Re: [MMUSIC] [rtcweb] [tram] TURN permissions for private ips
Justin Uberti <juberti@google.com> Fri, 07 August 2015 00:01 UTC
Return-Path: <juberti@google.com>
X-Original-To: mmusic@ietfa.amsl.com
Delivered-To: mmusic@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2CC51B3D74 for <mmusic@ietfa.amsl.com>; Thu, 6 Aug 2015 17:01:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.388
X-Spam-Level:
X-Spam-Status: No, score=-1.388 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QpW5ZogYicCg for <mmusic@ietfa.amsl.com>; Thu, 6 Aug 2015 17:01:24 -0700 (PDT)
Received: from mail-vk0-x22b.google.com (mail-vk0-x22b.google.com [IPv6:2607:f8b0:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 289721B3D79 for <mmusic@ietf.org>; Thu, 6 Aug 2015 17:01:24 -0700 (PDT)
Received: by vkfx1 with SMTP id x1so4460118vkf.0 for <mmusic@ietf.org>; Thu, 06 Aug 2015 17:01:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=+jvOtPiCLesNSSM3LOjkJIqc2tv5/rdaGiTjAxd/OXQ=; b=Z12dJog1Bt5k4sEN9+FjGIcjd7bQHCSQb+RSOmLSVIzRXGaEBTEdB71HQX5Jtnt4JD rsoWu8GGRDLZ3GNONa2L0Cw+SC1YPMMKbGIXuQ2wnFPulbPIFX0ZWgHJUuRseLkwdOF4 i5gZTKJp+0+O5WWxqGk8beCxNwgT3W3nQQltST6qNrw9iPHQrRnQHCNENyGPCIDhyCG7 0A41bi1Ndx5oyuObGU/CQa6xjLWn3bcgPWxkURiX89vXrO3T4zninA3cY4IeRxqEt1Pt RvwuhLkcnSLSdfEXE+N5/QO6zcdtB5MwniJRHc5CVPc//TgcY6pg9Lk3Um/x2v2Sw8VI LSrg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=+jvOtPiCLesNSSM3LOjkJIqc2tv5/rdaGiTjAxd/OXQ=; b=lLMkF9SU6RkopIjWzgRd7JUbaFpczWmGOc7gHm3A2luy9JMzxznWBtnty3/GrBd3Vi S95cC+MJ3osEvTTcmdiqTmoxU+lSA6M9c+IIqarKijrXjKqDNNaSgDcxgg+fyz/sXe7o cPb/Q8tuCkVQ93g6lCT24n5Zv+SRmGyiGc5ye7wGU26SfKBgYk8SqWxvLeFLJ3CbyFyu r6lvaZqqJSszb6BO3x81JM8RnqfUGHlzvZIs5bXjB0JFBTx8tbx4yM/txdWPwN5suFTD SdYdWNIJ5I3OuDRuT0NjGpC1ulmuPtLeUJH2mqoqMvmH5zOPlv8Q07yWMeVPixytgRXX vapw==
X-Gm-Message-State: ALoCoQmkDtFDnFnWhnV/mXrLgmHcjnJuk4OqDmtWxjUV4ozAZH/0/vu3b99GwjD3QTJ92RaU/CCe
X-Received: by 10.52.186.72 with SMTP id fi8mr5242407vdc.19.1438905683283; Thu, 06 Aug 2015 17:01:23 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.191.87 with HTTP; Thu, 6 Aug 2015 17:01:03 -0700 (PDT)
In-Reply-To: <CABkgnnXubczrXpR+YHeF1+zNrNoPNMH_XdB1+pCAGZ9LQn0UXw@mail.gmail.com>
References: <20150805130607.20844.70680.idtracker@ietfa.amsl.com> <CABcZeBMWVU9a1_e_47qddA04WhXG55QYzFA=dTrYgi+DuLQhKA@mail.gmail.com> <55C24293.5000603@cs.tcd.ie> <55C24C09.8020404@goodadvice.pages.de> <55C256C8.80606@jive.com> <CAOJ7v-3hyFhHiFq4eujLznXtehkUSxZati8YZ23o-RPLH=J5zg@mail.gmail.com> <F144FF61-AAC6-4E0A-B08E-0E3F9B487F1B@vidyo.com> <CAOJ7v-0Z4fmWjVaeiAJh=rpYPjUsk_k8_=g8CrecAZQWtRG1AQ@mail.gmail.com> <CABkgnnXubczrXpR+YHeF1+zNrNoPNMH_XdB1+pCAGZ9LQn0UXw@mail.gmail.com>
From: Justin Uberti <juberti@google.com>
Date: Thu, 06 Aug 2015 17:01:03 -0700
Message-ID: <CAOJ7v-2PaLr8XLdVxfPY=YYzeQuoj49qypUTUr=wdbmSiMZO7A@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="bcaec548a8211e4346051cad56b4"
Archived-At: <http://mailarchive.ietf.org/arch/msg/mmusic/ioSs14T_RRGFOZmK30z2HxpwY4k>
Cc: Jonathan Lennox <jonathan@vidyo.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>, "tram@ietf.org" <tram@ietf.org>, mmusic <mmusic@ietf.org>
Subject: Re: [MMUSIC] [rtcweb] [tram] TURN permissions for private ips
X-BeenThere: mmusic@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Multiparty Multimedia Session Control Working Group <mmusic.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mmusic>, <mailto:mmusic-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mmusic/>
List-Post: <mailto:mmusic@ietf.org>
List-Help: <mailto:mmusic-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mmusic>, <mailto:mmusic-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Aug 2015 00:01:25 -0000
On Thu, Aug 6, 2015 at 1:51 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 6 August 2015 at 13:08, Justin Uberti <juberti@google.com> wrote: > > I think that we should be able to avoid pairing candidates obtained from > > application TURN servers with RFC 1918 addresses. The app/browser clearly > > knows which is which. > > I'm concerned here that if we let the application choose, we lose the > defence we were looking to gain. I think that perhaps 1918 pairing > could be restricted to TURN servers that are configured/discovered, > "proxy"-style. > Sorry, that is what I was trying to say. The browser knows which turn servers are "proxies" vs app servers, and can apply the 1918 filtering on the pairings from the candidates from the app TURN server. Agree with your enumeration of concerns as well. Also #5, they consume bandwidth (at least from client to TURN server), which affects maximum check rate in some cases.
- Re: [MMUSIC] [tram] [rtcweb] TURN permissions for… Jonathan Lennox
- Re: [MMUSIC] [tram] [rtcweb] TURN permissions for… Justin Uberti
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Martin Thomson
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Jonathan Lennox
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Roman Shpount
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Martin Thomson
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Justin Uberti
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Emil Ivov
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Justin Uberti
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Emil Ivov
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Pal Martinsen (palmarti)
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Emil Ivov
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Justin Uberti
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Cullen Jennings
- Re: [MMUSIC] [rtcweb] [tram] TURN permissions for… Justin Uberti