Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
"Hutton, Andrew" <andrew.hutton@siemens-enterprise.com> Sat, 21 September 2013 22:40 UTC
Return-Path: <andrew.hutton@siemens-enterprise.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A103011E81B3 for <pntaw@ietfa.amsl.com>; Sat, 21 Sep 2013 15:40:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.497
X-Spam-Level:
X-Spam-Status: No, score=-2.497 tagged_above=-999 required=5 tests=[AWL=-0.055, BAYES_00=-2.599, HTML_MESSAGE=0.001, SUBJECT_FUZZY_TION=0.156]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mdtt3NsM7Phj for <pntaw@ietfa.amsl.com>; Sat, 21 Sep 2013 15:40:55 -0700 (PDT)
Received: from senmx11-mx.siemens-enterprise.com (senmx11-mx.siemens-enterprise.com [62.134.46.9]) by ietfa.amsl.com (Postfix) with ESMTP id 18B0D11E81B1 for <pntaw@ietf.org>; Sat, 21 Sep 2013 15:40:55 -0700 (PDT)
Received: from MCHP02HTC.global-ad.net (unknown [172.29.42.235]) by senmx11-mx.siemens-enterprise.com (Server) with ESMTP id A427A1EB8562; Sun, 22 Sep 2013 00:40:51 +0200 (CEST)
Received: from MCHP04MSX.global-ad.net ([169.254.1.31]) by MCHP02HTC.global-ad.net ([172.29.42.235]) with mapi id 14.03.0123.003; Sun, 22 Sep 2013 00:40:36 +0200
From: "Hutton, Andrew" <andrew.hutton@siemens-enterprise.com>
To: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>, "pntaw@ietf.org" <pntaw@ietf.org>
Thread-Topic: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
Thread-Index: AQHOtlFOV0QUrovNG0aORYLM4qsGt5nQxOIw
Date: Sat, 21 Sep 2013 22:40:35 +0000
Message-ID: <9F33F40F6F2CD847824537F3C4E37DDF17BD0178@MCHP04MSX.global-ad.net>
References: <9F33F40F6F2CD847824537F3C4E37DDF17BCF3A5@MCHP04MSX.global-ad.net>, <523CCD06.3030902@gmail.com>
In-Reply-To: <523CCD06.3030902@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.29.42.196]
Content-Type: multipart/alternative; boundary="_000_9F33F40F6F2CD847824537F3C4E37DDF17BD0178MCHP04MSXglobal_"
MIME-Version: 1.0
Subject: Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Sep 2013 22:40:59 -0000
We don't believe that discussing issues around DPI inspection is within scope or desirable and we are not trying to work around it. However all scenarios that involve accessing WebRTC services from behind a firewall are within scope whether it is a service deployed by an enterprise or not. Regarding requirement F37 I already raised an issue with this some time ago and a change will be made in the next update to the use case draft. The issue is that this should not refer to a firewall "that only allows HTTP(S) traffic" but should include the case of HTTP Proxy being deployed and the fw allowing traffic from the proxy even if it is not HTTP(S). Once this change gets in to the use case draft I think we are aligned with it. Regards Andy ________________________________ From: pntaw-bounces@ietf.org [pntaw-bounces@ietf.org] on behalf of Sergio Garcia Murillo [sergio.garcia.murillo@gmail.com] Sent: Friday, September 20, 2013 11:32 PM To: pntaw@ietf.org Subject: Re: [pntaw] New version of draft-hutton-rtcweb-nat-firewall-considerations HI Andrew Why are you leaving out of scope the case when the WebRTC service is not deployed by the corporate organization and/or the HTTP proxy has DPI validation? When WebRTC is deployed by the corporate IT department one can assume that the corporate IT configures the corporate NATs, Firewalls, DPI units, TURN servers accordingly. If so desired by the organization WebRTC media streams can then be established to WebRTC peers outside of the organization subject to the applied policies. In order to cater for NAT/FWs with address and port dependent mapping characteristics [RFC4787<http://tools.ietf.org/html/rfc4787>], the peers will introduce a TURN server [RFC5766<http://tools.ietf.org/html/rfc5766>] in the public internet as a media relay. Such a TURN server could be deployed by the organization wanting to assert policy on WebRTC traffic. [...] This section considers a scenario where all HTTP(S) traffic is routed via an HTTP proxy. We assume that the HTTP proxy is tranparent and just tunnels traffic after e.g. enforcing an acceptable use policy with respect to domains that are allowed to be reached. We don't consider cases where the HTTP proxy is used to deploy HTTP traffic validation. This includes DPI validation that the traffic is, in fact, HTTP or HTTPS-looking or a HTTP proxy that breaks into the TLS exchange and looks for HTTP in the traffic. In my point of view that is not fullfilling WebRTC requirement: F37 The browser must be able to send streams and data to a peer in the presence of FWs that only allows http(s) traffic. Best regards Sergio El 20/09/2013 19:06, Hutton, Andrew escribió: Hi All, We have submitted draft-hutton-rtcweb-nat-firewall-considerations-02 in which we have tried to take account of the feedback we have received over the last couple of months. Please review and send comments to this list I really hope we can make some progress towards adopting this now. Regards Andy -----Original Message----- From: i-d-announce-bounces@ietf.org<mailto:i-d-announce-bounces@ietf.org> [mailto:i-d-announce-bounces@ietf.org] On Behalf Of internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> Sent: 20 September 2013 15:33 To: i-d-announce@ietf.org<mailto:i-d-announce@ietf.org> Subject: I-D Action: draft-hutton-rtcweb-nat-firewall-considerations-02.txt A New Internet-Draft is available from the on-line Internet-Drafts directories. Title : RTCWEB Considerations for NATs, Firewalls and HTTP proxies Author(s) : Thomas Stach Andrew Hutton Justin Uberti Filename : draft-hutton-rtcweb-nat-firewall-considerations-02.txt Pages : 12 Date : 2013-09-20 Abstract: This document describes mechanism to enable media stream establishment for Real-Time Communication in WEB-browsers (WebRTC) in the presence of network address translators, firewalls and HTTP proxies. HTTP proxy and firewall deployed in many private network domains introduce obstacles to the successful establishment of media stream via WebRTC. This document examines some of these deployment scenarios and develops requirements on the web browsers designed to provide the best possible chance of media connectivity between WebRTC peers. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-hutton-rtcweb-nat-firewall-considerations There's also a htmlized version available at: http://tools.ietf.org/html/draft-hutton-rtcweb-nat-firewall-considerations-02 A diff from the previous version is available at: http://www.ietf.org/rfcdiff?url2=draft-hutton-rtcweb-nat-firewall-considerations-02 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ I-D-Announce mailing list I-D-Announce@ietf.org<mailto:I-D-Announce@ietf.org> https://www.ietf.org/mailman/listinfo/i-d-announce Internet-Draft directories: http://www.ietf.org/shadow.html or ftp://ftp.ietf.org/ietf/1shadow-sites.txt _______________________________________________ pntaw mailing list pntaw@ietf.org<mailto:pntaw@ietf.org> https://www.ietf.org/mailman/listinfo/pntaw
- [pntaw] New version of draft-hutton-rtcweb-nat-fi… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Bernard Aboba
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Bernard Aboba
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Bernard Aboba
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Melinda Shore
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Melinda Shore
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Melinda Shore
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Markus.Isomaki
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Markus.Isomaki
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Chenxin (Xin)
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Sergio Garcia Murillo
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Tirumaleswar Reddy (tireddy)
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Melinda Shore
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Melinda Shore
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Oleg Moskalenko
- Re: [pntaw] New version of draft-hutton-rtcweb-na… Hutton, Andrew