[BEHAVE] MESSAGE-INTEGRITY in STUN error responses
Benny Prijono <bennylp@pjsip.org> Wed, 23 May 2007 05:03 UTC
Return-path: <behave-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hqj0C-00071V-9U; Wed, 23 May 2007 01:03:12 -0400
Received: from behave by megatron.ietf.org with local (Exim 4.43) id 1Hqj0A-00071F-JF for behave-confirm+ok@megatron.ietf.org; Wed, 23 May 2007 01:03:10 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hqj0A-000717-7V for behave@ietf.org; Wed, 23 May 2007 01:03:10 -0400
Received: from mxout-03.mxes.net ([216.86.168.178]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Hqj05-0006o5-Vn for behave@ietf.org; Wed, 23 May 2007 01:03:10 -0400
Received: from [61.94.220.103] (unknown [61.94.220.103]) by smtp.mxes.net (Postfix) with ESMTP id C7A2E51999 for <behave@ietf.org>; Wed, 23 May 2007 01:03:03 -0400 (EDT)
Message-ID: <4653CAFC.1070000@pjsip.org>
Date: Wed, 23 May 2007 06:02:52 +0100
From: Benny Prijono <bennylp@pjsip.org>
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To: behave@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Subject: [BEHAVE] MESSAGE-INTEGRITY in STUN error responses
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
Errors-To: behave-bounces@ietf.org
All,
Apologies if this has been discussed, but I have some doubts
regarding the processing of STUN error responses which requests had
included MESSAGE-INTEGRITY attribute.
Few doubts:
- In 8.3.2. Processing Responses, it says
"All responses that were not discarded, whether success
responses or error responses, MUST first be authenticated
by the client."
I'm assuming that this means STUN response (success or error)
with missing or incorrect M-I will be discarded before it
reaches client transaction FSM.
And if so, I'm assuming that client would continue retransmitting
the request, as if it had not receive any response.
- If the above are true, then I think there need to be some
exception for some error responses which by definition cannot
contain M-I, so they cannot be authenticated.
Reading Section 9.1.1. "Receive Request Message", I reckon these
error responses cannot contain M-I thus client should not
authenticate them:
401 (Unauthorized)
432 (Missing Username)
434 (Missing Realm)
436 (Unknown Username)
431 (Integrity Check Failure)
And probably 420 (Unknown Attribute), and few others (I can look
for them, but for now I just want to be sure that what I'm
saying makes sense at all).
Comments?
cheers,
-benny
--
Benny Prijono
http://www.pjsip.org
_______________________________________________
Behave mailing list
Behave@ietf.org
https://www1.ietf.org/mailman/listinfo/behave
- [BEHAVE] MESSAGE-INTEGRITY in STUN error responses Benny Prijono
- Re: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Rémi Denis-Courmont
- Re: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Benny Prijono
- RE: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Dan Wing
- RE: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Dan Wing
- Re: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Benny Prijono
- RE: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Dan Wing