Re: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt

Justin Uberti <juberti@google.com> Mon, 08 July 2013 18:16 UTC

Return-Path: <juberti@google.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C9B221F9CBD for <rtcweb@ietfa.amsl.com>; Mon, 8 Jul 2013 11:16:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.77
X-Spam-Level:
X-Spam-Status: No, score=-1.77 tagged_above=-999 required=5 tests=[AWL=0.207, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13yqpw-r5t-B for <rtcweb@ietfa.amsl.com>; Mon, 8 Jul 2013 11:16:17 -0700 (PDT)
Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) by ietfa.amsl.com (Postfix) with ESMTP id 4728821F9A18 for <rtcweb@ietf.org>; Mon, 8 Jul 2013 11:16:17 -0700 (PDT)
Received: by mail-wi0-f174.google.com with SMTP id k10so9335317wiv.1 for <rtcweb@ietf.org>; Mon, 08 Jul 2013 11:16:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=5pP5wWDxIFQKQtYe0fuLGis9lllqTvNyyEhEO/jwCGo=; b=JOCa59bh16kipdn3IGhHbhb3wywVWSZ3oBbFmF/majCdeRqzpLY1icTsxkaRCju2nj 87aVWJ6ROgaDp7jeHRBQ8PEqxig1WgxeipM3ObYA3/3S2hDunQPn1TXodCMRva9YX3Ef xMoV+cQLYI1bTlfr49+o+9I/xJeN5Kz0kJ5aZ5QnSiaEx0ytELh3X+zGu58O4yvgUrTY P5b8/2Ij0yd8CM5cWb3xfsyU0kUTqbIdeZQjETBMEQx2F6zi2f/j5+uhO5opmMyrtFOJ Ssu3gW/nOEtVxe1J2XtgvNnX2JHohUiyzXwyGH1l73qgKVdCFC7eTt5e/bEcsfhzMPYX PwqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:x-gm-message-state; bh=5pP5wWDxIFQKQtYe0fuLGis9lllqTvNyyEhEO/jwCGo=; b=nOKY9qW9/y6puTLw7+iSEuVgymJ6iT4Tj/0+QSB9kUusLmYoWU2Pu+xuALBXUfFRuM cK2gRZcoHobItcrMPtqdUf+i2d8Lf7u3KAygFcqLgoMuWgerPOKEUru114HjtMJR+Z6f aH8wxEw8ZJnUmpjQthWR860AYCtUJECn70aOE1Qtb+9YoYCiTPXgdiDfSoY4VpvIf0Gd Mj2JTuXtULgCSGGBvW3rQbN2vrIVpa/MQVCLHIoKiYba/3F5Z1v6T8w9M76ZQjy590Hq 5/1Lhpv4GAfRw4QtVqQAcpH4BpYG80i+7qfxYkTgRSG2tnNWG5GxwQ5oXBd+GcOTq9vo uSXQ==
X-Received: by 10.180.96.227 with SMTP id dv3mr12444198wib.59.1373307375090; Mon, 08 Jul 2013 11:16:15 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.194.62.113 with HTTP; Mon, 8 Jul 2013 11:15:55 -0700 (PDT)
In-Reply-To: <E721D8C6A2E1544DB2DEBC313AF54DE224183578@xmb-rcd-x02.cisco.com>
References: <20130708041540.7930.93762.idtracker@ietfa.amsl.com> <CALe60zAs-NCJgiiHuFHi1ZEOdp2SB4v2-0AYrxBQ2R_gJ=nLcA@mail.gmail.com> <CAOJ7v-0Vxkf-4j-ZHCisKuORob_cL3ogXoexTFMDMJDEttRbaQ@mail.gmail.com> <E721D8C6A2E1544DB2DEBC313AF54DE224183578@xmb-rcd-x02.cisco.com>
From: Justin Uberti <juberti@google.com>
Date: Mon, 8 Jul 2013 14:15:55 -0400
Message-ID: <CAOJ7v-2_oMAfTqyUzd6cdu2fkS04LQHGO+naqAy7z6KLjJDgMQ@mail.gmail.com>
To: "Muthu Arul Mozhi Perumal (mperumal)" <mperumal@cisco.com>
Content-Type: multipart/alternative; boundary=f46d0442727042a0ed04e1040afa
X-Gm-Message-State: ALoCoQmHvi3E8dh76QV3CQVEMxQHADr5A9orm7t67BY/zvUouaua8VA0eHfS9ZoePhTZR5xJRlLnDWmhvj3ruIxXWm5SOWxfSa0rIJhq78Cy3CSTK0pl+CFjV3Z0GTVc31ZSTFvF3jziRTWZzHx3NvGFQWuKP9S08n5tjzyZEiJqOufmGugl8l4AguJ5+lyzrNUd6urKR+JI
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] Fwd: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 18:16:18 -0000

On Mon, Jul 8, 2013 at 1:52 AM, Muthu Arul Mozhi Perumal (mperumal) <
mperumal@cisco.com> wrote:

>  Hi Justin,****
>
> ** **
>
> A few quick comments:****
>
> 1) The primary advantage of the proposed mechanism seems not requiring any
> interaction between the web service and the TURN service in order for the
> TURN service to grant TURN credentials in the HTTP response -- this absence
> of interaction isn't evident on a first read. A diagram showing the client,
> web service, TURN service and the messages exchanged would be helpful.
>

This is mentioned in the introduction, but agree a diagram would be
helpful.

> ****
>
> ** **
>
> 2) ****
>
> |If desired, the TURN server can optionally verify that the parsed****
>
> |user id value corresponds to a currently valid user of an external****
>
> |service (e.g. is currently logged in to the web app that is making****
>
> |use of TURN).  This requires proprietary communication between the****
>
> |TURN server and external service on each ALLOCATE request, so this****
>
> |usage is not recommended for typical applications.  If this external****
>
> |verification fails, it SHOULD reject the request with a 401****
>
> |(Unauthorized) error.****
>
> ** **
>
> Was the intention of putting "not recommended" having a normative
> statement? If not, it would be better to change it to "no needed".
>

I was waffling on this - I think I will just make it "not needed", and
leave this decision up to the implementor.

> ****
>
> ** **
>
> 3) There is no text describing how the timestamp encoded in the UNSERNAME
> attribute of the ALLOCAE requested could be protected.
>

In the HTTP Interactions section, I mention that the password used for the
MESSAGE-INTEGRITY is a digest of the username, but I can make this more
explicit.

> ****
>
> ** **
>
> 4) draft-reddy-behave-turn-auth describes the issues with TURN
> authentication and draft-uberti-rtcweb-turn-rest looks like one possible
> solution. Looks both could reference each other.
>

Agreed - hadn't seen that draft before since it wasn't in rtcweb.

> ****
>
> ** **
>
> Muthu****
>
> ** **
>
> *From:* rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] *On
> Behalf Of *Justin Uberti
> *Sent:* Monday, July 08, 2013 9:55 AM
> *To:* rtcweb@ietf.org
> *Subject:* [rtcweb] Fwd: New Version Notification for
> draft-uberti-rtcweb-turn-rest-00.txt****
>
> ** **
>
> Just uploaded a 00 version of a spec for requesting time-limited TURN
> credentials for WebRTC apps. Would like to get 10 minutes of agenda time to
> present this in Berlin.****
>
> ** **
>
> ---------- Forwarded message ----------
> From: <internet-drafts@ietf.org>
> Date: Mon, Jul 8, 2013 at 12:15 AM
> Subject: New Version Notification for draft-uberti-rtcweb-turn-rest-00.txt
> To: Justin Uberti <justin@uberti.name>
>
>
>
> A new version of I-D, draft-uberti-rtcweb-turn-rest-00.txt
> has been successfully submitted by Justin Uberti and posted to the
> IETF repository.
>
> Filename:        draft-uberti-rtcweb-turn-rest
> Revision:        00
> Title:           A REST API For Access To TURN Services
> Creation date:   2013-07-08
> Group:           Individual Submission
> Number of pages: 7
> URL:
> http://www.ietf.org/internet-drafts/draft-uberti-rtcweb-turn-rest-00.txt
> Status:
> http://datatracker.ietf.org/doc/draft-uberti-rtcweb-turn-rest
> Htmlized:
> http://tools.ietf.org/html/draft-uberti-rtcweb-turn-rest-00
>
>
> Abstract:
>    This document describes a proposed standard REST API for obtaining
>    access to TURN services via ephemeral (i.e. time-limited)
>    credentials.  These credentials are vended by a web service over
>    HTTP, and then supplied to and checked by a TURN server using the
>    standard TURN protocol.  The usage of ephemeral credentials ensures
>    that access to the TURN server can be controlled even if the
>    credentials can be discovered by the user, as is the case in WebRTC
>    where TURN credentials must be specified in Javascript.
>
>
>
>
> The IETF Secretariat****
>
> ** **
>
> ** **
>