Re: [rtcweb] TURN, NAT and Proxies

Lorenzo Miniero <lorenzo@meetecho.com> Mon, 11 March 2013 16:22 UTC

Return-Path: <lorenzo@meetecho.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA29E21F8C96 for <rtcweb@ietfa.amsl.com>; Mon, 11 Mar 2013 09:22:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.719
X-Spam-Level:
X-Spam-Status: No, score=-0.719 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_IT=0.635, HOST_EQ_IT=1.245]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C60scuKFiWAG for <rtcweb@ietfa.amsl.com>; Mon, 11 Mar 2013 09:22:13 -0700 (PDT)
Received: from smtpdg8.aruba.it (smtpdg226.aruba.it [62.149.158.226]) by ietfa.amsl.com (Postfix) with ESMTP id D692C21F8C87 for <rtcweb@ietf.org>; Mon, 11 Mar 2013 09:22:12 -0700 (PDT)
Received: from lminiero-acer ([130.129.20.132]) by smtpcmd03.ad.aruba.it with bizsmtp id AGN81l01G2qyxt601GN90P; Mon, 11 Mar 2013 17:22:10 +0100
Date: Mon, 11 Mar 2013 17:21:56 +0100
From: Lorenzo Miniero <lorenzo@meetecho.com>
To: Binod <binod.pg@oracle.com>
Message-ID: <20130311172156.11de6c97@lminiero-acer>
In-Reply-To: <513DFFC2.1000605@oracle.com>
References: <513DFFC2.1000605@oracle.com>
Organization: Meetecho
X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.0; i386-redhat-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] TURN, NAT and Proxies
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Mar 2013 16:22:14 -0000

Il giorno Mon, 11 Mar 2013 21:31:06 +0530
Binod <binod.pg@oracle.com> ha scritto:

> I was scanning the webrtc drafts to figure out what is
> specified regarding NAT traversal, firewall and proxies.
> 
> draft-ietf-rtcweb-use-cases-and-requirements 
> <http://tools.ietf.org/wg/rtcweb/draft-ietf-rtcweb-use-cases-and-requirements/> 
> mentions
> 1)  NAT/FW that blocks UDP :
> 
> Ok, This is achieved by supporting ICE-TCP
> 
> 2) FW that only allows http:
> 
> How is this supported?
> 
> What about enterprises that only support proxies?
> 
> In the google group discussion, Justin was mentioning
> that browser could connect with a proxy (http connect)
> even for TURN traffic and also mentioned supporting
> an enterprise TURN server.
> 
> Will this make into one of the webrtc rfcs?
> 
> thanks,
> Binod.


I submitted an individual draft (now expired) a few months ago that
tried to address this exact issue. From the discussion that came out,
which you can find in the archives, the consensus was basically to rely
on TURN (e.g. on port 443 to look like HTTPS) or on nothing at all, as
using some kind of HTTP fallback could have been seen as "overkill".
Besides, trying to pass through more restrictive firewalls by, well,
fooling them was seen as trying to bypass policies configured by
network administrators, so not acceptable for some.

Lorenzo

-- 
Lorenzo Miniero, COB

Meetecho s.r.l.
Web Conferencing and Collaboration Tools
http://www.meetecho.com