Re: [rtcweb] Why http://www.ietf.org/id/draft-miniero-rtcweb-http-fallback-00.txt ?

Roman Shpount <roman@telurix.com> Tue, 07 August 2012 18:30 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 566FC21F8592 for <rtcweb@ietfa.amsl.com>; Tue, 7 Aug 2012 11:30:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.712
X-Spam-Level:
X-Spam-Status: No, score=-2.712 tagged_above=-999 required=5 tests=[AWL=-0.035, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wMv2AycqfsxZ for <rtcweb@ietfa.amsl.com>; Tue, 7 Aug 2012 11:30:05 -0700 (PDT)
Received: from mail-gh0-f172.google.com (mail-gh0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 8131221F858F for <rtcweb@ietf.org>; Tue, 7 Aug 2012 11:30:05 -0700 (PDT)
Received: by ghbg16 with SMTP id g16so2001628ghb.31 for <rtcweb@ietf.org>; Tue, 07 Aug 2012 11:30:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:x-gm-message-state; bh=DkMHu6PSvLof6P7b9yb0uWEz8D2F1w/6DJMdckVmkgQ=; b=Eu8WdxIYhAm5WLRJHgd+aLhyDXmJhjgdqAnT0IGbTErMDbf5PDpRCnyUcIu5u0jL7z 4LROtPTNzcVRazHTk/X9ExF8OV+Xog4Ut8GSVU7IQTFLFCdLhWfPUeJJS02r+fg0iprF w86aA0a89NHE7QUXAY8HSvEBK3F8bzySJTLDluW04cLf5m5hAFwivk0kMoQaGe8g3cdF sSOR14hTascZtCb0lhcQCs3KjE2kLOgWtnLO1YX6a9Xenu0W3ptf7+YHy3ArwhcfqM7f et3O92TJlEDa3KTPaMeS+oLvkB99GAbLhmLVhCqvE9+i+MwFaikeKzAQyErNdfNkflYb WTJg==
Received: by 10.236.156.229 with SMTP id m65mr10515256yhk.105.1344364204993; Tue, 07 Aug 2012 11:30:04 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by mx.google.com with ESMTPS id t57sm38169890yhg.0.2012.08.07.11.30.04 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 07 Aug 2012 11:30:04 -0700 (PDT)
Received: by yhq56 with SMTP id 56so4397361yhq.31 for <rtcweb@ietf.org>; Tue, 07 Aug 2012 11:30:03 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.66.72.169 with SMTP id e9mr27934526pav.44.1344364203423; Tue, 07 Aug 2012 11:30:03 -0700 (PDT)
Received: by 10.68.28.72 with HTTP; Tue, 7 Aug 2012 11:30:03 -0700 (PDT)
In-Reply-To: <CALiegf=9BaAnh+RLzihCKmVUTAbEZQ3py8xt53313nvU8a1bkg@mail.gmail.com>
References: <CALiegf=GqR+J3YcAgpRtxid+aDsKeiQttRm8JbjT6RrQWaMG=w@mail.gmail.com> <50215A96.20604@acm.org> <CALiegf=9BaAnh+RLzihCKmVUTAbEZQ3py8xt53313nvU8a1bkg@mail.gmail.com>
Date: Tue, 7 Aug 2012 14:30:03 -0400
Message-ID: <CAD5OKxtE-+4fg0vCyU0w=8+AtZzmv5qN6aVv6Zr8e=HGN7Z95Q@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: =?ISO-8859-1?Q?I=F1aki_Baz_Castillo?= <ibc@aliax.net>
Content-Type: multipart/alternative; boundary=f46d042dfdcdcb385804c6b12e67
X-Gm-Message-State: ALoCoQn84cno1DSwaayZsTSxB2zCdvK68zbKTPCBuH06HWwSw2gSeXdxNUSG1sggyD6TBTz83v0H
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Why http://www.ietf.org/id/draft-miniero-rtcweb-http-fallback-00.txt ?
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Aug 2012 18:30:06 -0000

On Tue, Aug 7, 2012 at 2:18 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote:

> 2012/8/7 Marc Petit-Huguenin <petithug@acm.org>rg>:
> > Or TURN over Websocket.
>
> Why do we need that? By using TURN over TLS we have all we need to
> avoid stupid hotel's firewalls (that provide "Internet free access"
> but just for HTTP port 80 and HTTPS port 443). It just about setting a
> TURN server listening TLS on port 443, am I right?
>
>
You still got the locations where the only way to connect to anything is
via the man-in-the-middle accept HTTP request and resend it proxies. Such
proxies will install their own certificate in the client certificate chain
and will decode every request. TURN over websocket will work over such
connection, but regular TURN will not. I am not sure how much effort we
want to spend supporting this, since we are talking about prisons,
military, and other similar nice places which will generally would try to
avoid supporting WebRTC due to its own security.
_____________
Roman Shpount