Last Call Review of draft-ietf-tram-turn-server-discovery-07
review-ietf-tram-turn-server-discovery-07-secdir-lc-weis-2016-08-19-00
Request | Review of | draft-ietf-tram-turn-server-discovery |
---|---|---|
Requested revision | No specific revision (document currently at 12) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2016-08-11 | |
Requested | 2016-08-04 | |
Authors | Prashanth Patil , Tirumaleswar Reddy.K , Dan Wing | |
I-D last updated | 2016-08-19 | |
Completed reviews |
Genart Last Call review of -07
by Ralph Droms
(diff)
Genart Telechat review of -09 by Ralph Droms (diff) Secdir Last Call review of -07 by Brian Weis (diff) Opsdir Last Call review of -07 by Susan Hares (diff) |
|
Assignment | Reviewer | Brian Weis |
State | Completed | |
Request | Last Call review on draft-ietf-tram-turn-server-discovery by Security Area Directorate Assigned | |
Reviewed revision | 07 (document currently at 12) | |
Result | Has nits | |
Completed | 2016-08-19 |
review-ietf-tram-turn-server-discovery-07-secdir-lc-weis-2016-08-19-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. I consider this draft to be Ready with nits. TURN servers are used to connect devices running Peer-to-Peer applications, such as real-time communication. Typically these TURN servers are not under a local network’s administrative control (e.g., the enterprise or ISP hosting the communicating devices. This draft provides a server discovery method to a TURN server that is under the administrative control of the local network. There are some security and operational advantages to the use of a local TURN server, since the local service can tend to keep the real-time communication (or other application) messages from leaving the local network. This is useful. The methods for auto-discovering local TURN servers discussed in the document include DNS Service Resolution, DNS Service Discovery, and Anycast. The main security consideration of using using server discovery methods would seem to be ensuring that an authorized local STUN server has been reached. The Security Considerations section mentions STUN authentication as OPTIONAL for “TURN servers provided by the local network or by the access network”, but "it is RECOMMENDED that the TURN client use one of the following techniques with (D)TLS”. When (D)TLS is used, several mechanisms are described whereby the client can determine that a STUN server is authorized. The requirements language is a bit obscure, but the result is recommending that (D)TLS authentication and authorization is used, which is fine. The Security Considerations section also recommends what a client ought to do when authenticated (D)TLS isn’t possible. The paragraph just before Section 9.1 contains good advice, but it could be clearer. For example the paragraph confuses privacy goals with the security goal of mitigating on-path injection of spoofed packets. I suggest rewording this paragraph with text something like this: In some auto-discovery scenarios, it might not be possible for the TURN client to use (D)TLS authentication to validate the TURN server. However, fall-back to clear text in such cases could leave the TURN client open to on-path injection of spoofed TURN messages. Instead, a TURN client SHOULD fall-back to encryption-only (D)TLS when (D)TLS authentication is not available. Another reason to fall-back to encryption-only is for privacy, which is analogous to SMTP opportunistic encryption [RFC7435] where one does not require privacy but one desires privacy when possible. It is suggested that a TURN client attempt (D)TLS with authentication and encryption, falling back to encryption-only if the TURN server cannot be authenticated via (D)TLS. The TURN server could fall back to clear text if it does not support unauthenticated (D)TLS, but fallback to clear text is NOT RECOMMENDED because it makes the client more susceptible to man-in-the-middle attacks and on-path packet injection. The Security Considerations in each of the sub-sections is good as written. Brian