Re: [pntaw] TURN over websockets

<Markus.Isomaki@nokia.com> Fri, 30 August 2013 12:58 UTC

Return-Path: <Markus.Isomaki@nokia.com>
X-Original-To: pntaw@ietfa.amsl.com
Delivered-To: pntaw@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A86621F9FDA for <pntaw@ietfa.amsl.com>; Fri, 30 Aug 2013 05:58:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.49
X-Spam-Level:
X-Spam-Status: No, score=-6.49 tagged_above=-999 required=5 tests=[AWL=0.109, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mVY3UceexF1z for <pntaw@ietfa.amsl.com>; Fri, 30 Aug 2013 05:58:08 -0700 (PDT)
Received: from mgw-da01.nokia.com (smtp.nokia.com [147.243.128.24]) by ietfa.amsl.com (Postfix) with ESMTP id 7622A21F9F40 for <pntaw@ietf.org>; Fri, 30 Aug 2013 05:58:04 -0700 (PDT)
Received: from smtp.mgd.nokia.com ([65.54.30.25]) by mgw-da01.nokia.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id r7UCvseD005788 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK); Fri, 30 Aug 2013 15:57:57 +0300
Received: from 008-AM1MPN1-041.mgdnok.nokia.com ([169.254.1.88]) by 008-AM1MMR1-009.mgdnok.nokia.com ([65.54.30.25]) with mapi id 14.03.0136.001; Fri, 30 Aug 2013 12:57:55 +0000
From: Markus.Isomaki@nokia.com
To: simon.perreault@viagenie.ca, pntaw@ietf.org
Thread-Topic: [pntaw] TURN over websockets
Thread-Index: AQHOpVzYQo/k4hTeV0+AGm8aLH5XBJmtr/AAgAAFMYCAAAA30A==
Date: Fri, 30 Aug 2013 12:57:54 +0000
Message-ID: <E44893DD4E290745BB608EB23FDDB7620A092593@008-AM1MPN1-041.mgdnok.nokia.com>
References: <52205AE1.9010807@gmail.com> <F81CEE99482EFE438DAE2A652361EE12179BF94B@MCHP04MSX.global-ad.net> <522095CB.9030109@viagenie.ca>
In-Reply-To: <522095CB.9030109@viagenie.ca>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tituslabs-classifications-30: TLPropertyRoot=Nokia; Confidentiality=Nokia Internal Use Only; Project=None;
x-titus-version: 3.5.9.3
x-headerinfofordlp: None
x-tituslabs-classificationhash-30: VgNFIFU9Hx+/nZJb9Kg7IgC3RfpT360Wbh6Q8tif6x4XQRPwZRviPCUbwaw11cFKjbsScP07csiUIg9YWTUGorTrZaXDcR82/ckJ5rb+gt5KN9lpBV6pcDddCrfH8vucFLFBIJnhkWFrLXKKGAKakNRTDj7fp/mIdB8APRupHn+bMrFWHhyRKzr7qfMMbpA4sDhQPLbGqEGDe6zmGRE47HmA0bDQYJvKCD82mbvZXVlH9BTnoi1cc5TetWLF4AsJ
x-originating-ip: [172.21.80.83]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Nokia-AV: Clean
Subject: Re: [pntaw] TURN over websockets
X-BeenThere: pntaw@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion list for practices related to proxies, NATs, TURN, and WebRTC" <pntaw.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pntaw>, <mailto:pntaw-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/pntaw>
List-Post: <mailto:pntaw@ietf.org>
List-Help: <mailto:pntaw-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pntaw>, <mailto:pntaw-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Aug 2013 12:58:14 -0000

Hi Simon,

Simon Perrault wrote:
> 
> Le 2013-08-30 14:34, Stach, Thomas a écrit :
> > The goal behind this is certainly not to sneak WEBRTC media streams
> > through heavily fortified networks that have DPI deployed. The goal
> > rather to address a scenario e.g. at a small hotel with a
> > not-so-skilled network admin, that opened his firewall on TCP port
> > 80/443 to allow its guests to do some web browsing, but is afraid of
> > opening its firewall for UDP traffic. If we want to deploy WEBRTC in
> > such an environment TURN over TLS to port 443 would do the job.
> 
> +1
> 
> I too am not convinced that we need anything more than TURN over TLS to
> port 443.
> 

I think we should also address networks that only allow outbound communication via an explicit HTTP/web proxy. I use one such network daily... So it should be possible to use HTTP CONNECT to establish the TURN over TLS connection via that proxy. 

Markus