Re: [rtcweb] draft-schwartz-rtcweb-return
Alan Johnston <alan.b.johnston@gmail.com> Thu, 26 March 2015 16:24 UTC
Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FF951A7D82 for <rtcweb@ietfa.amsl.com>; Thu, 26 Mar 2015 09:24:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rdSZShdfxm_i for <rtcweb@ietfa.amsl.com>; Thu, 26 Mar 2015 09:24:09 -0700 (PDT)
Received: from mail-yh0-x236.google.com (mail-yh0-x236.google.com [IPv6:2607:f8b0:4002:c01::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 746F61A6FF9 for <rtcweb@ietf.org>; Thu, 26 Mar 2015 09:24:09 -0700 (PDT)
Received: by yhjf44 with SMTP id f44so28649292yhj.3 for <rtcweb@ietf.org>; Thu, 26 Mar 2015 09:24:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=RFJVZi2BIxmrMrvEnlvceNZVXgVTLfGJOuTT7C+7Msg=; b=1Ju59Gcm1Go1W2bMoWhAuQJwzEo6fsJY9LaMO1bR5VNRjWHC1bkEY6rqf/WBsgEXb2 F5BOsH+ipLD4iY0kY0VsftikHVhemUjVuhhM+pJpABH9JKbaJPpglOVJTrQJtoAmBDZ6 DUSDeK93A/6ApbNUI4W00CugzYqjcnJV07d7vDlb7Eio7gMRTqH1AeCPhGDaUukLRb3M cQCU0fwb+WD5igxPv7CWAm4dLoCervh5enYAgRkReAZcFpvq5LO+eV984PPnftfNmhqM ob2OPFQLwEMuEFiZGHpY2WP4XCILEQnaZZxTfX6dPB+fpCRoobGEQqOe+bPjb3gGjCrv +99g==
MIME-Version: 1.0
X-Received: by 10.52.7.228 with SMTP id m4mr18473068vda.31.1427387048794; Thu, 26 Mar 2015 09:24:08 -0700 (PDT)
Received: by 10.52.121.111 with HTTP; Thu, 26 Mar 2015 09:24:08 -0700 (PDT)
In-Reply-To: <9DA8307B-263C-4951-A55C-36B42D27C08B@cisco.com>
References: <9DA8307B-263C-4951-A55C-36B42D27C08B@cisco.com>
Date: Thu, 26 Mar 2015 11:24:08 -0500
Message-ID: <CAKhHsXGgNasqyjFG_gd2LQZry2VrOw_ktk8kFkxF=+pXZf-9nw@mail.gmail.com>
From: Alan Johnston <alan.b.johnston@gmail.com>
To: Cullen Jennings <fluffy@cisco.com>
Content-Type: multipart/alternative; boundary="20cf3033449d0024ef0512337226"
Archived-At: <http://mailarchive.ietf.org/arch/msg/rtcweb/nB9FDqMnQ90ERvUVGTKzJBHECps>
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] draft-schwartz-rtcweb-return
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 16:24:11 -0000
Cullen, I think the answer is obvious about credentials. If an enterprise is forcing users to use an enterprise TURN server, then it is up to the enterprise to manage the credentials. There is nothing new here. As for your MitM comments, that isn't true unless you are saying that DTLS-SRTP does not have any protection against MitM attacks. - Alan - On Thu, Mar 26, 2015 at 10:20 AM, Cullen Jennings <fluffy@cisco.com> wrote: > I'd like to point out that the combination of > ietf-tram-turn-server-discovery and draft-schwartz-rtcweb-return allow any > network you are connected to more or less MITM your media and do things > like rate limit it, generate analytics on who you are talking to, force > your traffic through an intermediary that is in a different legal > jurisdiction and so on. > > They are also not clear on how the browser gets the credentials to use the > discovered TURN server. This seems like a major lacking before we can > significantly discuss this. > > As we have seen from the google proxy deployments, enough revenue can be > generated from this relaying info to pay for the relay. I'm not keen on > that happening automatically with no user consent or awareness. > > But I don't get how this will work for enterprise deployments - It's just > very unclear how the JS would end with the appropriate set of TURN servers > to use. > > > > _______________________________________________ > rtcweb mailing list > rtcweb@ietf.org > https://www.ietf.org/mailman/listinfo/rtcweb >
- [rtcweb] draft-schwartz-rtcweb-return Cullen Jennings
- Re: [rtcweb] draft-schwartz-rtcweb-return Benjamin Schwartz
- Re: [rtcweb] draft-schwartz-rtcweb-return Alan Johnston
- Re: [rtcweb] draft-schwartz-rtcweb-return Justin Uberti
- Re: [rtcweb] draft-schwartz-rtcweb-return Prashanth Patil (praspati)
- Re: [rtcweb] draft-schwartz-rtcweb-return Hutton, Andrew
- Re: [rtcweb] draft-schwartz-rtcweb-return Cullen Jennings (fluffy)
- Re: [rtcweb] draft-schwartz-rtcweb-return Justin Uberti
- Re: [rtcweb] draft-schwartz-rtcweb-return Hutton, Andrew