search

qyt / rfc5766-turn-server

Automatically exported from code.google.com/p/rfc5766-turn-server
0 stars 0 forks source link

Data indications should not contain MESSAGE-INTEGRITY (if long-term credentials are in use) #106

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Establish a TURN allocation, authenticate with long-ter credentials, and 
install a permission.
2. Send data to the relay address from the permission address.
3. Observe the DATA indication message.

What is the expected output? What do you see instead?

I expect to see a DATA indication carrying DATA and XOR-PEER-ADDRESS 
attributes.  The indication I receive also has a MESSAGE-INTEGRITY attribute.

What version of the product are you using? On what operating system?

turnserver-3.2.2.7, Ubuntu 12.04, auth credentials in redis

Please provide any additional information below.

RFC 5389 says:

   Note that the long-term credential mechanism cannot be used to
   protect indications, since indications cannot be challenged.  Usages
   utilizing indications must either use a short-term credential or omit
   authentication and message integrity for them.

Original issue reported on code.google.com by jonathan...@gmail.com on 18 Feb 2014 at 10:15

GoogleCodeExporter commented 9 years ago 
Some third-party client libraries were expecting that in the indication - so 
that was done intentionally. But may be it is time to remove that. I'll fix it 
in 3.2.2.8.

Original comment by mom040...@gmail.com on 18 Feb 2014 at 10:18

GoogleCodeExporter commented 9 years ago 
If someone still needs it for backward compatibility you could make it a flag, 
I suppose.

Original comment by jonathan...@gmail.com on 18 Feb 2014 at 10:20

GoogleCodeExporter commented 9 years ago 
The problem is that Jitsu turnserver puts INTEGRITY in the indications. And the 
Jitsu clients expect that. So if I'll remove it, the Jitsu clients will stop 
working. I do not want to brake them, so I do not know whether we want to fix 
that.

Original comment by mom040...@gmail.com on 19 Feb 2014 at 4:54

GoogleCodeExporter commented 9 years ago 
OK, I'll make a flag, I suppose.

Original comment by mom040...@gmail.com on 19 Feb 2014 at 5:01

GoogleCodeExporter commented 9 years ago 
Or may be I'll wait till anybody complain about the new behavior.

Original comment by mom040...@gmail.com on 19 Feb 2014 at 5:07

GoogleCodeExporter commented 9 years ago

Original comment by mom040...@gmail.com on 22 Feb 2014 at 8:32