Menu
▾
▴
Re: [Turnserver-devel] bug in allocate response?
|
From: Sebastien V. <se...@ji...> - 2012-02-10 17:36:51
|
Hi, If the client has not send its USERNAME/REALM attribute in message, server cannot determine which couple of user/password it has to compute MESSAGE-INTEGRITY. Can you send us pcap trace so that we can better analyze ? Regards -- Seb Le 10/02/12 17:58, sthustfo a écrit : > > There was a typo in there in the first sentence... I meant > MESSAGE-INTEGRITY attribute and not fingerprint. > > > On Fri, Feb 10, 2012 at 10:27 PM, sthustfo <sth...@gm... > <mailto:sth...@gm...>> wrote: > > Hi Seb, > > I am using turnserver-0.5 and seeing that the 401 response to > allocate request does not have the fingerprint attribute. This > might be the case with other responses as well, but I have not > checked. > > But RFC 5389 sec 10.2.3 mentions that > > The client looks for the MESSAGE-INTEGRITY attribute in the > response (either > success or failure). If present, the client computes the message > integrity over > the response as defined in Section 15.4, using the same password > it utilized for > the request. If the resulting value matches the contents of the > MESSAGE- > INTEGRITY attribute, the response is considered authenticated. > RFC4250 If the > value does not match, or if MESSAGE-INTEGRITY was absent, the > response MUST be > discarded, as if it was never received. This means that > retransmits, if > applicable, will continue. > > So as per the above statement, the stun/ice client might just > discard the 401 response and wait for the proper 401 response for > ever. Looking at the security perspective as well, I think adding > the message-integrity attribute makes sense even when sending > error response messages. > > Let me know what you think. > > Thanks, > sthustfo > > > > > > ------------------------------------------------------------------------------ > Virtualization& Cloud Management Using Capacity Planning > Cloud computing makes use of virtualization - but cloud computing > also focuses on allowing computing to be delivered as a service. > http://www.accelacomm.com/jaw/sfnl/114/51521223/ > > > _______________________________________________ > Turnserver-devel mailing list > Tur...@li... > https://lists.sourceforge.net/lists/listinfo/turnserver-devel |
