IETF Logo Mail Archive

Re: [rtcweb] URI schemes for TURN and STUN

Eric Rescorla <ekr@rtfm.com> Thu, 03 November 2011 19:00 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 379E911E8132; Thu, 3 Nov 2011 12:00:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KLpj8djo82ED; Thu, 3 Nov 2011 12:00:06 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 1B31311E811A; Thu, 3 Nov 2011 12:00:06 -0700 (PDT)
Received: by gye5 with SMTP id 5so1881890gye.31 for <multiple recipients>; Thu, 03 Nov 2011 12:00:05 -0700 (PDT)
Received: by 10.146.124.10 with SMTP id w10mr2115061yac.13.1320346779246; Thu, 03 Nov 2011 11:59:39 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.146.232.12 with HTTP; Thu, 3 Nov 2011 11:58:57 -0700 (PDT)
X-Originating-IP: [74.95.2.173]
In-Reply-To: <5B7AE760-DBD1-46F9-89D9-E8F7CA56F111@network-heretics.com>
References: <4EAC6BF4.2000604@alvestrand.no> <CALiegf=f4kFzyDLWK+Y5vbuCEJFXX590+VuZ4bbnHZnvX0CoBA@mail.gmail.com> <4EAC8AE0.3020307@acm.org> <4EACD558.1050003@alvestrand.no> <4EAE157F.5020901@it.aoyama.ac.jp> <4EAEB76B.9090304@acm.org> <8B0C4061-D362-4DFE-9677-7E64515A6E1C@network-heretics.com> <4EAF9391.5040209@it.aoyama.ac.jp> <5B7AE760-DBD1-46F9-89D9-E8F7CA56F111@network-heretics.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 03 Nov 2011 11:58:57 -0700
Message-ID: <CABcZeBNDW=29ufn0FkObm1prqu6_PjX9CBJq8_UOdzom7pD5gg@mail.gmail.com>
To: Keith Moore <moore@network-heretics.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Keith Moore <moore@cs.utk.edu>, "rtcweb@ietf.org" <rtcweb@ietf.org>, Ned Freed <ned.freed@mrochek.com>, Behave WG <behave@ietf.org>
Subject: Re: [rtcweb] URI schemes for TURN and STUN
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2011 19:00:07 -0000

On Tue, Nov 1, 2011 at 5:05 AM, Keith Moore <moore@network-heretics.com> wrote:
>> In most cases probably not. But there may be cases similar to HTTP/S where it makes sense. Each case has to be analyzed independently.
>
> agree.  I just don't think it's a good idea to establish a new _convention_.

i don't really understand what you're arguing here.

The relevant issue is that we want to have a reference that Bob can provide
to Alice that guarantees that when it's dereferenced it provides a minimum
set of security properties.

Let's imagine some hypothetical new protocol which is like HTTP but not HTTP,
say HTTQ. It runs over TCP so you can use it directly or over TLS (i.e.,
HTTP/TCP or HTTP/TLS/TCP). We're planning to define a new URI for it,
httq://.../. How do you propose to provide the above security property?

-Ekr

v2.23.0 | Report a Bug | By Email