Re: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt

"Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com> Mon, 08 July 2013 05:52 UTC

Return-Path: <mperumal@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DDDE11E818A for <rtcweb@ietfa.amsl.com>; Sun, 7 Jul 2013 22:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.998
X-Spam-Level:
X-Spam-Status: No, score=-9.998 tagged_above=-999 required=5 tests=[AWL=0.599, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s9SjnK3QeQj5 for <rtcweb@ietfa.amsl.com>; Sun, 7 Jul 2013 22:52:51 -0700 (PDT)
Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) by ietfa.amsl.com (Postfix) with ESMTP id 781AB11E8188 for <rtcweb@ietf.org>; Sun, 7 Jul 2013 22:52:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=18276; q=dns/txt; s=iport; t=1373262771; x=1374472371; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=0ZIYy7cGpyI0I9++Wj7LtebQYcTd5aYatpLmgkXleFE=; b=GqPmS24e6YuRSoeXlYjZhpgCTUw3KzAyvHE4F0P09solOp4fDMiD1Dmt yJsJkUWpUcKkXVVodkKktrhg4JP0Y4xMgcwI5ohnz74XtMZhHeVE7vHAb dJfvLYKtGJm/vvS+vWspArR9wiMmMGmdQUEiWUKxOpKMYNfLMYnSGGMVh U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AsAFAKRS2lGtJV2Z/2dsb2JhbABagkVEMk2DCKtwiTeIMRd2FnSCIwEBAQQjCkoSAgEIDgMDAQEBCwwRAwICAjAUCQgCBAESCAESh3QMp0yQRI4zgQcgFwEGDAyCNjNpA5QAhHyQH4FYgTmBaAkXIA
X-IronPort-AV: E=Sophos; i="4.87,1016,1363132800"; d="scan'208,217"; a="232029975"
Received: from rcdn-core-2.cisco.com ([173.37.93.153]) by rcdn-iport-4.cisco.com with ESMTP; 08 Jul 2013 05:52:50 +0000
Received: from xhc-aln-x08.cisco.com (xhc-aln-x08.cisco.com [173.36.12.82]) by rcdn-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id r685qoih018266 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Mon, 8 Jul 2013 05:52:50 GMT
Received: from xmb-rcd-x02.cisco.com ([169.254.4.192]) by xhc-aln-x08.cisco.com ([173.36.12.82]) with mapi id 14.02.0318.004; Mon, 8 Jul 2013 00:52:50 -0500
From: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
To: Justin Uberti <juberti@google.com>, "rtcweb@ietf.org" <rtcweb@ietf.org>
Thread-Topic: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt
Thread-Index: AQHOe5MnptNwIaIknUKCiV7zsZZ7FplaO4gA
Date: Mon, 8 Jul 2013 05:52:49 +0000
Message-ID: <E721D8C6A2E1544DB2DEBC313AF54DE224183578@xmb-rcd-x02.cisco.com>
References: <20130708041540.7930.93762.idtracker@ietfa.amsl.com> <CALe60zAs-NCJgiiHuFHi1ZEOdp2SB4v2-0AYrxBQ2R_gJ=nLcA@mail.gmail.com> <CAOJ7v-0Vxkf-4j-ZHCisKuORob_cL3ogXoexTFMDMJDEttRbaQ@mail.gmail.com>
In-Reply-To: <CAOJ7v-0Vxkf-4j-ZHCisKuORob_cL3ogXoexTFMDMJDEttRbaQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [72.163.211.93]
Content-Type: multipart/alternative; boundary="_000_E721D8C6A2E1544DB2DEBC313AF54DE224183578xmbrcdx02ciscoc_"
MIME-Version: 1.0
Subject: Re: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 05:52:57 -0000

Hi Justin,

A few quick comments:
1) The primary advantage of the proposed mechanism seems not requiring any interaction between the web service and the TURN service in order for the TURN service to grant TURN credentials in the HTTP response -- this absence of interaction isn't evident on a first read. A diagram showing the client, web service, TURN service and the messages exchanged would be helpful.

2)
|If desired, the TURN server can optionally verify that the parsed
|user id value corresponds to a currently valid user of an external
|service (e.g. is currently logged in to the web app that is making
|use of TURN).  This requires proprietary communication between the
|TURN server and external service on each ALLOCATE request, so this
|usage is not recommended for typical applications.  If this external
|verification fails, it SHOULD reject the request with a 401
|(Unauthorized) error.

Was the intention of putting "not recommended" having a normative statement? If not, it would be better to change it to "no needed".

3) There is no text describing how the timestamp encoded in the UNSERNAME attribute of the ALLOCAE requested could be protected.

4) draft-reddy-behave-turn-auth describes the issues with TURN authentication and draft-uberti-rtcweb-turn-rest looks like one possible solution. Looks both could reference each other.

Muthu

From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of Justin Uberti
Sent: Monday, July 08, 2013 9:55 AM
To: rtcweb@ietf.org
Subject: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt

Just uploaded a 00 version of a spec for requesting time-limited TURN credentials for WebRTC apps. Would like to get 10 minutes of agenda time to present this in Berlin.

---------- Forwarded message ----------
From: <internet-drafts@ietf.org<mailto:internet-drafts@ietf.org>>
Date: Mon, Jul 8, 2013 at 12:15 AM
Subject: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt
To: Justin Uberti <justin@uberti.name<mailto:justin@uberti.name>>



A new version of I-D, draft-uberti-rtcweb-turn-rest-00.txt
has been successfully submitted by Justin Uberti and posted to the
IETF repository.

Filename:        draft-uberti-rtcweb-turn-rest
Revision:        00
Title:           A REST API For Access To TURN Services
Creation date:   2013-07-08
Group:           Individual Submission
Number of pages: 7
URL:             http://www.ietf.org/internet-drafts/draft-uberti-rtcweb-turn-rest-00.txt
Status:          http://datatracker.ietf.org/doc/draft-uberti-rtcweb-turn-rest
Htmlized:        http://tools.ietf.org/html/draft-uberti-rtcweb-turn-rest-00


Abstract:
   This document describes a proposed standard REST API for obtaining
   access to TURN services via ephemeral (i.e. time-limited)
   credentials.  These credentials are vended by a web service over
   HTTP, and then supplied to and checked by a TURN server using the
   standard TURN protocol.  The usage of ephemeral credentials ensures
   that access to the TURN server can be controlled even if the
   credentials can be discovered by the user, as is the case in WebRTC
   where TURN credentials must be specified in Javascript.




The IETF Secretariat