[secdir] secdir review of draft-ietf-tram-auth-problems
"Shaun Cooley (shcooley)" <shcooley@cisco.com> Thu, 21 August 2014 19:56 UTC
Return-Path: <shcooley@cisco.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 074B41A06D4; Thu, 21 Aug 2014 12:56:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.169
X-Spam-Level:
X-Spam-Status: No, score=-15.169 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D44VexPmps4P; Thu, 21 Aug 2014 12:56:13 -0700 (PDT)
Received: from rcdn-iport-2.cisco.com (rcdn-iport-2.cisco.com [173.37.86.73]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 144061A0698; Thu, 21 Aug 2014 12:56:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=603; q=dns/txt; s=iport; t=1408650973; x=1409860573; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=crgDaQaRMoKc5m7JggI0/OnMV8GvWwHXEl84qGiFV/g=; b=Z7rihJgWY1BtI8WAUo6qM9+hHa96SOEZ+y1mJ9R1iQ7UfyC5GJofVYnA dzndMPGy7hlrd7iEhDiL/L3K6V3VUOxRZw2aLruTjb5B+0JIGpfAEDTZD DybR8G4krFbE4YhMwmI0rLYjBM5U1S7b2iY2sMevHFkyKnU21fZpMv392 Q=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgIFAIFN9lOtJV2b/2dsb2JhbABZgw2BLtQfAYEPFneEBQEEeRIBKlYmAQQBDQ2IOsNdF48bMYM2gR0BBJEloCyDXoI0gQcBAQE
X-IronPort-AV: E=Sophos;i="5.04,374,1406592000"; d="scan'208";a="349298970"
Received: from rcdn-core-4.cisco.com ([173.37.93.155]) by rcdn-iport-2.cisco.com with ESMTP; 21 Aug 2014 19:56:12 +0000
Received: from xhc-aln-x05.cisco.com (xhc-aln-x05.cisco.com [173.36.12.79]) by rcdn-core-4.cisco.com (8.14.5/8.14.5) with ESMTP id s7LJuCKa021933 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Thu, 21 Aug 2014 19:56:12 GMT
Received: from xmb-aln-x10.cisco.com ([169.254.5.49]) by xhc-aln-x05.cisco.com ([173.36.12.79]) with mapi id 14.03.0195.001; Thu, 21 Aug 2014 14:56:12 -0500
From: "Shaun Cooley (shcooley)" <shcooley@cisco.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Thread-Topic: secdir review of draft-ietf-tram-auth-problems
Thread-Index: Ac+9ea1oQaVlv8JyRUCafArZzl2a8A==
Date: Thu, 21 Aug 2014 19:56:12 +0000
Message-ID: <187A7B1DA239514F9146FC78B19AADE323581B6C@xmb-aln-x10.cisco.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.19.187.21]
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/secdir/SZpn_Cz2u4J7BUXGhZW-uhL18I8
Cc: "draft-ietf-tram-auth-problems.all@tools.ietf.org" <draft-ietf-tram-auth-problems.all@tools.ietf.org>
Subject: [secdir] secdir review of draft-ietf-tram-auth-problems
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2014 19:56:14 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document describes security and practical problems with the current Session Traversal Utilities for NAT (STUN) authentication for Traversal Using Relays around NAT (TURN) messages. I consider this document to be READY for publication. -Shaun
- [secdir] secdir review of draft-ietf-tram-auth-pr… Shaun Cooley (shcooley)