IETF Logo Mail Archive

Re: [pntaw] TURN over websockets

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Fri, 30 August 2013 13:53 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9393E11E8111 for <pntaw@ietfa.amsl.com>; Fri, 30 Aug 2013 06:53:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E9+ex83V2ary for <pntaw@ietfa.amsl.com>; Fri, 30 Aug 2013 06:53:39 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) by ietfa.amsl.com (Postfix) with ESMTP id BAF6D21F9F5B for <pntaw@ietf.org>; Fri, 30 Aug 2013 06:53:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2018; q=dns/txt; s=iport; t=1377870819; x=1379080419; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=Lfd1zMGN6qz9eW4hSkb7AhXjIhmDRM9WLHH/qwvNkas=; b=iG2jUkFbSSxloVfH9fHVECyGvEFcJfg1a6NrcUhMl3QtiblgxTd3/D8X 90DmNSBXIN9ak2vuJcd/H0pY8pmslHE7XWwUR9RAzscaUzITKzcVngbCw MV6GxLEVl7JpBlwKtA6OAa4znwj5RM+qEL4VKnuDaQBoQCuxdY+Q3C+Ta M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AhwFAKCiIFKtJXG//2dsb2JhbABagwc1UcBPgR4WdIIkAQEBBAEBATc0FwQCAQgRBAEBCxQJBycLFAkIAgQBEggTh2YMuTaPQzgGgxaBAAOUGYUJkDeDIIIq
X-IronPort-AV: E=Sophos;i="4.89,990,1367971200"; d="scan'208";a="250734643"
Received: from rcdn-core2-4.cisco.com ([173.37.113.191]) by rcdn-iport-9.cisco.com with ESMTP; 30 Aug 2013 13:53:38 +0000
Received: from xhc-rcd-x12.cisco.com (xhc-rcd-x12.cisco.com [173.37.183.86]) by rcdn-core2-4.cisco.com (8.14.5/8.14.5) with ESMTP id r7UDrcE1020624 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 30 Aug 2013 13:53:38 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.8]) by xhc-rcd-x12.cisco.com ([173.37.183.86]) with mapi id 14.02.0318.004; Fri, 30 Aug 2013 08:53:38 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>, "pntaw@ietf.org" <pntaw@ietf.org>
Thread-Topic: [pntaw] TURN over websockets
Thread-Index: AQHOpVzYlJ1THI1FykWlGCDZp+nOV5mtdRzA
Date: Fri, 30 Aug 2013 13:53:37 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A19034557@xmb-rcd-x10.cisco.com>
References: <52205AE1.9010807@gmail.com>
In-Reply-To: <52205AE1.9010807@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.32.182]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [pntaw] TURN over websockets
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Aug 2013 13:53:44 -0000

The other way to solve the Firewall problem is use PCP. For more details refer to sections 3.1, 3.2 of draft http://tools.ietf.org/html/draft-penno-rtcweb-pcp-00 which addresses the problem of Enterprise Firewalls permitting P2P media streams. 

-Tiru.

> -----Original Message-----
> From: pntaw-bounces@ietf.org [mailto:pntaw-bounces@ietf.org] On Behalf Of
> Sergio Garcia Murillo
> Sent: Friday, August 30, 2013 2:12 PM
> To: pntaw@ietf.org
> Subject: [pntaw] TURN over websockets
> 
> Hi all,
> 
> I will shoot first.
> 
> It is great to finally see some real interest in what I consider to be
> the blocking point for webrtc in order to run business on top of it,
> which is the ability to be able to connect through corporate firewalls.
> 
> I have seen some people arguing that with just TURN over TCP on port 443
> the problem will be solved, but I seriously doubt it. Neither TURN over
> SSL would do, as most web filters do DPI and will not enable the
> connection. Also, I have heard lots of voices that says we are trying to
> override network admin policies with dirty tricks. With whom, I could agree.
> 
> So, the only way I see to move forward and overcome this issues is by
> playing according to the WEB rules, and use HTTP standards to enable
> media connectivity in WebRTC that would play nicely with current
> corporate HTTP proxies and web filters.
> 
> And,  for me the most viable solution would be to enable TURN over
> websockets. As most WebRTC services relay on websockets in one way or
> another for signaling, we could assume that media would work on 100% of
> the cases where signaling is working today.
> Also, as it is an http based solution, network administrators could
> apply corporate policies and block connections to not-trusted TURN servers.
> 
> Best regards
> Sergio
> _______________________________________________
> pntaw mailing list
> pntaw@ietf.org
> https://www.ietf.org/mailman/listinfo/pntaw

v2.23.0 | Report a Bug | By Email