IETF Logo Mail Archive

Re: Last Call: <draft-nandakumar-rtcweb-stun-uri-05.txt> (URI Scheme for Session Traversal Utilities for NAT (STUN) Protocol) to Proposed Standard

Peter Saint-Andre <stpeter@stpeter.im> Thu, 15 August 2013 14:20 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5D3921F9A78 for <ietf@ietfa.amsl.com>; Thu, 15 Aug 2013 07:20:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z+oxnxLF2urV for <ietf@ietfa.amsl.com>; Thu, 15 Aug 2013 07:20:42 -0700 (PDT)
Received: from stpeter.im (mailhost.stpeter.im [207.210.219.225]) by ietfa.amsl.com (Postfix) with ESMTP id BB98E21E8156 for <ietf@ietf.org>; Thu, 15 Aug 2013 07:20:42 -0700 (PDT)
Received: from ergon.local (unknown [71.237.13.154]) (Authenticated sender: stpeter) by stpeter.im (Postfix) with ESMTPSA id 54AD3E834E; Thu, 15 Aug 2013 08:23:44 -0600 (MDT)
Message-ID: <520CE3BA.6070706@stpeter.im>
Date: Thu, 15 Aug 2013 08:20:42 -0600
From: Peter Saint-Andre <stpeter@stpeter.im>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Harald Alvestrand <harald@alvestrand.no>
Subject: Re: Last Call: <draft-nandakumar-rtcweb-stun-uri-05.txt> (URI Scheme for Session Traversal Utilities for NAT (STUN) Protocol) to Proposed Standard
References: <52095E5D.5070802@ninebynine.org> <520BD147.1040505@alvestrand.no> <520C9997.2010601@ninebynine.org> <520CA7C1.6080404@alvestrand.no> <520CE029.3070405@ninebynine.org> <520CE14D.6070505@alvestrand.no>
In-Reply-To: <520CE14D.6070505@alvestrand.no>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Cc: Graham Klyne <GK@ninebynine.org>, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2013 14:20:47 -0000

On 8/15/13 8:10 AM, Harald Alvestrand wrote:
> On 08/15/2013 04:05 PM, Graham Klyne wrote:
>> Harald,
>>
>> Briefly:
>>
>> 1. Thanks for the reference,
>>
>> and
>>
>> 2. I misunderstood what you meant by "This is a format for a piece of
>> data".  In light of your clarification, I withdraw my comments 3 & 4. 
>> Identification of the STUN service would appear to be a perfectly
>> reasonable use.
>>
>> ...
>>
>> So the remaining issues from my questions are whether the intended
>> highly constrained use of these services justifies allocating a URI
>> scheme.
>>
>> If the community consensus is that it is of sufficient value, I might
>> suggest an annotation to the scheme registration along the lines of:
>>
>> "This URI scheme is intended for use in very specific NAT traversal
>> environments, and should not be used otherwise on the open Web or
>> Internet."
>>
>> Would such a comment run contrary to your expectations for its use?
> 
> I would prefer to run the comment as "This scheme is intended for use in
> specific environments that involve NAT traversal. Users of the scheme
> need to carefully consider the security properties of the context in
> which they are using it."
> 
> Echoing the warning in the STUN scheme - "use this when you know what
> you're doing only".
> 
> Frankly, like Hadriel indicated, I have no idea whether it will be
> useful in other contexts or not, 

I tend to think not.

> and I'm hesitant to put language that
> seems to claim that we've evaluated all possible contexts 

Agreed.

> and say that
> there aren't other contexts in which it can be useful.

Too many negatives. :-) You are hesitant to say that it won't be useful
in other contexts, or you would prefer to say that it was designed for a
specific contexts and probably wouldn't be useful outside that context?

Peter

-- 
Peter Saint-Andre
https://stpeter.im/

v2.23.0 | Report a Bug | By Email