e321-4447-80c3- > > > > > > > > > > > > > > > > > > > > 942509fe0974& > > > > > > > > > > > > u=https%3A%2F%2Fwww.rfc-editor.org%2Ferrata%2Feid6268 > > > > > > > > > > > > > > > > -------------------------------------- > > > > > > > > > > > > > > > > Type: Technical > > > > > > > > > > > > > > > > Reported by: Jared Williams < > > > > > > > > > > > > > > > > renthraysk@gmail.com> > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Section: Appendix B.1 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Original Text > > > > > > > > > > > > > > > > ------------- > > > > > > > > > > > > > > > > 00 01 00 9c Request type and message length > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Corrected Text > > > > > > > > > > > > > > > > -------------- > > > > > > > > > > > > > > > > 00 01 00 88 Request type and message length > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Notes > > > > > > > > > > > > > > > > ----- > > > > > > > > > > > > > > > > The message length in the test vector (9c) is > > > > > > > > > > > > > > > > the > > > > > > > > > > > > > > > > absolute length > > > > > > > > > > > > > > > > of > > > > > > > > > > > > > > > > > > > > > > > > the > > > > > > > > > > > > > > > > whole > > > > > > > > > > > > > > > > test vector. However from section 5. STUN > > > > > > > > > > > > > > > > Message > > > > > > > > > > > > > > > > Structure > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > "The message length MUST contain the size of the > > > > > > > > message > > > > > > > > > > > > > > > > in bytes, > > > > > > > > > > > > > > > > > > > > not > > > > > > > > > > > > > > > > including the 20-byte STUN header." > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > So the message length in the header should be 20 > > > > > > > > less > > > > > > > > > > > > > > > > than > > > > > > > > > > > > > > > > absolute > > > > > > > > > > > > > > > > > > > > > > > > length > > > > > > > > > > > > > > > > of > > > > > > > > > > > > > > > > the whole message. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 0x9C - 20, 0x88. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Also the MESSAGE-INTEGRITY-SHA256 HMAC-SHA256 > > > > > > > > > > > > > > > > value > > > > > > > > of > > > > > > > > > > > > > > > > the > > > > > > > > > > > > > > > > > > > > Test > > > > > > > > > > > > > > > > Vector will need recomputing. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Instructions: > > > > > > > > > > > > > > > > ------------- > > > > > > > > > > > > > > > > This erratum is currently posted as "Reported". > > > > > > > > > > > > > > > > If > > > > > > > > > > > > > > > > necessary, > > > > > > > > > > > > > > > > please use "Reply All" to discuss whether it > > > > > > > > > > > > > > > > should > > > > > > > > be > > > > > > > > > > > > > > > > verified > > > > > > > > > > > > > > > > or rejected. When a decision is reached, the > > > > > > > > verifying > > > > > > > > > > > > > > > > party can > > > > > > > > > > > > > > > > log in to change the status and edit the report, > > > > > > > > > > > > > > > > if > > > > > > > > > > > > > > > > necessary. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------- > > > > > > > > > > > > > > > > RFC8489 (draft-ietf-tram-stunbis-21) > > > > > > > > > > > > > > > > -------------------------------------- > > > > > > > > > > > > > > > > Title : Session Traversal > > > > > > > > > > > > > > > > Utilities > > > > > > > > for > > > > > > > > > > > > > > > > NAT (STUN) > > > > > > > > > > > > > > > > Publication Date : February 2020 > > > > > > > > > > > > > > > > Author(s) : M. Petit-Huguenin, G. > > > > > > > > Salgueiro, > > > > > > > > > > > > > > > > J. > > > > > > > > > > > > > > Rosenberg, > > > > > > > > > > > > D. > > > > > > > > > > > > > > > > Wing, > > > > > > > > > > > > > > > > R. Mahy, P. Matthews > > > > > > > > > > > > > > > > Category : PROPOSED STANDARD > > > > > > > > > > > > > > > > Source : TURN Revised and > > > > > > > > > > > > > > > > Modernized > > > > > > > > > > > > > > > > Area : Transport > > > > > > > > > > > > > > > > Stream : IETF > > > > > > > > > > > > > > > > Verifying Party : IESG > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > > Cheers > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Magnus Westerlund > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- Cheers Magnus Westerlund ---------------------------------------------------------------------- Networks, Ericsson Research ---------------------------------------------------------------------- Ericsson AB | Mobile +46 73 0949079 Torshamnsgatan 23 | SE-164 80 Stockholm, Sweden | mailto: magnus.westerlund@ericsson.com ----------------------------------------------------------------------
- [tram] [Technical Errata Reported] RFC8489 (6268) RFC Errata System
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Marc Petit-Huguenin
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Magnus Westerlund
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Gonzalo Salgueiro (gsalguei)
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Magnus Westerlund
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Marc Petit-Huguenin
- Re: [tram] [Technical Errata Reported] RFC8489 (6… RenThraysk
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Marc Petit-Huguenin
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Marc Petit-Huguenin
- Re: [tram] [Technical Errata Reported] RFC8489 (6… RenThraysk
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Magnus Westerlund
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Marc Petit-Huguenin
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Magnus Westerlund
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Marc Petit-Huguenin
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Marc Petit-Huguenin
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Rohan Mahy
- Re: [tram] [Technical Errata Reported] RFC8489 (6… RenThraysk
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Magnus Westerlund
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Magnus Westerlund
- Re: [tram] [Technical Errata Reported] RFC8489 (6… RenThraysk
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Magnus Westerlund
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Marc Petit-Huguenin
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Magnus Westerlund
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Marc Petit-Huguenin
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Magnus Westerlund
- Re: [tram] [Technical Errata Reported] RFC8489 (6… RenThraysk
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Marc Petit-Huguenin
- Re: [tram] [Technical Errata Reported] RFC8489 (6… Magnus Westerlund