IETF Logo Mail Archive

Re: [rtcweb] [BEHAVE] New Version Notification for draft-chenxin-behave-turn-websocket-01.txt

"Chenxin (Xin)" <hangzhou.chenxin@huawei.com> Sat, 14 September 2013 10:25 UTC

Return-Path: <hangzhou.chenxin@huawei.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6E55921E81B6; Sat, 14 Sep 2013 03:25:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pMjOLv3iGZts; Sat, 14 Sep 2013 03:25:45 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com [194.213.3.17]) by ietfa.amsl.com (Postfix) with ESMTP id 240A221E81AD; Sat, 14 Sep 2013 03:25:43 -0700 (PDT)
Received: from 172.18.7.190 (EHLO lhreml204-edg.china.huawei.com) ([172.18.7.190]) by lhrrg02-dlp.huawei.com (MOS 4.3.5-GA FastPath queued) with ESMTP id AVK01983; Sat, 14 Sep 2013 10:25:42 +0000 (GMT)
Received: from LHREML404-HUB.china.huawei.com (10.201.5.218) by lhreml204-edg.china.huawei.com (172.18.7.223) with Microsoft SMTP Server (TLS) id 14.3.146.0; Sat, 14 Sep 2013 11:23:32 +0100
Received: from SZXEMA408-HUB.china.huawei.com (10.82.72.40) by lhreml404-hub.china.huawei.com (10.201.5.218) with Microsoft SMTP Server (TLS) id 14.3.146.0; Sat, 14 Sep 2013 11:23:49 +0100
Received: from SZXEMA504-MBX.china.huawei.com ([169.254.7.96]) by SZXEMA408-HUB.china.huawei.com ([10.82.72.40]) with mapi id 14.03.0146.000; Sat, 14 Sep 2013 18:23:44 +0800
From: "Chenxin (Xin)" <hangzhou.chenxin@huawei.com>
To: Simon Perreault <simon.perreault@viagenie.ca>
Thread-Topic: [rtcweb] [BEHAVE] New Version Notification for draft-chenxin-behave-turn-websocket-01.txt
Thread-Index: AQHOsSrDIYEbSyC+fUOCPacmrLHxDJnE/cCw
Date: Sat, 14 Sep 2013 10:23:43 +0000
Message-ID: <9E34D50A21D1D1489134B4D770CE03976807F3C1@SZXEMA504-MBX.china.huawei.com>
References: <20130913005837.14362.66591.idtracker@ietfa.amsl.com> <9E34D50A21D1D1489134B4D770CE03976807F0B0@SZXEMA504-MBX.china.huawei.com> <5232D9A2.8050800@viagenie.ca> <52337505.9000109@gmail.com> <5233FC04.7040509@viagenie.ca> <9E34D50A21D1D1489134B4D770CE03976807F388@SZXEMA504-MBX.china.huawei.com> <523428D2.8050505@viagenie.ca>
In-Reply-To: <523428D2.8050505@viagenie.ca>
Accept-Language: en-US, zh-CN
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.166.41.115]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>, "behave@ietf.org" <behave@ietf.org>
Subject: Re: [rtcweb] [BEHAVE] New Version Notification for draft-chenxin-behave-turn-websocket-01.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Sep 2013 10:25:49 -0000

Hi Simon,
>>> I have a new question: what does the TURN server put in the
>>> XOR-MAPPED-ADDRESS attribute? The proxy's address or the client's
>>> address?
>>
>> The proxy's address. I do not think this attribute will help ICE process.
>>
>> Can TURN over WebSockets be used to gather server-reflexive
>>> candidates?
>>
>> Yes, It could do as UDP and TCP. But when there is a http proxy. I think the
>server reflexive candidates will be the address of proxy, which means nothing for
>the peer.
>
>Isn't this a big problem? I mean, if the client cannot trust the value
>of the XOR-MAPPED-ADDRESS attribute, doesn't that break STUN/TURN/ICE
>and everything else?
>
Thanks for your question. You are right about it. We should consider more about gathering the server reflexive candidates in turn over websocket.
I have checked the RFC 5766 again:
      Reflexive Transport Address:  A transport address learned by a client
      that identifies that client as seen by another host on an IP
      network, typically a STUN server.  When there is an intervening
      NAT between the client and the other host, the reflexive transport
      address represents the mapped address allocated to the client on
      the public side of the NAT.  Reflexive transport addresses are
      learned from the mapped address attribute (MAPPED-ADDRESS or XOR-
      MAPPED-ADDRESS) in STUN responses.
Which restricts that the "Reflexive Transport Address" should be obtained from NAT. It will be semantic problem if this address is from proxy.

In ICE, I have not found out the harmful scenario yet. It will be possible to make ICE Connectivity Checks failed, but it will be possible to be useful. 
I am still thinking about how to handle it. Should we just leave it to for the usage of gathering candidate from NAT? OR totally forbid it in the turn over websocket?
What is your suggestion?

>Simon
>--
>DTN made easy, lean, and smart --> http://postellation.viagenie.ca
>NAT64/DNS64 open-source        --> http://ecdysis.viagenie.ca
>STUN/TURN server               --> http://numb.viagenie.ca

v2.31.3 | Report a Bug | By Email | System Status