IETF Logo Mail Archive

Re: [rtcweb] URI schemes for TURN and STUN

Cullen Jennings <fluffy@cisco.com> Mon, 31 October 2011 00:05 UTC

Return-Path: <fluffy@cisco.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F6BD11E8099 for <rtcweb@ietfa.amsl.com>; Sun, 30 Oct 2011 17:05:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.379
X-Spam-Level:
X-Spam-Status: No, score=-106.379 tagged_above=-999 required=5 tests=[AWL=0.220, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XKBaSp0r9QaD for <rtcweb@ietfa.amsl.com>; Sun, 30 Oct 2011 17:05:54 -0700 (PDT)
Received: from mtv-iport-2.cisco.com (mtv-iport-2.cisco.com [173.36.130.13]) by ietfa.amsl.com (Postfix) with ESMTP id 171771F0C49 for <rtcweb@ietf.org>; Sun, 30 Oct 2011 17:05:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=fluffy@cisco.com; l=2357; q=dns/txt; s=iport; t=1320019554; x=1321229154; h=subject:mime-version:from:in-reply-to:date:cc: content-transfer-encoding:message-id:references:to; bh=FMyeobc+W244jWTZOoeyaSZfX+70Q+d6tGG8/BLrtgU=; b=iEiC+PCyjxX3d77CkJIA6b7oqMRgZaR2VEfkj4RXiQEUb2G/fqj2DaKQ mcRG0VCMKuZpuHzL2QBXoOvh35wdvVQbaXv4jL2hpqJNApKkkSW+nSNRU zqz0Zs9XpxsiMXlqzMKxSl3U4xTHm+FIPBIP6X7b4ljdmZh6NYTo3TRVm c=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av4EAEnmrU6rRDoG/2dsb2JhbABDqUCBBYFyAQEBAQIBAQEBDwEnNAsFCwtGJzAGEyKHYAiVQAGdFwSIIWEEiAaMCJF/
X-IronPort-AV: E=Sophos;i="4.69,428,1315180800"; d="scan'208";a="11283009"
Received: from mtv-core-1.cisco.com ([171.68.58.6]) by mtv-iport-2.cisco.com with ESMTP; 31 Oct 2011 00:05:53 +0000
Received: from sjc-vpn2-1232.cisco.com (sjc-vpn2-1232.cisco.com [10.21.116.208]) by mtv-core-1.cisco.com (8.14.3/8.14.3) with ESMTP id p9V05Ds9024727; Mon, 31 Oct 2011 00:05:52 GMT
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset="us-ascii"
From: Cullen Jennings <fluffy@cisco.com>
In-Reply-To: <4EAC6BF4.2000604@alvestrand.no>
Date: Sun, 30 Oct 2011 17:05:52 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <D37FDA8F-73D6-40AC-8EE1-860EDDABD565@cisco.com>
References: <4EAC6BF4.2000604@alvestrand.no>
To: Harald Alvestrand <harald@alvestrand.no>
X-Mailer: Apple Mail (2.1251.1)
Cc: "rtcweb@ietf.org" <rtcweb@ietf.org>
Subject: Re: [rtcweb] URI schemes for TURN and STUN
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/rtcweb>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 31 Oct 2011 00:05:54 -0000

On Oct 29, 2011, at 15:11 , Harald Alvestrand wrote:

> Hi,
> being in the process of scanning all the drafts with -rtcweb- in them, I came across these two:
> 
> draft-nandakumar-rtcweb-stun-uri-00.txt
> draft-nandakumar-rtcweb-turn-uri-00.txt
> 
> Just three comments:
> 
> - I think it's not RTCWEB business. They should be pointed at the home group for STUN/ICE.

I suspect the point of putting rtcweb in the name was so this group of people would find them. I doubt you would have noticed them had they been named behave. That said, I did ask the authors to send emails about them to the behave WG. So I get your point,  but I think they were meant for this group to read. I know I would not have noticed them had they been in behave. 

> - I do not think it's appropriate to use "turn" and "turns" for indicating transport. Polluting the URI namespace with more configuration parameters in the form of trailing "s" is a Bad Thing.

It's a bit more complicated than that - some time this is the right thing, sometimes not. I have no idea of the case here but just saying HTTPS was a Bad Thing seems a bit over simplistic. Anyways - I'd have to think about what we need to accomplish, what the use cases are and try to sort this out. I'm not arguing for or against turns - I'd want to see a bit more info before getting into that. 


> - Passing passwords in URIs is generally a Bad Practice. If you really want this in this case, please explore the implications thereof fully in the Security Considerations section.

Agree it is not good. Questions is, is it any worse than passing them JS downloaded over HTTP or HTTPS? I note that is is what another document I am co-author of is suggesting so I'm a bit sensitive about how that conversation goes. I don't have real strong feeling about if it should be in the TURN URI or not but I have pretty strong feelings that it is either going to be in the URI or sitting in the same HTTP doc right beside the URI with all the same "Bad Practice" issues either way. 

> 
> Good luck with the discussion (elsewhere)!

> 
>                 Harald
> 
> 
> _______________________________________________
> rtcweb mailing list
> rtcweb@ietf.org
> https://www.ietf.org/mailman/listinfo/rtcweb

v2.23.0 | Report a Bug | By Email