IETF Logo Mail Archive

Re: [rtcweb] URI schemes for TURN and STUN

Marc Petit-Huguenin <petithug@acm.org> Mon, 31 October 2011 14:57 UTC

Return-Path: <petithug@acm.org>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3CE421F8D9D; Mon, 31 Oct 2011 07:57:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.45
X-Spam-Level:
X-Spam-Status: No, score=-102.45 tagged_above=-999 required=5 tests=[AWL=-0.150, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KVuj4IR0MLpK; Mon, 31 Oct 2011 07:57:52 -0700 (PDT)
Received: from implementers.org (implementers.org [IPv6:2604:3400:dc1:41:216:3eff:fe5b:8240]) by ietfa.amsl.com (Postfix) with ESMTP id 1E03521F8CF4; Mon, 31 Oct 2011 07:57:52 -0700 (PDT)
Received: from [IPv6:2001:470:1f05:616:213:d4ff:fe04:3e08] (shalmaneser.org [IPv6:2001:470:1f05:616:213:d4ff:fe04:3e08]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client CN "petithug", Issuer "implementers.org" (verified OK)) by implementers.org (Postfix) with ESMTPS id B07D22025C; Mon, 31 Oct 2011 14:49:07 +0000 (UTC)
Message-ID: <4EAEB76B.9090304@acm.org>
Date: Mon, 31 Oct 2011 07:57:47 -0700
From: Marc Petit-Huguenin <petithug@acm.org>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20111010 Iceowl/1.0b2 Icedove/3.1.15
MIME-Version: 1.0
To: "\"Martin J. Dürst\"" <duerst@it.aoyama.ac.jp>
References: <4EAC6BF4.2000604@alvestrand.no> <CALiegf=f4kFzyDLWK+Y5vbuCEJFXX590+VuZ4bbnHZnvX0CoBA@mail.gmail.com> <4EAC8AE0.3020307@acm.org> <4EACD558.1050003@alvestrand.no> <4EAE157F.5020901@it.aoyama.ac.jp>
In-Reply-To: <4EAE157F.5020901@it.aoyama.ac.jp>
X-Enigmail-Version: 1.1.2
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Cc: Keith Moore <moore@cs.utk.edu>, Ned Freed <ned.freed@mrochek.com>, Behave WG <behave@ietf.org>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] URI schemes for TURN and STUN
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2011 14:57:53 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Martin,

So I understand Roy's email as saying in fact the opposite of what Harald said,
i.e. that using an "s" suffix to signify security is a good thing.

What is your opinion on defining a generic scheme suffix (i.e. "+s" or "+sec")
that would indicate a well defined set of security properties that could apply
to any scheme, (vs the current "s" suffix where security properties has to be
defined scheme by scheme)?

Also, what would be the best place to discuss this?

Thanks.

On 10/30/2011 08:26 PM, "Martin J. Dürst" wrote:
> For the http vs. https case, there is a very good answer from Roy Fielding at
> http://lists.w3.org/Archives/Public/www-tag/2006Mar/0040.html
> 
> In essence, not distinguishing the two schemes would mean either additional
> roundtrips (assuming http is the more frequent one) or exposition of data on the
> network that was supposed to be private.
> 
> Regards,    Martin.
> 
> On 2011/10/30 13:40, Harald Alvestrand wrote:
>> On 10/29/2011 04:23 PM, Marc Petit-Huguenin wrote:
> On 10/29/2011 03:36 PM, Iñaki Baz Castillo wrote:
>>>>> 2011/10/29 Harald Alvestrand<harald@alvestrand.no>:
>>>>>> - I do not think it's appropriate to use "turn" and "turns" for
>>>>>> indicating
>>>>>> transport. Polluting the URI namespace with more configuration
>>>>>> parameters in
>>>>>> the form of trailing "s" is a Bad Thing.
>>>>> But there should be some way to indicate that a TURN server listens in
>>>>> TLS, right?
>>>>>
> We should continue this discussion in BEHAVE, but I would like to ask
> the OP to
> send a pointer on the RFC or discussion that says that using a
> trailing "s" to
> indicate security is a bad thing.
>>> I'll have to forward this question to the apps ADs of a few years ago
>>> about whether there's documentation for it. It does not seem to have
>>> been captured in an RFC that I can find; discussion was in the
>>> ~2000-2005 timeframe.
>>>
>>> The short version, from memory: Doing "s" locks you into one and exactly
>>> one security scheme, and prevents you from saying anything about the
>>> requisite parameters for that scheme, while using AUTH parameters such
>>> as POP or in-band negotiation such as IMAP are much more flexible
>>> approaches.
>>>

- -- 
Marc Petit-Huguenin
Personal email: marc@petit-huguenin.org
Professional email: petithug@acm.org
Blog: http://blog.marc.petit-huguenin.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk6ut2kACgkQ9RoMZyVa61c3WQCeJVI5ov93J+RUp9xQvcggz8uf
J8gAoJ2I4kAA1lGIOij6GTJmsbe4WEpg
=n4RK
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email