IETF Logo Mail Archive

Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations

Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> Mon, 23 September 2013 10:55 UTC

Return-Path: <sergio.garcia.murillo@gmail.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AE7A021F90CF for <pntaw@ietfa.amsl.com>; Mon, 23 Sep 2013 03:55:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.456
X-Spam-Level:
X-Spam-Status: No, score=-2.456 tagged_above=-999 required=5 tests=[AWL=-0.013, BAYES_00=-2.599, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b6V0Qv6iEBAM for <pntaw@ietfa.amsl.com>; Mon, 23 Sep 2013 03:55:25 -0700 (PDT)
Received: from mail-we0-x22c.google.com (mail-we0-x22c.google.com [IPv6:2a00:1450:400c:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 475C621F90AC for <pntaw@ietf.org>; Mon, 23 Sep 2013 03:55:25 -0700 (PDT)
Received: by mail-we0-f172.google.com with SMTP id w61so2960319wes.31 for <pntaw@ietf.org>; Mon, 23 Sep 2013 03:55:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; bh=3E+ta+V5jfQrOiVTfXG+y9MU37owdqGF6sqn+OFrxac=; b=IuNHNymiYA7jbYwga4QnefA2l3+dxdD5hB/WNqFmQESOr3kV/bE4TxPd8fSmwsh/70 EaTSN8BO2ECVfeRoqo+87UjvFX1oXT0eR306GLqfIjGWoBj7Xr2bnoEOXNLlusP7tj1u eMNhOpDBVss7aFnDjgRx642WDE9FLxu4eKd48zjC7QA49MwxR3emFJYwEcDy7fOQaon7 tPcSb7i7LuwXFLmsvCWyKfFXOUKWraRtnE14ajbDc6JNsGQg0LZEyMDGX6RfHZmR9BeB p3Av39mDsGXOsokdlYzyoBQ7oLK3ffEFM2O8+JdidTB61mHcTJIrWFAFkeyrkTwHwml8 lQpQ==
X-Received: by 10.180.189.205 with SMTP id gk13mr13007403wic.12.1379933724226; Mon, 23 Sep 2013 03:55:24 -0700 (PDT)
Received: from [192.168.1.45] (54.Red-83-61-124.dynamicIP.rima-tde.net. [83.61.124.54]) by mx.google.com with ESMTPSA id d11sm24353938wic.4.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 23 Sep 2013 03:55:23 -0700 (PDT)
Message-ID: <52401E1A.6040707@gmail.com>
Date: Mon, 23 Sep 2013 12:55:22 +0200
From: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8
MIME-Version: 1.0
To: Markus.Isomaki@nokia.com
References: <9F33F40F6F2CD847824537F3C4E37DDF17BCF3A5@MCHP04MSX.global-ad.net>, , <523CCD06.3030902@gmail.com>, <BLU169-W136A55AC013DA147313576D93220@phx.gbl>, <523CD42E.8070102@gmail.com> <BLU169-W82036280852F26ED26283C93230@phx.gbl>, <523D4F17.2040202@gmail.com> <9F33F40F6F2CD847824537F3C4E37DDF17BD01A8@MCHP04MSX.global-ad.net> <52400320.2070404@gmail.com> <E44893DD4E290745BB608EB23FDDB7620A0C0990@008-AM1MPN1-043.mgdnok.nokia.com>
In-Reply-To: <E44893DD4E290745BB608EB23FDDB7620A0C0990@008-AM1MPN1-043.mgdnok.nokia.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: bernard_aboba@hotmail.com, pntaw@ietf.org, andrew.hutton@siemens-enterprise.com
Subject: Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Sep 2013 10:55:28 -0000

Sergio Carcia Murillo wrote:
>> El 22/09/2013 0:48, Hutton, Andrew escribió:
>>> I just don't see any advantage in the TURN over Websockets approach over
>> the HTTP Connect initiated tunnel which works without any new protocol and
>> therefore works with existing TURN servers.
>>
>> How about transparent proxying?
>>
> Can you elaborate on this?
>
> I think in either case the proxy sees possibly one transaction. In TURN over HTTP CONNECT established TLS connection, the proxy sees the HTTP CONNECT transaction and it's destination URI. If it's just "transparently" proxying, things will work, which is what we want. On the other hand, if there is some explicit policy, the proxy can also apply it - for instance if the destination domain is now allowed. I'm not sure if the TURN over WS has any advantages in this regard.
I was meaning that if a transparent proxy is in place you won't be able 
to do directly the HTTP connect request.

> The disadvantage is that TURN over WS would require a change to TURN servers. I know you have argued that it is a very trivial change and I believe you, but nevertheless all existing servers would need to be upgraded and that's the problem.
>
While I agree, this issue has not been a show-stopper for adopting new 
technologies in WebRTC ;) . Also, there are already other proposals 
(like HTTP REST apis for TURN servers) that would require changes to the 
existing TURN server deployments.

Anyway, in our first prototype, we would try to demonstrate how TURN 
over websockets could be used with an un-modified  TURN server via a 
websockify proxy.

Best regards
Sergio

v2.23.0 | Report a Bug | By Email