[RTG-DIR] RTG DIR Review of draft-ietf-tram-turn-mobility-03
Antoni Przygienda <prz@juniper.net> Thu, 18 August 2016 02:01 UTC
Return-Path: <prz@juniper.net>
X-Original-To: rtg-dir@ietfa.amsl.com
Delivered-To: rtg-dir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FD5712D83E; Wed, 17 Aug 2016 19:01:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=junipernetworks.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BCz5NqMEetsw; Wed, 17 Aug 2016 19:01:27 -0700 (PDT)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0105.outbound.protection.outlook.com [104.47.42.105]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41D3F12D834; Wed, 17 Aug 2016 19:01:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=junipernetworks.onmicrosoft.com; s=selector1-juniper-net; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=yU6HH1qF8Ln9RQOJJUGhdeDnU7uX5bUqNcYTjJIu/nI=; b=MhvFhx4E19yhmT+Tg5uuTI8htsh0ftipd9YIYk4DzwLfsdlPyUgr2Gi1MjxkrTshoBK+vadi6Jg1xFEVB3iUOiVuwMPDQ89Ryz3RN/f9ygTMoXgZGVoPI6kUaGeRPgot5E6knRk2m2zG0PJfJyh9nHlZVKmPhLgZstrU2SQvgrQ=
Received: from BN3PR0501MB1476.namprd05.prod.outlook.com (10.160.117.20) by BN3PR0501MB1474.namprd05.prod.outlook.com (10.160.117.18) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.557.8; Thu, 18 Aug 2016 02:01:22 +0000
Received: from BN3PR0501MB1476.namprd05.prod.outlook.com ([10.160.117.20]) by BN3PR0501MB1476.namprd05.prod.outlook.com ([10.160.117.20]) with mapi id 15.01.0557.009; Thu, 18 Aug 2016 02:01:22 +0000
From: Antoni Przygienda <prz@juniper.net>
To: "rtg-ads@ietf.org" <rtg-ads@ietf.org>
Thread-Topic: RTG DIR Review of draft-ietf-tram-turn-mobility-03
Thread-Index: AQHR+PRq48C8b3jqHEqXmpenHynM2w==
Date: Thu, 18 Aug 2016 02:01:21 +0000
Message-ID: <CDD8D5E7-F031-4144-BBB0-4E358AEAD4C1@juniper.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=prz@juniper.net;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [108.228.12.76]
x-ms-office365-filtering-correlation-id: 86e4aa7d-4048-4c4f-fc02-08d3c70b8d82
x-microsoft-exchange-diagnostics: 1; BN3PR0501MB1474; 6:N5cSAZsyqAMuv9VWVJn+ksUyy4hlkpifvvZ1VIKir39ffHC6cLtTIIZe6SGau5dDuUSYbwNtycfdtZUs1i+t8cgFaOhunaMS6KNdNneE42T7dPJvfdYHrrQ3fQEtX+uC1EXydOn0WAXGX3pHFGEair9vBvEedwiadclh44jZRaTBRjOEJzn1p2uxWIFwEjPz9eh5Sq5/kP2FFp8sKxC3nejy1f23l0R28XUJYiP0/k1FCDpH0O8Fp/H7FadMuAdT6WDpLU6yt71P3yaOwQUp2qWLTI3Hp8Wy0x78xqs76Amn5/VR0ewcx6hFMQydAJu5bRzeAqmrigNehbtRyL06DQ==; 5:ZPAkxt2fggBa7HJwQvda0EWg7SnSl9JAOoxUBClE5PgeHGsbCFYLpYmEFp0gSExcIV2PjLCZzD9Mayh13iEpS1PeyUeEvtEopOwdRcDYSkyg7nmMnojQW7+LUT7FgcjChR3dSW6J6HGmwZVxBOW4yw==; 24:7CHEQbLL3KlMJNyO43VGA852viWvNytM2m5xy+uxTTSjOpUdtGL7RiWlPeRSEIegbQxqP0KaeMcP2es7xIYunUkSKTs/CSLm62UwW7+NZVA=; 7:L7RV4GyVNSA9mKhymhWrH4vO2UGdcaO8k8xcS3dmxWgL0dhVLElbtlYeOLjt41eOOS/5A/0ojmkDoP79cmIuzcMuXI+gTrXC5S+fa6dm+mvhAdHCjr28B6ThIe5Wyy+UPcLp/La5Dl0VlCqaUhaz2ezZI47g7UGeYELa/p4jtwMXvKr4t85l6TDNyccsZ9w7pr5/Lt3Ls/iWEE0061d6D4DeYq+4fZJZWVplogdPyBXHLdWZ0ncOXRWHHZ9A7pM8
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN3PR0501MB1474;
x-microsoft-antispam-prvs: <BN3PR0501MB14743882C7D8C152B40A9276AC150@BN3PR0501MB1474.namprd05.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(158342451672863)(192374486261705)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026); SRVR:BN3PR0501MB1474; BCL:0; PCL:0; RULEID:; SRVR:BN3PR0501MB1474;
x-forefront-prvs: 0038DE95A2
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(7916002)(189002)(199003)(106116001)(6116002)(7906003)(2906002)(2900100001)(19617315012)(82746002)(10400500002)(50986999)(3846002)(33656002)(8936002)(7736002)(16236675004)(102836003)(7846002)(8676002)(99286002)(105586002)(9326002)(81166006)(2351001)(189998001)(19300405004)(92566002)(97736004)(81156014)(5640700001)(66066001)(586003)(4326007)(110136002)(5002640100001)(19580395003)(2501003)(87936001)(68736007)(450100001)(230783001)(106356001)(11100500001)(77096005)(229853001)(86362001)(122556002)(36756003)(15975445007)(3280700002)(83716003)(101416001)(3660700001)(54356999)(19625215002)(104396002)(42262002)(217873001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN3PR0501MB1474; H:BN3PR0501MB1476.namprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: juniper.net does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CDD8D5E7F0314144BBB04E358AEAD4C1junipernet_"
MIME-Version: 1.0
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Aug 2016 02:01:21.1572 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN3PR0501MB1474
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtg-dir/-4gjUCBoa07ND3q-9WrKoMMwilE>
Cc: "rtg-dir@ietf.org" <rtg-dir@ietf.org>, "draft-ietf-tram-turn-mobility@ietf.org" <draft-ietf-tram-turn-mobility@ietf.org>
Subject: [RTG-DIR] RTG DIR Review of draft-ietf-tram-turn-mobility-03
X-BeenThere: rtg-dir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Routing Area Directorate <rtg-dir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtg-dir/>
List-Post: <mailto:rtg-dir@ietf.org>
List-Help: <mailto:rtg-dir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtg-dir>, <mailto:rtg-dir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Aug 2016 02:01:29 -0000
Hello, I have been selected as the Routing Directorate reviewer for draft-ietf-tram-turn-mobility-03. The Routing Directorate seeks to review all routing or routing-related drafts as they pass through IETF last call and IESG review. The purpose of the review is to provide assistance to the Routing ADs. For more information about the Routing Directorate, please see http://trac.tools.ietf.org/area/rtg/trac/wiki/RtgDir Although these comments are primarily for the use of the Routing ADs, it would be helpful if you could consider them along with any other IETF Last Call comments that you receive, and strive to resolve them through discussion or by updating the draft. Document: draft-ietf-tram-turn-mobility-03.txt Reviewer: Tony Przygienda Review Date: 18 Aug 16 Intended Status: Standards Summary: Overall, clear draft, fairly straight-forward extension to STUN. Possible improvement and minor security holes. I have some concerns about this document that I think should be commented on/addressed/resolved before publication. Comments: To prevent an in-path attack with replying mobility tickets I would add a sentence to the draft saying that the newly generated mobility ticket on refresh response MUST be different from the previous one (that can be assured by including a nonce or something even if the refresh doesn’t change the allocation). An even stronger replay attack could include a client nonce in the mobility ticket on the allocate request that MUST be used to generate the ticket. The nonce would be repeated in the Refresh request with the ticket. In a sense it would be best if the mobility ticket could not be reused without a client and a server context stored. Omission: If the ticket is reused/corrupt, I’m missing according procedures for an error in the Refresh Response, i.e. an error response code with “mobility ticket invalid” and description what happens (is the allocation dropped, old value retained?) Thanks --- tony
- Re: [RTG-DIR] RTG DIR Review of draft-ietf-tram-t… Antoni Przygienda
- Re: [RTG-DIR] RTG DIR Review of draft-ietf-tram-t… Tirumaleswar Reddy (tireddy)
- Re: [RTG-DIR] RTG DIR Review of draft-ietf-tram-t… Antoni Przygienda
- Re: [RTG-DIR] RTG DIR Review of draft-ietf-tram-t… Tirumaleswar Reddy (tireddy)
- Re: [RTG-DIR] RTG DIR Review of draft-ietf-tram-t… Antoni Przygienda
- Re: [RTG-DIR] RTG DIR Review of draft-ietf-tram-t… Tirumaleswar Reddy (tireddy)
- Re: [RTG-DIR] RTG DIR Review of draft-ietf-tram-t… Antoni Przygienda
- Re: [RTG-DIR] RTG DIR Review of draft-ietf-tram-t… Tirumaleswar Reddy (tireddy)
- [RTG-DIR] RTG DIR Review of draft-ietf-tram-turn-… Antoni Przygienda