Re: [BEHAVE] [rtcweb] New Version Notification for draft-chenxin-behave-turn-websocket-00.txt
"Hutton, Andrew" <andrew.hutton@siemens-enterprise.com> Mon, 20 May 2013 11:06 UTC
Return-Path: <andrew.hutton@siemens-enterprise.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BA6421F912C; Mon, 20 May 2013 04:06:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.269
X-Spam-Level:
X-Spam-Status: No, score=-2.269 tagged_above=-999 required=5 tests=[AWL=0.030, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Io7+nY8zucjz; Mon, 20 May 2013 04:06:38 -0700 (PDT)
Received: from senmx11-mx.siemens-enterprise.com (senmx11-mx.siemens-enterprise.com [62.134.46.9]) by ietfa.amsl.com (Postfix) with ESMTP id F313221F8A14; Mon, 20 May 2013 04:06:37 -0700 (PDT)
Received: from MCHP02HTC.global-ad.net (unknown [172.29.42.235]) by senmx11-mx.siemens-enterprise.com (Server) with ESMTP id BC18C1EB84EE; Mon, 20 May 2013 13:06:36 +0200 (CEST)
Received: from MCHP04MSX.global-ad.net ([169.254.1.159]) by MCHP02HTC.global-ad.net ([172.29.42.235]) with mapi id 14.02.0328.009; Mon, 20 May 2013 13:06:36 +0200
From: "Hutton, Andrew" <andrew.hutton@siemens-enterprise.com>
To: Lorenzo Miniero <lorenzo@meetecho.com>, Gustavo García <ggb@tokbox.com>
Thread-Topic: [rtcweb] New Version Notification for draft-chenxin-behave-turn-websocket-00.txt
Thread-Index: AQHOVTqUu83hGBO03EOmioPLICQbqpkN5f0A
Date: Mon, 20 May 2013 11:06:35 +0000
Message-ID: <9F33F40F6F2CD847824537F3C4E37DDF1159CF9B@MCHP04MSX.global-ad.net>
References: <9E34D50A21D1D1489134B4D770CE03974C6DC83A@szxeml538-mbs.china.huawei.com> <9F33F40F6F2CD847824537F3C4E37DDF11599668@MCHP04MSX.global-ad.net> <BLU169-W4995BC8B88C6AD60F4CA5093A20@phx.gbl> <9F33F40F6F2CD847824537F3C4E37DDF1159A209@MCHP04MSX.global-ad.net> <6F6B2040-A8C7-4B37-928E-5072F06E9894@tokbox.com> <20130520111522.1b7e2eb1@meetecho.com>
In-Reply-To: <20130520111522.1b7e2eb1@meetecho.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.29.42.225]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Cc: "behave@ietf.org" <behave@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [BEHAVE] [rtcweb] New Version Notification for draft-chenxin-behave-turn-websocket-00.txt
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 May 2013 11:06:48 -0000
Regarding the HTTP fallback and whether this could be adapted to be a TURN over HTTP based solution then I think the same comments that were made on the TURN over websockets apply. What are the benefits of creating a new transport for TURN over what we can do using HTTP Connect as described in http://tools.ietf.org/html/draft-hutton-rtcweb-nat-firewall-considerations-00. Having said that I am really happy we are having this debate as we really need to find a solution here that the browser vendors will implement so I would really like to know which options they prefer. I really hope we can get draft-hutton-rtcweb-nat-firewall-considerations adopted and use it to document whatever the working group agrees on being the right solution. Regards Andy > -----Original Message----- > From: Lorenzo Miniero [mailto:lorenzo@meetecho.com] > Sent: 20 May 2013 10:15 > To: Gustavo García > Cc: Hutton, Andrew; rtcweb@ietf.org; behave@ietf.org > Subject: Re: [rtcweb] New Version Notification for draft-chenxin- > behave-turn-websocket-00.txt > > Il giorno Sun, 19 May 2013 23:20:41 -0700 > Gustavo García <ggb@tokbox.com> ha scritto: > > > I agree that TURN over websockets doesn't solve much more scenarios > > than TURN/TLS. If trying to fix HTTP Proxy traversal why not doing > > it over HTTP that aside of philosophical discussions would be the > > solution with better success rate? Otherwise we will have to > > continue answering for another 10 years "why is this app not working > > if skype does". > > > > Something like this draft sent some months ago but perhaps for TURN > > instead of direct connections: > > http://tools.ietf.org/id/draft-miniero-rtcweb-http-fallback-00.txt > > > > > When I submitted that draft this summer, I had that exact purpose in > mind, that is taking care of corner edge cases like restrictive proxies > and the like. Of course it was not meant to be a solution, just a way > to foster discussion in that direction. In that discussion I also > mentioned some work we did about this in the past, which in part > apparently ended up in draft-hutton-rtcweb-nat-firewall-considerations: > > http://www.ietf.org/mail-archive/web/rtcweb/current/msg05041.html > > At the time most people in the ML thought it was either too useless, > too complex or even harmful, considering it could be considered as a > "sneaky" way to circumvent rules added by a network administrator, and > so unacceptable. Anyway, as I said back then, a solution like this > doesn't have to be sneaky, and it could very well be conceived in order > to be admin-friendly rather than have a parrot and a wooden leg. > > Whether we actually need something like this or TURN-over-443 is enough > I don't know: I still think it may be useful to tackle scenarios where > everything else fails (the "skype works here" effect), so I'd be glad > to be of help in that direction if needed. > > Lorenzo > > > > > On 16/05/2013, at 01:28, Hutton, Andrew wrote: > > > > > I agree with Bernard's comments regarding the impact of DPI but of > > > course such DPI devices do what they do and we can't and even don't > > > want to stop them from doing it. However for the case when policy > > > is such that the firewall will only allow traffic to traverse that > > > comes from the HTTP Proxy or a network specific TURN server and > > > there is no deliberate policy to block WebRTC media we need a > > > solution and this is what > > > draft-hutton-rtcweb-nat-firewall-considerations-00 addresses. > > > > > > So far I don't see the benefit that TURN over websockets would have > > > in this scenario and it needs additional implementation in the > > > browser and the TURN server. > > > > > > Regards > > > Andy > > > > > > > > >> -----Original Message----- > > >> From: Bernard Aboba [mailto:bernard_aboba@hotmail.com] > > >> Sent: 15 May 2013 18:20 > > >> To: Hutton, Andrew; Chenxin (Xin); behave@ietf.org; > rtcweb@ietf.org > > >> Subject: RE: [rtcweb] FW: New Version Notification for > > >> draft-chenxin- behave-turn-websocket-00.txt > > >> > > >> Andrew Hutton said: > > >>> When we wrote the draft http://tools.ietf.org/html/draft-hutton- > > >> rtcweb-nat-firewall-considerations-00 we did not include this > > >> option because we did not see the benefit of additional transport > > >> options for TURN given that the existing options (E.g. TURN/TCP > > >> and TURN/TLS) seem to be meet our needs. > > >>> > > >>> So what would be the benefits that justify this addition > transport > > >> option for TURN? > > >> > > >> [BA] In my experience, institutions with very restrictive > security > > >> policies (e.g. those that don't allow UDP in or out) also tend to > > >> deploy other measures such as deep packet inspection. So just > > >> because some traffic is allowed in or out on port 80 does not mean > > >> that TURN/TCP will be allowed on that port - a DPI box may examine > > >> the traffic and complain if it doesn't see HTTP being used. On > > >> the other hand, unless the DPI box is upgraded, it will also > > >> complain about websockets. So I think draft-chenxin only helps in > > >> a situation where TURN over Websockets would be allowed when > > >> TURN/TCP would not be. That scenario is rare, at least at the > > >> moment. > > >> > > >> The argument for TURN over Websocket/TLS is even more difficult to > > >> make. While DPI boxes may examine traffic destined to port 443 > > >> carefully to make sure that TLS is really being used, assuming > > >> that the DPI box does not see anything it considers fishy, the TLS > > >> exchange will complete and the DPI box will lose visibility. > > >> After TLS is running, the DPI box does not have much information > > >> available to distinguish TURN/TLS from HTTP over TLS, with or > > >> without websockets -- and those things it does have (such as > > >> packet size) are as likely to result in an objection to websocket > > >> transport as TURN/TLS. So I'm not sure that draft-chenxin will > > >> help in that situation either. > > > > > > > > > > > > > > > _______________________________________________ > > > rtcweb mailing list > > > rtcweb@ietf.org > > > https://www.ietf.org/mailman/listinfo/rtcweb > > > > _______________________________________________ > > rtcweb mailing list > > rtcweb@ietf.org > > https://www.ietf.org/mailman/listinfo/rtcweb
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Bernard Aboba
- [BEHAVE] FW: New Version Notification for draft-c… Chenxin (Xin)
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Tirumaleswar Reddy (tireddy)
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Chenxin (Xin)
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Chenxin (Xin)
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Gustavo García
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Lorenzo Miniero
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Simon Pietro Romano
- [BEHAVE] [rtcweb] Why? Quality! New Version Notif… Karl Stahl
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Simon Perreault
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Simon Perreault
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Karl Stahl
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Chenxin (Xin)
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Bernard Aboba
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Simon Perreault
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Olle E. Johansson
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Karl Stahl
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Karl Stahl
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Karl Stahl
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Matthew Kaufman (SKYPE)
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Marc Petit-Huguenin
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Richard Barnes