Problems with Session Traversal Utilities for NAT (STUN) Long-Term Authentication for Traversal Using Relays around NAT (TURN)
RFC 7376
Revision differences
Document history
| Date | Rev. | By | Action |
|---|---|---|---|
|
2015-10-14
|
05 | (System) | Notify list changed from tram-chairs@ietf.org, draft-ietf-tram-auth-problems@ietf.org to (None) |
|
2014-09-30
|
05 | (System) | RFC published |
|
2014-09-25
|
05 | (System) | RFC Editor state changed to <a href="http://www.rfc-editor.org/auth48/rfc7376">AUTH48-DONE</a> from AUTH48 |
|
2014-09-23
|
05 | Spencer Dawkins | Changed consensus to Yes from Unknown |
|
2014-09-23
|
05 | (System) | RFC Editor state changed to <a href="http://www.rfc-editor.org/auth48/rfc7376">AUTH48</a> from RFC-EDITOR |
|
2014-09-18
|
05 | (System) | RFC Editor state changed to RFC-EDITOR from EDIT |
|
2014-09-12
|
05 | Gonzalo Camarillo | (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? … (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Informational, as indicated in the title page header and on the corresponding milestone in the charter of the TRAM WG. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document discusses some of the issues with STUN authentication for TURN messages. Working Group Summary: This document became a WG item after having been discussed within the TRAM community. By the time the document became a WG item, there was consensus on its contents. After becoming a WG item the document was reviewed by a dedicated reviewer, whose comments were addressed by the draft's editors. Document Quality: This is a discussion document that is not intended to be implemented. Personnel: Gonzalo Camarillo is the document Shepherd. Spencer Dawkins is the responsible AD. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document shepherd reviewed the document as part of its WGLC and provided a few comments, all of which were addressed in a subsequent revision of the document. At this point the document is ready to be forwarded to the IESG. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. No. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. None. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? Yes. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The consensus behind this document represents a strong concurrence of the few active participants in the WG. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. ID nits complains about RFC 2119 statements being used in the draft without having a reference to RFC 2119. Those statements are only used in order to explain what exactly another RFC specifies. So, it should be OK. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No formal reviews are needed. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? All normative references are RFCs. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. No. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. No. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). This document does not request the IANA to perform any action. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. None. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. No formal language is used in this document. |
|
2014-08-28
|
05 | Amy Vezza | IESG state changed to RFC Ed Queue from Approved-announcement sent |
|
2014-08-27
|
05 | (System) | RFC Editor state changed to EDIT |
|
2014-08-27
|
05 | (System) | Announcement was received by RFC Editor |
|
2014-08-25
|
05 | (System) | IANA Action state changed to No IC |
|
2014-08-25
|
05 | Cindy Morgan | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
|
2014-08-25
|
05 | Cindy Morgan | IESG has approved the document |
|
2014-08-25
|
05 | Cindy Morgan | Closed "Approve" ballot |
|
2014-08-25
|
05 | Cindy Morgan | Ballot approval text was generated |
|
2014-08-22
|
05 | Spencer Dawkins | IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::Point Raised - writeup needed |
|
2014-08-21
|
05 | Shaun Cooley | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Shaun Cooley. |
|
2014-08-21
|
05 | Cindy Morgan | IESG state changed to Approved-announcement to be sent::Point Raised - writeup needed from IESG Evaluation |
|
2014-08-20
|
05 | Kathleen Moriarty | [Ballot comment] I am interested to see the responses to a few of Stephen's questions and don't have any more to add. Thanks for your … [Ballot comment] I am interested to see the responses to a few of Stephen's questions and don't have any more to add. Thanks for your work on the draft. |
|
2014-08-20
|
05 | Kathleen Moriarty | [Ballot Position Update] New position, No Objection, has been recorded for Kathleen Moriarty |
|
2014-08-20
|
05 | Stephen Farrell | [Ballot comment] A bunch of comments, but all non-blocking or really less. That is, feel free to ignore these unless you think they make the … [Ballot comment] A bunch of comments, but all non-blocking or really less. That is, feel free to ignore these unless you think they make the doc better. I'd rather this got out there and we moved on to solutions more quickly compared to waiting for the perfect version of this. section 1: 1st bullet - where is it defined how to use a TURN server for privacy? And I don't actually see how that'd work, unless the caller trusts the TURN server to do it. Might well be my ignorance of TURN though. section 4, point 7: malicious JS is not required, any browser can view the source, including the STUN pwd. section 4: A possible 8th point is that a STUN/TURN server for WebRTC could have to work for many many browsers at which point assuming any secret known to all is a secret is just silly. section 4: Another possible new point is that STUN auth was meant for the WebRTC equivalent of the browser but in fact the web site (via the site's JS) is in control and hence it really ought be the web site that authenticates to the STUN server and not (supposedly) the WebRTC browser. section 4: Yet another - if a WebRTC server sets "per-user" STUN passwords via some form of co-ordination with some STUN/TURN servers, then that will assist in tracking individual user behaviour and so may be a privacy concern. section 4 (or 1): Current STUN/TURN auth essentially forces some centralisation into WebRTC where that ought not be needed. For example, models based on a leap-of-faith could actually be good enough to prevent widespread abuse of resources. |
|
2014-08-20
|
05 | Stephen Farrell | [Ballot Position Update] New position, No Objection, has been recorded for Stephen Farrell |
|
2014-08-20
|
05 | Amanda Baber | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
|
2014-08-20
|
05 | Alissa Cooper | [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper |
|
2014-08-20
|
05 | Richard Barnes | [Ballot Position Update] New position, No Objection, has been recorded for Richard Barnes |
|
2014-08-20
|
05 | Joel Jaeggli | [Ballot Position Update] New position, No Objection, has been recorded for Joel Jaeggli |
|
2014-08-20
|
05 | Jari Arkko | [Ballot Position Update] New position, No Objection, has been recorded for Jari Arkko |
|
2014-08-18
|
05 | Tirumaleswar Reddy.K | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
|
2014-08-18
|
05 | Tirumaleswar Reddy.K | New version available: draft-ietf-tram-auth-problems-05.txt |
|
2014-08-18
|
04 | Adrian Farrel | [Ballot comment] I have no objection to the publication of this document. Here are two editorial notes for you to consider. --- The use of … [Ballot comment] I have no objection to the publication of this document. Here are two editorial notes for you to consider. --- The use of upper case "MUST" in a pseudo-quote from RFC5766 seems unnecessary. --- A little work on abbreviations is needed... I don't believe TURN or STUN are "well-known abbreviations" according to http://www.rfc-editor.org/rfc-style-guide/abbrev.expansion.txt so you should expand them in: - document title - Abstract - main document on first use (you do this for TURN, but note that the referenced 5766 uses a different expansion from the one you use!) Is there some inconsistency between WebRTC and RTCWEB? ICE should be expanded on first use. You have expanded it two paragraphs later. |
|
2014-08-18
|
04 | Adrian Farrel | [Ballot Position Update] New position, No Objection, has been recorded for Adrian Farrel |
|
2014-08-18
|
04 | Gunter Van de Velde | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Tina Tsou. |
|
2014-08-18
|
04 | Brian Haberman | [Ballot Position Update] New position, No Objection, has been recorded for Brian Haberman |
|
2014-08-15
|
04 | Martin Stiemerling | [Ballot Position Update] New position, No Objection, has been recorded for Martin Stiemerling |
|
2014-08-15
|
04 | Brian Carpenter | Request for Telechat review by GENART Completed: Ready. Reviewer: Brian Carpenter. |
|
2014-08-14
|
04 | Jean Mahoney | Request for Telechat review by GENART is assigned to Brian Carpenter |
|
2014-08-14
|
04 | Jean Mahoney | Request for Telechat review by GENART is assigned to Brian Carpenter |
|
2014-08-13
|
04 | Barry Leiba | [Ballot Position Update] New position, No Objection, has been recorded for Barry Leiba |
|
2014-08-11
|
04 | Spencer Dawkins | IESG state changed to IESG Evaluation from Waiting for Writeup |
|
2014-08-08
|
04 | Spencer Dawkins | Ballot has been issued |
|
2014-08-08
|
04 | Spencer Dawkins | [Ballot Position Update] New position, Yes, has been recorded for Spencer Dawkins |
|
2014-08-08
|
04 | Spencer Dawkins | Created "Approve" ballot |
|
2014-08-08
|
04 | Spencer Dawkins | Ballot writeup was changed |
|
2014-08-08
|
04 | (System) | IESG state changed to Waiting for Writeup from In Last Call |
|
2014-08-04
|
04 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
|
2014-08-04
|
04 | Pearl Liang | IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-tram-auth-problems-02, which is currently in Last Call, and has the following comments: We understand that, upon approval of this … IESG/Authors/WG Chairs: IANA has reviewed draft-ietf-tram-auth-problems-02, which is currently in Last Call, and has the following comments: We understand that, upon approval of this document, there are no IANA Actions that need completion. While it is helpful for the IANA Considerations section of the document to remain in place upon publication, if the authors prefer to remove it, IANA doesn't object. If this assessment is not accurate, please respond as soon as possible. |
|
2014-07-30
|
04 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Tina Tsou |
|
2014-07-30
|
04 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Tina Tsou |
|
2014-07-28
|
04 | Tirumaleswar Reddy.K | New version available: draft-ietf-tram-auth-problems-04.txt |
|
2014-07-26
|
03 | Brian Carpenter | Request for Last Call review by GENART Completed: Almost Ready. Reviewer: Brian Carpenter. |
|
2014-07-25
|
03 | Ram R | New version available: draft-ietf-tram-auth-problems-03.txt |
|
2014-07-24
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Brian Carpenter |
|
2014-07-24
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Brian Carpenter |
|
2014-07-24
|
02 | Jean Mahoney | Closed request for Last Call review by GENART with state 'Withdrawn' |
|
2014-07-24
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Tom Taylor |
|
2014-07-24
|
02 | Jean Mahoney | Request for Last Call review by GENART is assigned to Tom Taylor |
|
2014-07-24
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Shaun Cooley |
|
2014-07-24
|
02 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Shaun Cooley |
|
2014-07-18
|
02 | Amy Vezza | IANA Review state changed to IANA - Review Needed |
|
2014-07-18
|
02 | Amy Vezza | The following Last Call announcement was sent out:<br><br>From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> CC: <tram@ietf.org> Reply-To: ietf@ietf.org Sender: … The following Last Call announcement was sent out:<br><br>From: The IESG <iesg-secretary@ietf.org> To: IETF-Announce <ietf-announce@ietf.org> CC: <tram@ietf.org> Reply-To: ietf@ietf.org Sender: <iesg-secretary@ietf.org> Subject: Last Call: <draft-ietf-tram-auth-problems-02.txt> (Problems with STUN long-term Authentication for TURN) to Informational RFC The IESG has received a request from the TURN Revised and Modernized WG (tram) to consider the following document: - 'Problems with STUN long-term Authentication for TURN' <draft-ietf-tram-auth-problems-02.txt> as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2014-08-08. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document discusses some of the issues with STUN authentication for TURN messages. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-tram-auth-problems/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-tram-auth-problems/ballot/ No IPR declarations have been submitted directly on this I-D. |
|
2014-07-18
|
02 | Amy Vezza | IESG state changed to In Last Call from Last Call Requested |
|
2014-07-18
|
02 | Spencer Dawkins | Placed on agenda for telechat - 2014-08-21 |
|
2014-07-18
|
02 | Spencer Dawkins | Last call was requested |
|
2014-07-18
|
02 | Spencer Dawkins | Ballot approval text was generated |
|
2014-07-18
|
02 | Spencer Dawkins | Ballot writeup was generated |
|
2014-07-18
|
02 | Spencer Dawkins | IESG state changed to Last Call Requested from AD Evaluation |
|
2014-07-18
|
02 | Spencer Dawkins | Last call announcement was changed |
|
2014-07-18
|
02 | Spencer Dawkins | Last call announcement was generated |
|
2014-07-18
|
02 | Spencer Dawkins | Last call announcement was generated |
|
2014-07-07
|
02 | Spencer Dawkins | IESG state changed to AD Evaluation from Publication Requested |
|
2014-07-05
|
02 | Gonzalo Camarillo | (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? … (1) What type of RFC is being requested (BCP, Proposed Standard, Internet Standard, Informational, Experimental, or Historic)? Why is this the proper type of RFC? Is this type of RFC indicated in the title page header? Informational, as indicated in the title page header and on the corresponding milestone in the charter of the TRAM WG. (2) The IESG approval announcement includes a Document Announcement Write-Up. Please provide such a Document Announcement Write-Up. Recent examples can be found in the "Action" announcements for approved documents. The approval announcement contains the following sections: Technical Summary: This document discusses some of the issues with STUN authentication for TURN messages. Working Group Summary: This document became a WG item after having been discussed within the TRAM community. By the time the document became a WG item, there was consensus on its contents. After becoming a WG item the document was reviewed by a dedicated reviewer, whose comments were addressed by the draft's editors. Document Quality: This is a discussion document that is not intended to be implemented. Personnel: Gonzalo Camarillo is the document Shepherd. Ted Lemon is the responsible AD. (3) Briefly describe the review of this document that was performed by the Document Shepherd. If this version of the document is not ready for publication, please explain why the document is being forwarded to the IESG. The document shepherd reviewed the document as part of its WGLC and provided a few comments, all of which were addressed in a subsequent revision of the document. At this point the document is ready to be forwarded to the IESG. (4) Does the document Shepherd have any concerns about the depth or breadth of the reviews that have been performed? No. (5) Do portions of the document need review from a particular or from broader perspective, e.g., security, operational complexity, AAA, DNS, DHCP, XML, or internationalization? If so, describe the review that took place. No. (6) Describe any specific concerns or issues that the Document Shepherd has with this document that the Responsible Area Director and/or the IESG should be aware of? For example, perhaps he or she is uncomfortable with certain parts of the document, or has concerns whether there really is a need for it. In any event, if the WG has discussed those issues and has indicated that it still wishes to advance the document, detail those concerns here. None. (7) Has each author confirmed that any and all appropriate IPR disclosures required for full conformance with the provisions of BCP 78 and BCP 79 have already been filed. If not, explain why? Yes. (8) Has an IPR disclosure been filed that references this document? If so, summarize any WG discussion and conclusion regarding the IPR disclosures. No. (9) How solid is the WG consensus behind this document? Does it represent the strong concurrence of a few individuals, with others being silent, or does the WG as a whole understand and agree with it? The consensus behind this document represents a strong concurrence of the few active participants in the WG. (10) Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarise the areas of conflict in separate email messages to the Responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No. (11) Identify any ID nits the Document Shepherd has found in this document. (See http://www.ietf.org/tools/idnits/ and the Internet-Drafts Checklist). Boilerplate checks are not enough; this check needs to be thorough. ID nits complains about RFC 2119 statements being used in the draft without having a reference to RFC 2119. Those statements are only used in order to explain what exactly another RFC specifies. So, it should be OK. (12) Describe how the document meets any required formal review criteria, such as the MIB Doctor, media type, and URI type reviews. No formal reviews are needed. (13) Have all references within this document been identified as either normative or informative? Yes. (14) Are there normative references to documents that are not ready for advancement or are otherwise in an unclear state? If such normative references exist, what is the plan for their completion? All normative references are RFCs. (15) Are there downward normative references references (see RFC 3967)? If so, list these downward references to support the Area Director in the Last Call procedure. No. (16) Will publication of this document change the status of any existing RFCs? Are those RFCs listed on the title page header, listed in the abstract, and discussed in the introduction? If the RFCs are not listed in the Abstract and Introduction, explain why, and point to the part of the document where the relationship of this document to the other RFCs is discussed. If this information is not in the document, explain why the WG considers it unnecessary. No. (17) Describe the Document Shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all protocol extensions that the document makes are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that newly created IANA registries include a detailed specification of the initial contents for the registry, that allocations procedures for future registrations are defined, and a reasonable name for the new registry has been suggested (see RFC 5226). This document does not request the IANA to perform any action. (18) List any new IANA registries that require Expert Review for future allocations. Provide any public guidance that the IESG would find useful in selecting the IANA Experts for these new registries. None. (19) Describe reviews and automated checks performed by the Document Shepherd to validate sections of the document written in a formal language, such as XML code, BNF rules, MIB definitions, etc. No formal language is used in this document. |
|
2014-07-05
|
02 | Gonzalo Camarillo | State Change Notice email list changed to tram-chairs@tools.ietf.org, draft-ietf-tram-auth-problems@tools.ietf.org |
|
2014-07-05
|
02 | Gonzalo Camarillo | Responsible AD changed to Spencer Dawkins |
|
2014-07-05
|
02 | Gonzalo Camarillo | IETF WG state changed to Submitted to IESG for Publication from WG Document |
|
2014-07-05
|
02 | Gonzalo Camarillo | IESG state changed to Publication Requested |
|
2014-07-05
|
02 | Gonzalo Camarillo | IESG process started in state Publication Requested |
|
2014-07-05
|
02 | Gonzalo Camarillo | Intended Status changed to Informational from None |
|
2014-07-05
|
02 | Gonzalo Camarillo | Changed document writeup |
|
2014-07-05
|
02 | Gonzalo Camarillo | Document shepherd changed to Gonzalo Camarillo |
|
2014-07-03
|
02 | Tirumaleswar Reddy.K | New version available: draft-ietf-tram-auth-problems-02.txt |
|
2014-05-01
|
01 | Tirumaleswar Reddy.K | New version available: draft-ietf-tram-auth-problems-01.txt |
|
2014-03-24
|
00 | Tirumaleswar Reddy.K | New version available: draft-ietf-tram-auth-problems-00.txt |