[tram] Ben Campbell's Discuss on draft-ietf-tram-turn-server-discovery-09: (with DISCUSS and COMMENT)
"Ben Campbell" <ben@nostrum.com> Thu, 01 September 2016 01:24 UTC
Return-Path: <ben@nostrum.com>
X-Original-To: tram@ietf.org
Delivered-To: tram@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 8D2A412B03A; Wed, 31 Aug 2016 18:24:28 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Ben Campbell <ben@nostrum.com>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 6.31.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <147269306853.31916.11958166980739260630.idtracker@ietfa.amsl.com>
Date: Wed, 31 Aug 2016 18:24:28 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/47L-f69UcEsQvisKesSzrF_WVOM>
Cc: sperreault@jive.com, draft-ietf-tram-turn-server-discovery@ietf.org, tram@ietf.org, tram-chairs@ietf.org
Subject: [tram] Ben Campbell's Discuss on draft-ietf-tram-turn-server-discovery-09: (with DISCUSS and COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.17
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Sep 2016 01:24:28 -0000
Ben Campbell has entered the following ballot position for draft-ietf-tram-turn-server-discovery-09: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-tram-turn-server-discovery/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- -9, first paragraph says: "Use of Session Traversal Utilities for NAT (STUN) [RFC5389] authentication is OPTIONAL for TURN servers provided by the local network or by the access network. A network provided TURN server MAY be configured to accept Allocation requests without STUN authentication, and a TURN client MAY be configured to accept Allocation success responses without STUN authentication from a network provided TURN server. " This seems to relax the MUST level requirement in RFC 5766 that says TURN MUST use STUN long-term credential authentication, or use some other equally strong mechanism. From a purely process perpective, this would either require an update to 5766, or it would require an argument that the local/access network is somehow equally protected. I think the latter would only be true if the access network has some sort of protection beyond just being the access network (e.g. a vpn, ipsec, or physical isolation.) I don't recall seeing text that suggested any of those. But in any case, I think relaxing that requirement needs some discussion about how the server or client can be sure that all communication is in fact constrained to the local network. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Substantive: - general: I agree with the DISCUSS positions from Terry, Alexey, and Kathleen. -3, paragraph 1: Are the MUST and MAY in this paragraph _new_ requirements, or just statements of fact about previously existing requirements? If the latter, they should not use 2119 keywords. -4.1.2, first paragraph: It would be helpful to have a discussion about clients that may support multiple users, potentially with different domains, or for a single user to use different domains for different services. -4.2, general: Do I correctly understand that most of this section describes the results of applying RFC 5928 procedures to the extracted domain name? If so, is it not enough reference 5928 and leave it at that? -4.2, last paragraph, last sentence: Is this requirement new to this draft, or something from 5928? If the latter, please use descriptive language. -9, paragraph 5: "Any discovered TURN server outside the criteria is considered untrusted and is not used for privacy sensitive communication." It seems like this needs stronger guidance, maybe even "MUST NOT be used..." - Informational References: I-D.ietf-rtcweb-return and RFC 6125 are cited as part of normative requirements, which makes them by definition need to be normative references. I-D.ietf-tram-turn-mobility, RFC6024, and RFC7250 are borderline; I think one could make an argument that one needs to read them to fully understand this draft. Editorial: -3, last paragraph: "MAY optionally" is redundant. -5.1, first paragraph, first sentence: I got lost in the nested “or”s. Please consider breaking this up into a few simpler sentences. - Figure 1: Why merge the query and reply for the A/AAAA query but not the other queries? -6, first paragraph, last sentence: I'm not sure what that sentence means.
- [tram] Ben Campbell's Discuss on draft-ietf-tram-… Ben Campbell
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Prashanth Patil (praspati)
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Ben Campbell
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Prashanth Patil (praspati)
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Ben Campbell
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Prashanth Patil (praspati)
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Ben Campbell
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Ben Campbell
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Karl Stahl
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Tirumaleswar Reddy (tireddy)
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Ben Campbell
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Prashanth Patil (praspati)
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Karl Stahl
- Re: [tram] Ben Campbell's Discuss on draft-ietf-t… Spencer Dawkins at IETF