Re: [rtcweb] I-D Action: draft-ietf-rtcweb-transports-00.txt

Roman Shpount <roman@telurix.com> Mon, 19 August 2013 23:54 UTC

Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 001C111E81A6 for <rtcweb@ietfa.amsl.com>; Mon, 19 Aug 2013 16:54:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0t-iHDXFUWIO for <rtcweb@ietfa.amsl.com>; Mon, 19 Aug 2013 16:54:48 -0700 (PDT)
Received: from mail-we0-f172.google.com (mail-we0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 9CB5111E8164 for <rtcweb@ietf.org>; Mon, 19 Aug 2013 16:54:48 -0700 (PDT)
Received: by mail-we0-f172.google.com with SMTP id t60so1133049wes.17 for <rtcweb@ietf.org>; Mon, 19 Aug 2013 16:54:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=JGAl6+1nwcHbv8My74kkRCLdf0GXfM0u6WSOEx/1hsA=; b=mw6fKkqDIzrakPwXndAJe/xMscCgC8Tq3ok1eLOcPiT7ib+ne5aLnf/Jo+jXOqvpPY 7QHyQSgydlvwFT+tdCwGfguunOgVx1WokC5EwKfbmcQQMwfta3d7SkCCiW4OG3WLp6HJ xVEt19PYN2CK+LC4rvtu3MqfiPmBM1RRie9AB+iK0xIUfpXdihk7BfNaRV3NhVsaAkb5 qJ++NbeM+k2GANz7J9I+riGYpAbNJgqrmYXy9KkvNl2NbO4MC9vqT6S8mcIJe0Y8w5+j /o7NvWCKAbKhdMkyKarkR/zOCrvcv4Y2kvCORUwmySO1n+XDNotvg9nmuL+oP4O9d+jY Oc+Q==
X-Gm-Message-State: ALoCoQk8mwDXzhEtTBxHjTs9rFv6pTklkYlqIqf9uS8NVdfj5/ClGaXnKFeHtTdp10yWE5LYaOYc
X-Received: by 10.180.77.193 with SMTP id u1mr10985123wiw.34.1376956487358; Mon, 19 Aug 2013 16:54:47 -0700 (PDT)
Received: from mail-wg0-x235.google.com (mail-wg0-x235.google.com [2a00:1450:400c:c00::235]) by mx.google.com with ESMTPSA id ff5sm15208615wib.2.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 19 Aug 2013 16:54:46 -0700 (PDT)
Received: by mail-wg0-f53.google.com with SMTP id c11so4116298wgh.20 for <rtcweb@ietf.org>; Mon, 19 Aug 2013 16:54:45 -0700 (PDT)
MIME-Version: 1.0
X-Received: by 10.180.187.2 with SMTP id fo2mr10046217wic.65.1376956485737; Mon, 19 Aug 2013 16:54:45 -0700 (PDT)
Received: by 10.216.2.201 with HTTP; Mon, 19 Aug 2013 16:54:45 -0700 (PDT)
In-Reply-To: <EAF548B7-09BE-4C64-AC44-4EE02EFC96F7@cisco.com>
References: <20130819171507.30712.24757.idtracker@ietfa.amsl.com> <52128C29.4040402@alvestrand.no> <EAF548B7-09BE-4C64-AC44-4EE02EFC96F7@cisco.com>
Date: Mon, 19 Aug 2013 19:54:45 -0400
Message-ID: <CAD5OKxtB5K2+33UKandrKn_fe6XY6FO_VWAptfcLqvOQ1MCufw@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Dan Wing <dwing@cisco.com>
Content-Type: multipart/alternative; boundary=001a11c38c8234236304e455aa15
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-transports-00.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Aug 2013 23:54:54 -0000

On Mon, Aug 19, 2013 at 7:20 PM, Dan Wing <dwing@cisco.com> wrote:

>
> On Aug 19, 2013, at 2:20 PM, Harald Alvestrand <harald@alvestrand.no>
> wrote:
> Section 2.2,
> "   o  TURN, including TURN over TCP [[QUESTION: and TURN over TLS]],
>       [RFC5766]."
>
> Most -- but not all -- of the security obtained with TURN over TLS is
> achieved with TURN REST (draft-uberti-behave-turn-rest and
> draft-uberti-rtcweb-turn-rest).  I think the working group should consider
> if TURN REST satisfies the requirements, or if TURN over TLS is really,
> really necessary.
>

It is useful to support TURN over TLS for two reasons:

1. To hide the remote party IP address in TURN allocations from anybody who
is monitoring the local IP connection
2. To traverse restrictive firewalls that only allow HTTP/HTTPS connections
by placing a TURNS server on port 443

I would think that for those two reasons TURN-TLS should be MUST implement.
_____________
Roman Shpount