IETF Logo Mail Archive

Re: [rtcweb] I-D Action: draft-ietf-rtcweb-transports-00.txt

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Tue, 20 August 2013 07:08 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A4C5311E81CC for <rtcweb@ietfa.amsl.com>; Tue, 20 Aug 2013 00:08:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.598
X-Spam-Level:
X-Spam-Status: No, score=-10.598 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rfnAvyS3rtO7 for <rtcweb@ietfa.amsl.com>; Tue, 20 Aug 2013 00:08:21 -0700 (PDT)
Received: from rcdn-iport-5.cisco.com (rcdn-iport-5.cisco.com [173.37.86.76]) by ietfa.amsl.com (Postfix) with ESMTP id 6441011E81D4 for <rtcweb@ietf.org>; Tue, 20 Aug 2013 00:08:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=7360; q=dns/txt; s=iport; t=1376982500; x=1378192100; h=from:to:cc:subject:date:message-id:references: in-reply-to:mime-version; bh=xHdcI6nJv17EmxUuzARmdRgjLh+EVUwM/S2xUoVBgH4=; b=OFwxlbi2d2q2bdPskpNvwFKKI/tIrB9BOkiIo5vctkUvPckiSuVrgB0v 5fsm7kQPND5s/MtzmhTXPoI2fszDJaLE/sgHTUgNZ2JcmziebPbSi6CB1 ldCtfMkwrP7kF1CnFjD4j6BOo5o1Gv+UmJqSLD3aVKtyJg8Nrbz2ReSmC c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AjEFAH8UE1KtJV2a/2dsb2JhbABZgkFENVG/NYEhFnSCJAEBAQQtTBACAQgRBAEBCx0HMhQJCAIEAQ0FCIgIDKtKkCsxBgGDG3cDmRGQKIMcgio
X-IronPort-AV: E=Sophos; i="4.89,918,1367971200"; d="scan'208,217"; a="249313144"
Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-5.cisco.com with ESMTP; 20 Aug 2013 07:08:11 +0000
Received: from xhc-aln-x11.cisco.com (xhc-aln-x11.cisco.com [173.36.12.85]) by rcdn-core-3.cisco.com (8.14.5/8.14.5) with ESMTP id r7K78BIM013512 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Tue, 20 Aug 2013 07:08:11 GMT
Received: from xmb-rcd-x10.cisco.com ([169.254.15.8]) by xhc-aln-x11.cisco.com ([173.36.12.85]) with mapi id 14.02.0318.004; Tue, 20 Aug 2013 02:08:10 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Roman Shpount <roman@telurix.com>, "Dan Wing (dwing)" <dwing@cisco.com>
Thread-Topic: [rtcweb] I-D Action: draft-ietf-rtcweb-transports-00.txt
Thread-Index: AQHOnQACPiyyHuYBZE+f9i52g6QhP5mdXbuAgAAhmwCAAAlxgIAAI2/A
Date: Tue, 20 Aug 2013 07:08:10 +0000
Message-ID: <913383AAA69FF945B8F946018B75898A1902EAE0@xmb-rcd-x10.cisco.com>
References: <20130819171507.30712.24757.idtracker@ietfa.amsl.com> <52128C29.4040402@alvestrand.no> <EAF548B7-09BE-4C64-AC44-4EE02EFC96F7@cisco.com> <CAD5OKxtB5K2+33UKandrKn_fe6XY6FO_VWAptfcLqvOQ1MCufw@mail.gmail.com>
In-Reply-To: <CAD5OKxtB5K2+33UKandrKn_fe6XY6FO_VWAptfcLqvOQ1MCufw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.49.195]
Content-Type: multipart/alternative; boundary="_000_913383AAA69FF945B8F946018B75898A1902EAE0xmbrcdx10ciscoc_"
MIME-Version: 1.0
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-transports-00.txt
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Aug 2013 07:08:26 -0000

From: rtcweb-bounces@ietf.org [mailto:rtcweb-bounces@ietf.org] On Behalf Of Roman Shpount
Sent: Tuesday, August 20, 2013 5:25 AM
To: Dan Wing (dwing)
Cc: rtcweb@ietf.org
Subject: Re: [rtcweb] I-D Action: draft-ietf-rtcweb-transports-00.txt

On Mon, Aug 19, 2013 at 7:20 PM, Dan Wing <dwing@cisco.com<mailto:dwing@cisco.com>> wrote:

On Aug 19, 2013, at 2:20 PM, Harald Alvestrand <harald@alvestrand.no<mailto:harald@alvestrand.no>> wrote:
Section 2.2,
"   o  TURN, including TURN over TCP [[QUESTION: and TURN over TLS]],
      [RFC5766]."

Most -- but not all -- of the security obtained with TURN over TLS is achieved with TURN REST (draft-uberti-behave-turn-rest and draft-uberti-rtcweb-turn-rest).  I think the working group should consider if TURN REST satisfies the requirements, or if TURN over TLS is really, really necessary.

It is useful to support TURN over TLS for two reasons:
1. To hide the remote party IP address in TURN allocations from anybody who is monitoring the local IP connection
[TR] To solve the problems explained in http://tools.ietf.org/html/draft-reddy-behave-turn-auth-02, TURN over DTLS is discussed in BEHAVE WG which addresses problems related to privacy etc.

2. To traverse restrictive firewalls that only allow HTTP/HTTPS connections by placing a TURNS server on port 443
[TR] But those restrictive firewall mostly also perform DPI.
--Tiru.
I would think that for those two reasons TURN-TLS should be MUST implement.
_____________
Roman Shpount

v2.23.0 | Report a Bug | By Email