Re: [rtcweb] Same location media
Roman Shpount <roman@telurix.com> Thu, 20 October 2011 17:58 UTC
Return-Path: <roman@telurix.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88C8121F8BBB for <rtcweb@ietfa.amsl.com>; Thu, 20 Oct 2011 10:58:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.892
X-Spam-Level:
X-Spam-Status: No, score=-2.892 tagged_above=-999 required=5 tests=[AWL=0.084, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nq5j5CbqGEFz for <rtcweb@ietfa.amsl.com>; Thu, 20 Oct 2011 10:58:43 -0700 (PDT)
Received: from mail-yw0-f44.google.com (mail-yw0-f44.google.com [209.85.213.44]) by ietfa.amsl.com (Postfix) with ESMTP id DCD4F21F8B74 for <rtcweb@ietf.org>; Thu, 20 Oct 2011 10:58:42 -0700 (PDT)
Received: by ywa8 with SMTP id 8so3660052ywa.31 for <rtcweb@ietf.org>; Thu, 20 Oct 2011 10:58:42 -0700 (PDT)
Received: by 10.236.197.99 with SMTP id s63mr17355116yhn.14.1319133522467; Thu, 20 Oct 2011 10:58:42 -0700 (PDT)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by mx.google.com with ESMTPS id f24sm15006770yhk.5.2011.10.20.10.58.41 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 20 Oct 2011 10:58:42 -0700 (PDT)
Received: by ggnv1 with SMTP id v1so3649948ggn.31 for <rtcweb@ietf.org>; Thu, 20 Oct 2011 10:58:41 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.68.23.6 with SMTP id i6mr21639643pbf.13.1319133520948; Thu, 20 Oct 2011 10:58:40 -0700 (PDT)
Received: by 10.68.47.40 with HTTP; Thu, 20 Oct 2011 10:58:40 -0700 (PDT)
In-Reply-To: <BLU152-W404F6E9A2510EBAC9F1C1F93EB0@phx.gbl>
References: <CAD5OKxuJi_VS9fRc4P6GN-StWzMhMHAQ2MyO8zJVsMfEeQRftg@mail.gmail.com> <BLU152-W274DC7DC92EF49307BC57D93EB0@phx.gbl> <CAD5OKxuooQzhmyHFi87XNPwiNqB7ohzhcbOWEsvCn-Zkshc9kQ@mail.gmail.com> <BLU152-W6591495353D395650050F293EB0@phx.gbl> <CAD5OKxtr=TGj4tCSCUsYxL=+Qturw-CKrTptDAkk=EQgQAVR2A@mail.gmail.com> <BLU152-W404F6E9A2510EBAC9F1C1F93EB0@phx.gbl>
Date: Thu, 20 Oct 2011 13:58:40 -0400
Message-ID: <CAD5OKxvgj=0gr1t-3TvEjNyz-L1FvYAgrnonbYn5FqFEhhYU7g@mail.gmail.com>
From: Roman Shpount <roman@telurix.com>
To: Bernard Aboba <bernard_aboba@hotmail.com>
Content-Type: multipart/alternative; boundary="bcaec5216223ed6c0104afbeb44d"
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] Same location media
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Oct 2011 17:58:43 -0000
On Thu, Oct 20, 2011 at 1:02 PM, Bernard Aboba <bernard_aboba@hotmail.com>wrote: > [BA] With respect to TURN with TCP/TLS we have found some firewalls that > actually do deep packet inspection. So if you're sending to TCP port 80 and > aren't using HTTP, or are sending to port 443 and aren't using TLS (or are > using TLS extensions the firewall doesn't understand), the firewall can > block. So yes, it is important to support TURN with TCP/TLS, but it should > be recognized that even with that, there will still be a significant > percentage of failures. > TURN over TLS is non-distinguishable (unless I am missing something) from HTTPS connection. It is using the same TLS transport as HTTPS and firewall cannot inspect the actual data transmitted. Firewall can probably do some sort of heuristics based on packet sizes, but this will not be reliable enough to distinguish TURN over TLS from HTTPS (or real time media over HTTPS). In any case, if people are persistent enough they will find the way to block RTC connections regardless of the protocol used. _____________ Roman Shpount
- [rtcweb] Same location media Roman Shpount
- Re: [rtcweb] Same location media Eric Rescorla
- Re: [rtcweb] Same location media Bernard Aboba
- Re: [rtcweb] Same location media Roman Shpount
- Re: [rtcweb] Same location media Roman Shpount
- Re: [rtcweb] Same location media Bernard Aboba
- Re: [rtcweb] Same location media Matthew Kaufman
- Re: [rtcweb] Same location media Matthew Kaufman
- Re: [rtcweb] Same location media Roman Shpount
- Re: [rtcweb] Same location media IƱaki Baz Castillo
- Re: [rtcweb] Same location media Bernard Aboba
- Re: [rtcweb] Same location media Hadriel Kaplan
- Re: [rtcweb] Same location media Michael Thornburgh
- Re: [rtcweb] Same location media Roman Shpount
- Re: [rtcweb] Same location media Bernard Aboba
- Re: [rtcweb] Same location media Salvatore Loreto
- Re: [rtcweb] Same location media Jozsef Vass