Re: [pntaw] TURN over websockets
Lorenzo Miniero <lorenzo@meetecho.com> Fri, 30 August 2013 11:45 UTC
Return-Path: <lorenzo@meetecho.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0939F21F9B07 for <pntaw@ietfa.amsl.com>; Fri, 30 Aug 2013 04:45:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.719
X-Spam-Level:
X-Spam-Status: No, score=-0.719 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id siUYu0DZ-I22 for <pntaw@ietfa.amsl.com>; Fri, 30 Aug 2013 04:45:52 -0700 (PDT)
Received: from smtpdg5.aruba.it (smtpdg223.aruba.it [62.149.158.223]) by ietfa.amsl.com (Postfix) with ESMTP id 2FF6421F9A6C for <pntaw@ietf.org>; Fri, 30 Aug 2013 04:45:39 -0700 (PDT)
Received: from rainpc ([95.247.154.154]) by smtpcmd02.ad.aruba.it with bizsmtp id JzlW1m00q3L8Z5b01zlWtc; Fri, 30 Aug 2013 13:45:32 +0200
Date: Fri, 30 Aug 2013 13:45:31 +0200
From: Lorenzo Miniero <lorenzo@meetecho.com>
To: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>
Message-ID: <20130830134531.787fda3c@rainpc>
In-Reply-To: <52205AE1.9010807@gmail.com>
References: <52205AE1.9010807@gmail.com>
Organization: Meetecho
X-Mailer: Claws Mail 3.9.1 (GTK+ 2.24.19; x86_64-redhat-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Cc: pntaw@ietf.org
Subject: Re: [pntaw] TURN over websockets
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Aug 2013 11:45:57 -0000
On Fri, 30 Aug 2013 10:42:09 +0200 Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com> wrote: > Hi all, > > I will shoot first. > > It is great to finally see some real interest in what I consider to be > the blocking point for webrtc in order to run business on top of it, > which is the ability to be able to connect through corporate firewalls. > > I have seen some people arguing that with just TURN over TCP on port 443 > the problem will be solved, but I seriously doubt it. Neither TURN over > SSL would do, as most web filters do DPI and will not enable the > connection. Also, I have heard lots of voices that says we are trying to > override network admin policies with dirty tricks. With whom, I could agree. > That's the main objection I got when I published the (now expired) draft I published a year ago to throw the proverbial "stone in the lake" about an HTTP fallback solution. As I said at the time, I agree with you that the solution doesn't have to be sneaky, and that it could very well be conceived to be network admin-friendly/controllable. > So, the only way I see to move forward and overcome this issues is by > playing according to the WEB rules, and use HTTP standards to enable > media connectivity in WebRTC that would play nicely with current > corporate HTTP proxies and web filters. > > And, for me the most viable solution would be to enable TURN over > websockets. As most WebRTC services relay on websockets in one way or > another for signaling, we could assume that media would work on 100% of > the cases where signaling is working today. > Also, as it is an http based solution, network administrators could > apply corporate policies and block connections to not-trusted TURN servers. > > Best regards > Sergio I'm not an expert in websockets, which is why in my rough proposal I described a way to do this using plain HTTP, but I guess they'd be good for the purpose as well. The only doubt I have is that, as far as I know, not always websockets are able to traverse some more restrictive components: the popular BitDefender firewall, for instance, apparently doesn't let it through. Anyway, I'd personally support a work in that direction, and would be willing to help working on it too if needed. Lorenzo > _______________________________________________ > pntaw mailing list > pntaw@ietf.org > https://www.ietf.org/mailman/listinfo/pntaw -- Lorenzo Miniero, COB Meetecho s.r.l. Web Conferencing and Collaboration Tools http://www.meetecho.com
- [pntaw] TURN over websockets Sergio Garcia Murillo
- Re: [pntaw] TURN over websockets Lorenzo Miniero
- Re: [pntaw] TURN over websockets Sergio Garcia Murillo
- Re: [pntaw] TURN over websockets Simon Pietro Romano
- Re: [pntaw] TURN over websockets Stach, Thomas
- Re: [pntaw] TURN over websockets Markus.Isomaki
- Re: [pntaw] TURN over websockets Simon Perreault
- Re: [pntaw] TURN over websockets Sergio Garcia Murillo
- Re: [pntaw] TURN over websockets Markus.Isomaki
- Re: [pntaw] TURN over websockets Simon Perreault
- Re: [pntaw] TURN over websockets Sergio Garcia Murillo
- Re: [pntaw] TURN over websockets Stach, Thomas
- Re: [pntaw] TURN over websockets Tirumaleswar Reddy (tireddy)
- Re: [pntaw] TURN over websockets Marc Blanchet
- Re: [pntaw] TURN over websockets Hutton, Andrew
- Re: [pntaw] TURN over websockets Parthasarathi R
- Re: [pntaw] TURN over websockets Martin Thomson
- Re: [pntaw] TURN over websockets Melinda Shore
- Re: [pntaw] TURN over websockets Stephen Farrell
- Re: [pntaw] TURN over websockets Tirumaleswar Reddy (tireddy)
- Re: [pntaw] TURN over websockets Tirumaleswar Reddy (tireddy)
- Re: [pntaw] TURN over websockets Markus.Isomaki
- Re: [pntaw] TURN over websockets Simon Perreault