Re: [MMUSIC] [rtcweb] [tram] TURN permissions for private ips
Martin Thomson <martin.thomson@gmail.com> Thu, 06 August 2015 21:36 UTC
Return-Path: <martin.thomson@gmail.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E1751A894E; Thu, 6 Aug 2015 14:36:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jzt4Ho5fRqMO; Thu, 6 Aug 2015 14:36:34 -0700 (PDT)
Received: from mail-la0-x22a.google.com (mail-la0-x22a.google.com [IPv6:2a00:1450:4010:c03::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A5F61A8951; Thu, 6 Aug 2015 14:36:34 -0700 (PDT)
Received: by labjt7 with SMTP id jt7so39479784lab.0; Thu, 06 Aug 2015 14:36:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=6oakczvHVMr/nD3LkUJmJrDW6l0K9fzkG/FFurHHiNk=; b=bm8j2EeTScXDjLzgHq+Wq4/Vd8YDdrRMVbPhlvcAdRhfLWiVmsKgMO9pi0rg80UtoS /V6Zp1EZK3Lk0GYH022BnoDwzphpYhRRmKV95Cbekfkt3oPPgTJ+UoTPigbl1FJXIjCr GGQsEjd/XKf4pDBw9pFILaSanu7BpH4lyrKoFkqLM3JGvokF9xpkJtqYm5CLur2++XuE MBrGKsVr78dYVWeFcl0MyAL6HoHAAZ2EhE1gMwuYhJTPQ/afSvyfGrWeykqLMeun4HU8 h2SMB0KODFeC2EtMV1kbcabJQ127onsUNseNwDeLcUlcdRlkSjMMIrfiaSrU8ssG42WO mPwQ==
MIME-Version: 1.0
X-Received: by 10.152.121.4 with SMTP id lg4mr4374404lab.112.1438896989786; Thu, 06 Aug 2015 14:36:29 -0700 (PDT)
Received: by 10.25.197.87 with HTTP; Thu, 6 Aug 2015 14:36:29 -0700 (PDT)
In-Reply-To: <A200625B-5402-41A8-9940-988AE1774123@vidyo.com>
References: <20150805130607.20844.70680.idtracker@ietfa.amsl.com> <CABcZeBMWVU9a1_e_47qddA04WhXG55QYzFA=dTrYgi+DuLQhKA@mail.gmail.com> <55C24293.5000603@cs.tcd.ie> <55C24C09.8020404@goodadvice.pages.de> <55C256C8.80606@jive.com> <CAOJ7v-3hyFhHiFq4eujLznXtehkUSxZati8YZ23o-RPLH=J5zg@mail.gmail.com> <F144FF61-AAC6-4E0A-B08E-0E3F9B487F1B@vidyo.com> <CAOJ7v-0Z4fmWjVaeiAJh=rpYPjUsk_k8_=g8CrecAZQWtRG1AQ@mail.gmail.com> <CABkgnnXubczrXpR+YHeF1+zNrNoPNMH_XdB1+pCAGZ9LQn0UXw@mail.gmail.com> <A200625B-5402-41A8-9940-988AE1774123@vidyo.com>
Date: Thu, 06 Aug 2015 14:36:29 -0700
Message-ID: <CABkgnnVGZAqgJeHnpoJCt5m3necLp6uuU-JBiwtJFb=7igRZwg@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Jonathan Lennox <jonathan@vidyo.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/2oQHJ4a5tZXATAD_cM5-YZVZF-M>
Cc: mmusic <mmusic@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>, "tram@ietf.org" <tram@ietf.org>
Subject: Re: [MMUSIC] [rtcweb] [tram] TURN permissions for private ips
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Aug 2015 21:36:36 -0000
On 6 August 2015 at 14:08, Jonathan Lennox <jonathan@vidyo.com> wrote: > What is the threat model/concern here? Are you trying to save 20 ms for the connectivity check, or are you concerned that the remote candidates are visible on the wire and to the turn server? Well, perhaps I'd missed the point of the thread, but my understanding was that attempting to pair TURN candidates with private address ranges had several negative characteristics: 1. they are unlikely to work 2. they expose the 1918 address to the TURN server 3. they expose the 1918 address to others (depending on whether DTLS is used to the TURN server and how far a check toward that address actually makes it through the network) 4. they consume a check slot Obviously, a lot of this hinges on the first point. If there is a reasonable chance that the pairing works, then maybe the other costs can be borne.
- Re: [MMUSIC] [tram] [rtcweb] TURN permissions for… Jonathan Lennox
- Re: [MMUSIC] [tram] [rtcweb] TURN permissions for… Justin Uberti
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Martin Thomson
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Jonathan Lennox
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Roman Shpount
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Martin Thomson
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Justin Uberti
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Emil Ivov
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Justin Uberti
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Emil Ivov
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Pal Martinsen (palmarti)
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Emil Ivov
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Justin Uberti
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Cullen Jennings
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Justin Uberti