IETF Logo Mail Archive

Re: [rtcweb] Nils comments [Was: WGLC for draft-ietf-rtcweb-ip-handling]

Nils Ohlmeier <nohlmeier@mozilla.com> Mon, 30 April 2018 22:21 UTC

Return-Path: <nohlmeier@mozilla.com>
X-Original-To: rtcweb@ietfa.amsl.com
Delivered-To: rtcweb@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 055C312D964 for <rtcweb@ietfa.amsl.com>; Mon, 30 Apr 2018 15:21:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mozilla.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hX67n6GQlh_O for <rtcweb@ietfa.amsl.com>; Mon, 30 Apr 2018 15:21:30 -0700 (PDT)
Received: from mail-pg0-x22c.google.com (mail-pg0-x22c.google.com [IPv6:2607:f8b0:400e:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93964127342 for <rtcweb@ietf.org>; Mon, 30 Apr 2018 15:21:30 -0700 (PDT)
Received: by mail-pg0-x22c.google.com with SMTP id k11-v6so6095457pgo.10 for <rtcweb@ietf.org>; Mon, 30 Apr 2018 15:21:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mozilla.com; s=google; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=pz8BtFNkdGm7yrTmQzQ9lO/31Z+i0aSHrr+s1P2zJTo=; b=aaKMMGnE7aFIs5jv3LhWAFkjyWKd9GolbG9+KBKiewbbH/YUSvZ0G2K6bj2wacOeZP OfAPZJTEofP9+lNzRhG50rRT9hTj3bv+LVp23azr2SKGsLJpLO2gI8uRdXlIQd6Gegcb +7SIwpp6rOhQfdwnKa+GLjqCUA8xEHkmdwqgc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=pz8BtFNkdGm7yrTmQzQ9lO/31Z+i0aSHrr+s1P2zJTo=; b=G2YWfq0gvztTukTJcXBQMwHXFjs9pH3O9T8pjweeyBTPqzDaDt/kxAqaX9XYQ//jkj V2tL4Llxe0bs8lR3wD4Y503X19Afcpy3F9DcJCYJpAPy84kSTASVsLVLyBul31EzDzlF 3mVz4x0gxRBcfcpBaRUOMNi/4kAfwWtJ2l6MohFzQDkcMrdhCkK9rkBldIDnZ8AZelLj JqUxfYNjakGnAHeAUYix/HPF+pzNK/qvH1jx8ya+IJz33vY9cUA73AZaZQWdyWS+EMeU hA8FS/WGy+glB0d3Ci2LDWb+r610bencbpStQcrEN1BPxY9BxVBdICHTvdcq/jQo92jD mCDA==
X-Gm-Message-State: ALQs6tAhgRSVnMUEPZ9k24xR6zFF3YeM6tyEA3Af5XzLp9RPxm3vg/Xb PSCoLr1QG7yuu0jvnNBNO5OZDA==
X-Google-Smtp-Source: AB8JxZqU3S9X/ZtHNtqVlxy2zy8ZcVxupVVwOpXqKb2nWBCpfEFi85cZ66LJAU6nhd6FTT3r3CsLRA==
X-Received: by 2002:a63:7e5c:: with SMTP id o28-v6mr11090603pgn.194.1525126889748; Mon, 30 Apr 2018 15:21:29 -0700 (PDT)
Received: from ?IPv6:2620:101:80fc:224:9c6:eea3:f621:af89? ([2620:101:80fc:224:9c6:eea3:f621:af89]) by smtp.gmail.com with ESMTPSA id k83sm22456791pfg.153.2018.04.30.15.21.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 30 Apr 2018 15:21:28 -0700 (PDT)
From: Nils Ohlmeier <nohlmeier@mozilla.com>
Message-Id: <D6DEE1F6-A105-4095-902D-CB6F5AA2D937@mozilla.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_A22F354E-DDF9-40F3-84A1-50FA191652E9"; protocol="application/pgp-signature"; micalg="pgp-sha512"
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
Date: Mon, 30 Apr 2018 15:21:26 -0700
In-Reply-To: <CAOJ7v-3FbN7v00Lzc5kJV4Nsw5DD0c6zLDLY+x1AgSOEHSt_WA@mail.gmail.com>
Cc: Cullen Jennings <fluffy@iii.ca>, RTCWeb IETF <rtcweb@ietf.org>
To: Justin Uberti <juberti@google.com>
References: <1D5B431C-801E-4F8C-8026-6BCBB72FF478@sn3rd.com> <F9EB7388-9E76-43E0-8C9B-61D3E50357F7@mozilla.com> <CAOJ7v-38kH4peZVVJU8itve2P+93eGaVdJ60MVcaRo3Xu86uTQ@mail.gmail.com> <296F0D20-F716-4C6C-8ABB-9FC21FC8189D@mozilla.com> <CAOJ7v-3wBVdfacAvb=VOggMXWMD1-5Oq-GCb5cNSCy3_-ur3Gw@mail.gmail.com> <A58B5A3B-DF5E-484B-ADD5-EBA539D0F250@iii.ca> <CAOJ7v-3FbN7v00Lzc5kJV4Nsw5DD0c6zLDLY+x1AgSOEHSt_WA@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.6.18)
Archived-At: <https://mailarchive.ietf.org/arch/msg/rtcweb/zLmfPx6HwpPr6H8axTH33ugvHG4>
Subject: Re: [rtcweb] Nils comments [Was: WGLC for draft-ietf-rtcweb-ip-handling]
X-BeenThere: rtcweb@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Real-Time Communication in WEB-browsers working group list <rtcweb.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rtcweb/>
List-Post: <mailto:rtcweb@ietf.org>
List-Help: <mailto:rtcweb-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rtcweb>, <mailto:rtcweb-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Apr 2018 22:21:35 -0000

> On Apr 30, 2018, at 15:03, Justin Uberti <juberti@google.com> wrote:
> 
> Any TURN server provided by the browser is in effect a proxy, and forcing use of said proxy can be done either through firewall config or explicit selection of Mode 4. (IOW, no new mode is needed.)

I do agree that these two configurations result in a similar behavior.
But I doubt that these use the same code path in implementations.
And (thus) I doubt readers of the draft/RFC will automatically come to the same conclusion.

It think it might be helpful to add another sentence explaining this scenario.

> The document originally pointed at RETURN as an example of how such TURN proxying could work, but was removed in order to avoid a dependency.

Fair enough.

  Nils

> On Fri, Apr 27, 2018 at 11:22 AM Cullen Jennings <fluffy@iii.ca <mailto:fluffy@iii.ca>> wrote:
> 
> 
>> On Apr 17, 2018, at 3:15 AM, Justin Uberti <juberti=40google.com@dmarc.ietf.org <mailto:juberti=40google.com@dmarc.ietf.org>> wrote:
>> 
>> IMO "trusting the TURN relay but not the application" is not a significant enough benefit to merit adding specific functionality for.
>> 
> 
> In the case were the TURN server is provided by the JS, I agree. But in the case where the configuration of the browser provided the TURN server, then I think it is as trusted as say a VPN server.
> 
>

v2.23.0 | Report a Bug | By Email