IETF Logo Mail Archive

Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations

Oleg Moskalenko <mom040267@gmail.com> Mon, 23 September 2013 05:36 UTC

Return-Path: <mom040267@gmail.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FECB21F9D7A for <pntaw@ietfa.amsl.com>; Sun, 22 Sep 2013 22:36:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.502
X-Spam-Level:
X-Spam-Status: No, score=-2.502 tagged_above=-999 required=5 tests=[AWL=-0.058, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XVb9q0G9amSi for <pntaw@ietfa.amsl.com>; Sun, 22 Sep 2013 22:36:35 -0700 (PDT)
Received: from mail-pa0-x231.google.com (mail-pa0-x231.google.com [IPv6:2607:f8b0:400e:c03::231]) by ietfa.amsl.com (Postfix) with ESMTP id D7A8B21F9D5D for <pntaw@ietf.org>; Sun, 22 Sep 2013 22:36:34 -0700 (PDT)
Received: by mail-pa0-f49.google.com with SMTP id ld10so3123630pab.22 for <pntaw@ietf.org>; Sun, 22 Sep 2013 22:36:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=C0cw86AEHMqkXciPXB41ZXJPxBkqL/hkZsvX6B8pS3o=; b=i0uIqGiMahyYHDFPt7R/VtYoEaKfpNcWbiqHtsAIdOylmc1EjNvb61iXeIf/LZ2eTy mvcH7ZKeIIffoDZX2eWC66GTCLHEYzDIGOJPgzKtDt0Tjf6eZKcE6fIXnkz1CB1FB/hS jbHxyBc2SFbugzoZebzMARXnZmJS+95ZVeTSOrcJk8hFNynfHtUl6qeZKeSndta6ZrKz Pn1Qlt7e17Ga6NGe50+A5c9RUfk0QtJy+Zhp9trdr4JI8CZyj693YxecYyVi4MxeCrid +2Kfh2/hPNq3i7NZffRO7knqWMhyalAVOYT1gp9+0bpBnDS7+NhkCdc9SN4xzdGHG5y/ 2w+w==
MIME-Version: 1.0
X-Received: by 10.66.169.172 with SMTP id af12mr23279391pac.23.1379914594305; Sun, 22 Sep 2013 22:36:34 -0700 (PDT)
Received: by 10.68.91.163 with HTTP; Sun, 22 Sep 2013 22:36:34 -0700 (PDT)
In-Reply-To: <9F33F40F6F2CD847824537F3C4E37DDF17BD08EA@MCHP04MSX.global-ad.net>
References: <9F33F40F6F2CD847824537F3C4E37DDF17BCF3A5@MCHP04MSX.global-ad.net> <523CCD06.3030902@gmail.com> <BLU169-W136A55AC013DA147313576D93220@phx.gbl> <523CD42E.8070102@gmail.com> <BLU169-W82036280852F26ED26283C93230@phx.gbl> <523D4F17.2040202@gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD01A8@MCHP04MSX.global-ad.net> <CALDtMrL5pT3MfbQufCphEKq0-pXj+JcfwW__wzG3T6wZ=TuWhg@mail.gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD08EA@MCHP04MSX.global-ad.net>
Date: Sun, 22 Sep 2013 22:36:34 -0700
Message-ID: <CALDtMrLcUrxseyiaPc_0AWJw3HPdaBuAS+xpviT2q=y4zmdNgw@mail.gmail.com>
From: Oleg Moskalenko <mom040267@gmail.com>
To: "Hutton, Andrew" <andrew.hutton@siemens-enterprise.com>
Content-Type: multipart/alternative; boundary="047d7bea3b1436cde004e7066780"
Cc: Bernard Aboba <bernard_aboba@hotmail.com>, "pntaw@ietf.org" <pntaw@ietf.org>, Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Subject: Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 05:36:35 -0000

On Sun, Sep 22, 2013 at 1:57 PM, Hutton, Andrew <
andrew.hutton@siemens-enterprise.com> wrote:

> On: 22 September 2013 01:57 Oleg Moskalenko WroteL
> >
> > HTTP Connect, indeed, may allow a similar functionality. But it will
> > require two things: a proxy configuration in the browsers, and an HTTP
> > Proxy set by enterprise IT department. That may be a challenge for a
> > new WebRTC project in an enterprise environment.
>
> [AndyH] - The case of an enterprise WebRTC project taking place under the
> control of the enterprise IT department although within scope is not the
> prime reason for wanting the HTTP Connect mechanism.  There are various
> options for this use case and the important thing is that the browser
> behavior is standardized and understood by the IT department.
>
> Probably more important at least for early deployments is making sure that
> a WebRTC service external to the enterprise is accessible when there is no
> IT department or when the IT department is not WebRTC aware and just wants
> it to work.  The power of WebRTC is that it brings new type of media to the
> web and it just has to work by default with additional controls possible if
> the network administrator wants to use them. If an enterprise already has a
> Web/HTTP Proxy deployed and a firewall configured to allow web traffic to
> flow via the proxy then this should also work when accessing WebRTC
> services. This has nothing to do with an enterprise deploying WebRTC for
> its own use.
>

An enterprise may have no HTTP proxy configured by default for the users
but still the enterprise may have some strict firewall rules. I know such
enterprises. Those enterprise projects will benefit from the
TURN-over-websockets protocol.

Each large enterprise IT has a complex history and complex web of policies.
If a new standard provides new capabilities and useful possible scenarios,
without imposing strict rules on IT departments, then I guess that would be
a right thing.


>
> [AndyH] As I tried to explain above the use case of prime importance is
> getting WebRTC to work with existing infrastructure and without requiring
> an enterprise to deploy stuff just because an enterprise user wants to use
> a WebRTC service maybe on a single use basis such communicating with a
> suppliers call centre.
>

I personally do not see anything wrong or criminal in a single use basis.

My understanding is that TURN-over-websockets allows WebRTC deployment
with minimal or no changes in the infrastructure. As I said before, not all
large companies are using HTTP proxy for user browsers.

v2.23.0 | Report a Bug | By Email