Re: [BEHAVE] [rtcweb] New Version Notification for draft-chenxin-behave-turn-websocket-00.txt
"Hutton, Andrew" <andrew.hutton@siemens-enterprise.com> Tue, 21 May 2013 13:34 UTC
Return-Path: <andrew.hutton@siemens-enterprise.com>
X-Original-To: behave@ietfa.amsl.com
Delivered-To: behave@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDC3121F96BC; Tue, 21 May 2013 06:34:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.467
X-Spam-Level:
X-Spam-Status: No, score=-2.467 tagged_above=-999 required=5 tests=[AWL=0.131, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rhvj8cANgMSj; Tue, 21 May 2013 06:34:12 -0700 (PDT)
Received: from senmx11-mx.siemens-enterprise.com (senmx11-mx.siemens-enterprise.com [62.134.46.9]) by ietfa.amsl.com (Postfix) with ESMTP id AD4EF21F974B; Tue, 21 May 2013 06:34:11 -0700 (PDT)
Received: from MCHP02HTC.global-ad.net (unknown [172.29.42.235]) by senmx11-mx.siemens-enterprise.com (Server) with ESMTP id 477811EB851A; Tue, 21 May 2013 15:34:10 +0200 (CEST)
Received: from MCHP04MSX.global-ad.net ([169.254.1.159]) by MCHP02HTC.global-ad.net ([172.29.42.235]) with mapi id 14.02.0328.009; Tue, 21 May 2013 15:34:10 +0200
From: "Hutton, Andrew" <andrew.hutton@siemens-enterprise.com>
To: Simon Pietro Romano <spromano@unina.it>
Thread-Topic: [rtcweb] New Version Notification for draft-chenxin-behave-turn-websocket-00.txt
Thread-Index: AQHOVTqUu83hGBO03EOmioPLICQbqpkN5f0AgABIK4CAAXZogA==
Date: Tue, 21 May 2013 13:34:09 +0000
Message-ID: <9F33F40F6F2CD847824537F3C4E37DDF1159E317@MCHP04MSX.global-ad.net>
References: <9E34D50A21D1D1489134B4D770CE03974C6DC83A@szxeml538-mbs.china.huawei.com> <9F33F40F6F2CD847824537F3C4E37DDF11599668@MCHP04MSX.global-ad.net> <BLU169-W4995BC8B88C6AD60F4CA5093A20@phx.gbl> <9F33F40F6F2CD847824537F3C4E37DDF1159A209@MCHP04MSX.global-ad.net> <6F6B2040-A8C7-4B37-928E-5072F06E9894@tokbox.com> <20130520111522.1b7e2eb1@meetecho.com> <9F33F40F6F2CD847824537F3C4E37DDF1159CF9B@MCHP04MSX.global-ad.net> <3094D7F4-1DBE-4557-8815-3067AE07E219@unina.it>
In-Reply-To: <3094D7F4-1DBE-4557-8815-3067AE07E219@unina.it>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.29.42.225]
Content-Type: multipart/alternative; boundary="_000_9F33F40F6F2CD847824537F3C4E37DDF1159E317MCHP04MSXglobal_"
MIME-Version: 1.0
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, Lorenzo Miniero <lorenzo@meetecho.com>, "behave@ietf.org" <behave@ietf.org>, Gustavo García <ggb@tokbox.com>
Subject: Re: [BEHAVE] [rtcweb] New Version Notification for draft-chenxin-behave-turn-websocket-00.txt
X-BeenThere: behave@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: mailing list of BEHAVE IETF WG <behave.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/behave>, <mailto:behave-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/behave>
List-Post: <mailto:behave@ietf.org>
List-Help: <mailto:behave-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/behave>, <mailto:behave-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 May 2013 13:34:17 -0000
Hi Simon I believe all possible solutions deserve attention however my feeling is that the HTTP Connect based mechanism for connecting to the TURN server via TURN/TCP/TLS has a good chance of being implemented by browsers. What I would really like to happen is for draft-hutton-rtcweb-nat-firewall-considerations to be adopted and progressed by the WG to describe the preferred solution whatever it might be. In the next update we could add some text describing the alternatives to the HTTP CONNECT based mechanism to promote further discussion at least we seem to have some agreement that a solution is needed. Regards Andy From: Simon Pietro Romano [mailto:spromano@unina.it] Sent: 20 May 2013 18:12 To: Hutton, Andrew Cc: Lorenzo Miniero; Gustavo García; behave@ietf.org; rtcweb@ietf.org Subject: Re: [rtcweb] New Version Notification for draft-chenxin-behave-turn-websocket-00.txt I keep on thinking that the solution depicted in http://tools.ietf.org/id/draft-miniero-rtcweb-http-fallback-00.txt deserves attention. Simon Il giorno 20/mag/2013, alle ore 13:06, Hutton, Andrew ha scritto: Regarding the HTTP fallback and whether this could be adapted to be a TURN over HTTP based solution then I think the same comments that were made on the TURN over websockets apply. What are the benefits of creating a new transport for TURN over what we can do using HTTP Connect as described in http://tools.ietf.org/html/draft-hutton-rtcweb-nat-firewall-considerations-00. Having said that I am really happy we are having this debate as we really need to find a solution here that the browser vendors will implement so I would really like to know which options they prefer. I really hope we can get draft-hutton-rtcweb-nat-firewall-considerations adopted and use it to document whatever the working group agrees on being the right solution. Regards Andy -----Original Message----- From: Lorenzo Miniero [mailto:lorenzo@meetecho.com] Sent: 20 May 2013 10:15 To: Gustavo García Cc: Hutton, Andrew; rtcweb@ietf.org<mailto:rtcweb@ietf.org>; behave@ietf.org<mailto:behave@ietf.org> Subject: Re: [rtcweb] New Version Notification for draft-chenxin- behave-turn-websocket-00.txt Il giorno Sun, 19 May 2013 23:20:41 -0700 Gustavo García <ggb@tokbox.com<mailto:ggb@tokbox.com>> ha scritto: I agree that TURN over websockets doesn't solve much more scenarios than TURN/TLS. If trying to fix HTTP Proxy traversal why not doing it over HTTP that aside of philosophical discussions would be the solution with better success rate? Otherwise we will have to continue answering for another 10 years "why is this app not working if skype does". Something like this draft sent some months ago but perhaps for TURN instead of direct connections: http://tools.ietf.org/id/draft-miniero-rtcweb-http-fallback-00.txt When I submitted that draft this summer, I had that exact purpose in mind, that is taking care of corner edge cases like restrictive proxies and the like. Of course it was not meant to be a solution, just a way to foster discussion in that direction. In that discussion I also mentioned some work we did about this in the past, which in part apparently ended up in draft-hutton-rtcweb-nat-firewall-considerations: http://www.ietf.org/mail-archive/web/rtcweb/current/msg05041.html At the time most people in the ML thought it was either too useless, too complex or even harmful, considering it could be considered as a "sneaky" way to circumvent rules added by a network administrator, and so unacceptable. Anyway, as I said back then, a solution like this doesn't have to be sneaky, and it could very well be conceived in order to be admin-friendly rather than have a parrot and a wooden leg. Whether we actually need something like this or TURN-over-443 is enough I don't know: I still think it may be useful to tackle scenarios where everything else fails (the "skype works here" effect), so I'd be glad to be of help in that direction if needed. Lorenzo On 16/05/2013, at 01:28, Hutton, Andrew wrote: I agree with Bernard's comments regarding the impact of DPI but of course such DPI devices do what they do and we can't and even don't want to stop them from doing it. However for the case when policy is such that the firewall will only allow traffic to traverse that comes from the HTTP Proxy or a network specific TURN server and there is no deliberate policy to block WebRTC media we need a solution and this is what draft-hutton-rtcweb-nat-firewall-considerations-00 addresses. So far I don't see the benefit that TURN over websockets would have in this scenario and it needs additional implementation in the browser and the TURN server. Regards Andy -----Original Message----- From: Bernard Aboba [mailto:bernard_aboba@hotmail.com] Sent: 15 May 2013 18:20 To: Hutton, Andrew; Chenxin (Xin); behave@ietf.org<mailto:behave@ietf.org>; rtcweb@ietf.org<mailto:rtcweb@ietf.org> Subject: RE: [rtcweb] FW: New Version Notification for draft-chenxin- behave-turn-websocket-00.txt Andrew Hutton said: When we wrote the draft http://tools.ietf.org/html/draft-hutton- rtcweb-nat-firewall-considerations-00 we did not include this option because we did not see the benefit of additional transport options for TURN given that the existing options (E.g. TURN/TCP and TURN/TLS) seem to be meet our needs. So what would be the benefits that justify this addition transport option for TURN? [BA] In my experience, institutions with very restrictive security policies (e.g. those that don't allow UDP in or out) also tend to deploy other measures such as deep packet inspection. So just because some traffic is allowed in or out on port 80 does not mean that TURN/TCP will be allowed on that port - a DPI box may examine the traffic and complain if it doesn't see HTTP being used. On the other hand, unless the DPI box is upgraded, it will also complain about websockets. So I think draft-chenxin only helps in a situation where TURN over Websockets would be allowed when TURN/TCP would not be. That scenario is rare, at least at the moment. The argument for TURN over Websocket/TLS is even more difficult to make. While DPI boxes may examine traffic destined to port 443 carefully to make sure that TLS is really being used, assuming that the DPI box does not see anything it considers fishy, the TLS exchange will complete and the DPI box will lose visibility. After TLS is running, the DPI box does not have much information available to distinguish TURN/TLS from HTTP over TLS, with or without websockets -- and those things it does have (such as packet size) are as likely to result in an objection to websocket transport as TURN/TLS. So I'm not sure that draft-chenxin will help in that situation either. _______________________________________________ rtcweb mailing list rtcweb@ietf.org<mailto:rtcweb@ietf.org> https://www.ietf.org/mailman/listinfo/rtcweb _______________________________________________ rtcweb mailing list rtcweb@ietf.org<mailto:rtcweb@ietf.org> https://www.ietf.org/mailman/listinfo/rtcweb _______________________________________________ rtcweb mailing list rtcweb@ietf.org<mailto:rtcweb@ietf.org> https://www.ietf.org/mailman/listinfo/rtcweb _\\|//_ ( O-O ) ~~~~~~~~~~~~~~~~~~~~~~o00~~(_)~~00o~~~~~~~~~~~~~~~~~~~~~~~~ Simon Pietro Romano Universita' di Napoli Federico II Computer Engineering Department Phone: +39 081 7683823 -- Fax: +39 081 7683816 e-mail: spromano@unina.it<mailto:spromano@unina.it> <<Molti mi dicono che lo scoraggiamento Ë l'alibi degli idioti. Ci rifletto un istante; e mi scoraggio>>. Magritte. oooO ~~~~~~~~~~~~~~~~~~~~~~~( )~~~ Oooo~~~~~~~~~~~~~~~~~~~~~~~~~ \ ( ( ) \_) ) / (_/
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Bernard Aboba
- [BEHAVE] FW: New Version Notification for draft-c… Chenxin (Xin)
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Tirumaleswar Reddy (tireddy)
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Chenxin (Xin)
- Re: [BEHAVE] [rtcweb] FW: New Version Notificatio… Chenxin (Xin)
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Gustavo García
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Lorenzo Miniero
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Simon Pietro Romano
- [BEHAVE] [rtcweb] Why? Quality! New Version Notif… Karl Stahl
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Simon Perreault
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Simon Perreault
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Karl Stahl
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Chenxin (Xin)
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Bernard Aboba
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Simon Perreault
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Olle E. Johansson
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Karl Stahl
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Karl Stahl
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Karl Stahl
- Re: [BEHAVE] [rtcweb] Why? Quality! New Version N… Matthew Kaufman (SKYPE)
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Marc Petit-Huguenin
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Hutton, Andrew
- Re: [BEHAVE] [rtcweb] New Version Notification fo… Richard Barnes