[BEHAVE] MESSAGE-INTEGRITY in STUN error responses
Benny Prijono <bennylp@pjsip.org> Wed, 23 May 2007 05:03 UTC
Return-path: <behave-bounces@ietf.org>
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hqj0C-00071V-9U; Wed, 23 May 2007 01:03:12 -0400
Received: from behave by megatron.ietf.org with local (Exim 4.43) id 1Hqj0A-00071F-JF for behave-confirm+ok@megatron.ietf.org; Wed, 23 May 2007 01:03:10 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Hqj0A-000717-7V for behave@ietf.org; Wed, 23 May 2007 01:03:10 -0400
Received: from mxout-03.mxes.net ([216.86.168.178]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Hqj05-0006o5-Vn for behave@ietf.org; Wed, 23 May 2007 01:03:10 -0400
Received: from [61.94.220.103] (unknown [61.94.220.103]) by smtp.mxes.net (Postfix) with ESMTP id C7A2E51999 for <behave@ietf.org>; Wed, 23 May 2007 01:03:03 -0400 (EDT)
Message-ID: <4653CAFC.1070000@pjsip.org>
Date: Wed, 23 May 2007 06:02:52 +0100
From: Benny Prijono <bennylp@pjsip.org>
User-Agent: Thunderbird 1.5.0.10 (Windows/20070221)
MIME-Version: 1.0
To: behave@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 538aad3a3c4f01d8b6a6477ca4248793
Subject: [BEHAVE] MESSAGE-INTEGRITY in STUN error responses
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
Errors-To: behave-bounces@ietf.org
All, Apologies if this has been discussed, but I have some doubts regarding the processing of STUN error responses which requests had included MESSAGE-INTEGRITY attribute. Few doubts: - In 8.3.2. Processing Responses, it says "All responses that were not discarded, whether success responses or error responses, MUST first be authenticated by the client." I'm assuming that this means STUN response (success or error) with missing or incorrect M-I will be discarded before it reaches client transaction FSM. And if so, I'm assuming that client would continue retransmitting the request, as if it had not receive any response. - If the above are true, then I think there need to be some exception for some error responses which by definition cannot contain M-I, so they cannot be authenticated. Reading Section 9.1.1. "Receive Request Message", I reckon these error responses cannot contain M-I thus client should not authenticate them: 401 (Unauthorized) 432 (Missing Username) 434 (Missing Realm) 436 (Unknown Username) 431 (Integrity Check Failure) And probably 420 (Unknown Attribute), and few others (I can look for them, but for now I just want to be sure that what I'm saying makes sense at all). Comments? cheers, -benny -- Benny Prijono http://www.pjsip.org _______________________________________________ Behave mailing list Behave@ietf.org https://www1.ietf.org/mailman/listinfo/behave
- [BEHAVE] MESSAGE-INTEGRITY in STUN error responses Benny Prijono
- Re: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Rémi Denis-Courmont
- Re: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Benny Prijono
- RE: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Dan Wing
- RE: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Dan Wing
- Re: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Benny Prijono
- RE: [BEHAVE] MESSAGE-INTEGRITY in STUN error resp… Dan Wing