[Technical Errata Reported] RFC5766 (4933)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Technical Errata Reported] RFC5766 (4933)

rfc-editor
The following errata report has been submitted for RFC5766,
"Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)".

--------------------------------------
You may review the report below and at:
http://www.rfc-editor.org/errata_search.php?rfc=5766&eid=4933

--------------------------------------
Type: Technical
Reported by: shakeeb <[hidden email]>

Section: 17.3.3

Original Text
-------------
An attacker might attempt to disrupt service to other users of the
TURN server by sending Refresh requests or CreatePermission requests
that (through source address spoofing) appear to be coming from
another user of the TURN server.  TURN prevents this by requiring
that the credentials used in CreatePermission, Refresh, and
ChannelBind messages match those used to create the initial
allocation.  Thus, the fake requests from the attacker will be
rejected.

Corrected Text
--------------


Notes
-----
When using short-term, credentials expire after a specific amount of time (such as 5
minutes)  and clients get new credentials. The restriction imposed at section 17.3.3
prevents from refreshing allocation or permission using the new credentials.

This RFC approves RFC 5389. So one can use short-term credentials.  But short-term credentials are useless if it can not be used to refresh allocation or permission.


The goal of 17.3.3 can be achieved by sending 438 with the new nonce.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC5766 (draft-ietf-behave-turn-16)
--------------------------------------
Title               : Traversal Using Relays around NAT (TURN): Relay Extensions to Session Traversal Utilities for NAT (STUN)
Publication Date    : April 2010
Author(s)           : R. Mahy, P. Matthews, J. Rosenberg
Category            : PROPOSED STANDARD
Source              : Behavior Engineering for Hindrance Avoidance
Area                : Transport
Stream              : IETF
Verifying Party     : IESG

_______________________________________________
Behave mailing list
[hidden email]
https://www.ietf.org/mailman/listinfo/behave
Loading...