Re: [tram] Chime in on attched redlined version-12 WAS: I-D Action: draft-ietf-tram-turn-server-discovery-12.txt
Brandon Williams <brandon.williams@akamai.com> Sun, 12 February 2017 16:24 UTC
Return-Path: <brandon.williams@akamai.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2D4112986D for <tram@ietfa.amsl.com>; Sun, 12 Feb 2017 08:24:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dxqiW3uJIEIw for <tram@ietfa.amsl.com>; Sun, 12 Feb 2017 08:24:42 -0800 (PST)
Received: from prod-mail-xrelay08.akamai.com (prod-mail-xrelay08.akamai.com [96.6.114.112]) by ietfa.amsl.com (Postfix) with ESMTP id BD92A129878 for <tram@ietf.org>; Sun, 12 Feb 2017 08:24:42 -0800 (PST)
Received: from prod-mail-xrelay08.akamai.com (localhost.localdomain [127.0.0.1]) by postfix.imss70 (Postfix) with ESMTP id 3EF1620000C; Sun, 12 Feb 2017 16:24:42 +0000 (GMT)
Received: from prod-mail-relay09.akamai.com (prod-mail-relay09.akamai.com [172.27.22.68]) by prod-mail-xrelay08.akamai.com (Postfix) with ESMTP id 1E5C2200009; Sun, 12 Feb 2017 16:24:42 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; s=a1; t=1486916682; bh=dqd3UHeXJF0C+7cfn5Ngbby2WZaZQDZiwvf+VYTzFAc=; l=31382; h=To:References:Cc:From:Date:In-Reply-To:From; b=CAjQhMvtC/QXNCSM/52caOpZKdMZHNap3gOVrIPbiIsayKfKAbEg1A2hxSAVCQinf C6ZrSeTOCAoKuSed161FD98nQaYG3SLfJocoS057goXLOfSLErAzIn+ohb+42da6hM 2yakicQlbOehycxfgFH93dTyHvJTwtNxnsgowpOg=
Received: from [172.28.118.196] (bowill.kendall.corp.akamai.com [172.28.118.196]) by prod-mail-relay09.akamai.com (Postfix) with ESMTP id BB4BA1E094; Sun, 12 Feb 2017 16:24:41 +0000 (GMT)
To: Karl Stahl <karl.stahl@ingate.com>, "'Tirumaleswar Reddy (tireddy)'" <tireddy@cisco.com>, 'Simon Perreault' <sperreault@jive.com>, 'Spencer Dawkins at IETF' <spencerdawkins.ietf@gmail.com>
References: <148427986357.3020.7793783112924549744.idtracker@ietfa.amsl.com> <a4aaffdefb794fb0a1b96f0252b862a9@XCH-RCD-017.cisco.com> <CAKKJt-fUzJJS9SXvbG2=T7PDz6nvHnhBqvHRtm-41BoGJsJC6Q@mail.gmail.com> <b139c913-a052-9397-c5df-7cd7c884cf71@jive.com> <CAKKJt-eh8ZZ=5J0KoY9zUpOhj=r9+ATSOk_hEF=G7qTt78_4-Q@mail.gmail.com> <5893bf99.0699370a.55c1f.0964SMTPIN_ADDED_BROKEN@mx.google.com> <bfd3ab0f-dbd5-2f95-1830-fc869a29d7c6@jive.com> <4547122c1f244f4db631dfda97404561@XCH-RCD-017.cisco.com> <028401d2812d$6b02c220$41084660$@stahl@ingate.com> <70420ebfeccb4c0086f946628cdc4daf@XCH-RCD-017.cisco.com> <03aa01d281d8$b4d5df80$1e819e80$@stahl@ingate.com> <c29a9ea6c4064365b05f988add8b9c63@XCH-RCD-017.cisco.com> <048f01d282d3$58c74390$0a55cab0$@stahl@ingate.com> <57e18bb6f5394f61b5c7200d521dd3b2@XCH-RCD-017.cisco.com> <055101d2833c$299e43c0$7cdacb40$@stahl@ingate.com> <2c2e50c5ab474493b71cf5c68df01c94@XCH-RCD-017.cisco.com> <05b801d283a0$743852e0$5ca8f8a0$@stahl@ingate.com>
From: Brandon Williams <brandon.williams@akamai.com>
Message-ID: <2909fdfc-cc13-c6bb-c26d-1f5262774847@akamai.com>
Date: Sun, 12 Feb 2017 11:24:41 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1
MIME-Version: 1.0
In-Reply-To: <05b801d283a0$743852e0$5ca8f8a0$@stahl@ingate.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/Rem1Rm2pZdljtpT3RxUWku8cG5U>
Cc: tram@ietf.org
Subject: Re: [tram] Chime in on attched redlined version-12 WAS: I-D Action: draft-ietf-tram-turn-server-discovery-12.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Feb 2017 16:24:46 -0000
Hi Karl, Regarding the "explicit administrator choice" part of the text, I think the point is not that an application MUST NOT blindly fall back to cleartext, but instead MUST give the admin and/or user some control. There are a variety of ways this could be accomplished. Tiru's suggestion in the earlier e-mail is just one of those. I don't think the draft needs to describe a specific method; it's up to the application developer to choose a method that best meets user needs. --Brandon On 02/10/2017 08:20 AM, Karl Stahl wrote: > Hi Tiru, below again > > > > *Från:*Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com] > *Skickat:* den 10 februari 2017 05:57 > *Till:* Karl Stahl; 'Simon Perreault'; 'Spencer Dawkins at IETF' > *Kopia:* tram@ietf.org > *Ämne:* RE: [tram] Chime in on attched redlined version-12 WAS: I-D > Action: draft-ietf-tram-turn-server-discovery-12.txt > > > > Hi Karl, > > > > Please see inline [TR2] > > > > *From:*Karl Stahl [mailto:karl.stahl@ingate.com] > *Sent:* Friday, February 10, 2017 6:53 AM > *To:* Tirumaleswar Reddy (tireddy) <tireddy@cisco.com > <mailto:tireddy@cisco.com>>; 'Simon Perreault' <sperreault@jive.com > <mailto:sperreault@jive.com>>; 'Spencer Dawkins at IETF' > <spencerdawkins.ietf@gmail.com <mailto:spencerdawkins.ietf@gmail.com>> > *Cc:* tram@ietf.org <mailto:tram@ietf.org> > *Subject:* SV: [tram] Chime in on attched redlined version-12 WAS: I-D > Action: draft-ietf-tram-turn-server-discovery-12.txt > > > > Hi Tiru, please see [Karl] inlines after your inlines. > > > > *Från:*Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com] > *Skickat:* den 9 februari 2017 15:34 > *Till:* Karl Stahl; 'Simon Perreault'; 'Spencer Dawkins at IETF' > *Kopia:* tram@ietf.org <mailto:tram@ietf.org> > *Ämne:* RE: [tram] Chime in on attched redlined version-12 WAS: I-D > Action: draft-ietf-tram-turn-server-discovery-12.txt > > > > Hi Karl, > > > > Please see inline > > > > *From:*Karl Stahl [mailto:karl.stahl@ingate.com] > *Sent:* Thursday, February 9, 2017 6:22 PM > *To:* Tirumaleswar Reddy (tireddy) <tireddy@cisco.com > <mailto:tireddy@cisco.com>>; 'Simon Perreault' <sperreault@jive.com > <mailto:sperreault@jive.com>>; 'Spencer Dawkins at IETF' > <spencerdawkins.ietf@gmail.com <mailto:spencerdawkins.ietf@gmail.com>> > *Cc:* tram@ietf.org <mailto:tram@ietf.org> > *Subject:* SV: [tram] Chime in on attched redlined version-12 WAS: I-D > Action: draft-ietf-tram-turn-server-discovery-12.txt > > > > Tiru, > > > > Each of your three sentences are incorrect. > > > > And, > >> updated in 12 version to say that (D)TLS is not mandatory to use if the > network infrastructure can defend against the attacks discussed in RFC5766. > > > > --- And in addition It breaks the version -07 consensus text regarding > (D)TLS usage in this situation, by introducing “MUST” for (D)TLS usage > under 9: > > ...and therefore MUST NOT be used for privacy sensitive communication. > > ...but MUST NOT fall back without explicit administrator choice. > > ...but MUST NOT fall back without explicit administrator choice. > > and my question how the “explicit administrator choice” is supposed to > happen in an enterprise environment or at an internet café is not answered. > > > > [TR] Explicit administrator choice means the user is notified about the > failure and fallback happens only after consent from the user (i.e. the > user needs to know that fallback happens to a less secure mechanism). > > [Karl] I suggest “administrator” is then changed to “user” so it is not > interpreted as the network administrator, in a version -13 of the draft. > > > > [TR2] Sure, I can update draft. > > [Karl2] But please notice, that this only clarifies the draft, it is > still a nuisance for a user and a general webRTC browser (that will be > used under such conditions) and that was not what Brandon or anyone else > asked for. Recommending the STUN dummy authentication instead, resolves > the (D)TLS break of consensus of the version -07 text, including the > performance concerns raised by Pal-Erik and others, as well as other > objections. > > > > - I don’t think Brandon or anyone asked for such impossibilities (which > again seem to be created to make this specification unusable for its > purpose). > > > > Please note that to my knowledge, (D)TLS usage is not mandated for any > usage of TURN servers anywhere, and (again) this draft – that should > specify DISCOVERY – cannot MANDATE USAGE. None of the discovery methods > do (and cannot) use (D)TLS (that discussion is for USAGE, AFTER the > DISCOVERY). > > > > [TR2] Other drafts do not mandate (D)TLS because RFC5766 mandates STUN > authentication, this draft updates RFC5766 by saying STUN authentication > is not mandatory hence it is mandating (D)TLS. > > [Karl2] Yes, we agree. It is only this draft, version -10 to -12 draft > that suggests to mandate usage of (D)TLS (Please free us from that) > > > > [TR] No, (D)TLS is only mandated if the network infrastructure cannot > defend against the attacks discussed in RFC5766. > > [Karl] That is already clear in the -12 version. My comment remains (In > addition to being wrong, I meant it is also strange (and unnecessary, > considering that dummy authentication can achieve it better) if this > DISCOVERY draft would mandates (D)TLS for TURN server usage in a certain > situation, when no other draft mandates (D)TLS for usage of TURN servers.) > > > > [TR2] I don’t agree with your comments and don’t plan to make any > changes to (D)TLS related text in the draft unless I hear otherwise from > other WG members and chairs. > > > > [Karl] While producing the above suggested -13 of the draft, I also > suggest you also include all the redlining I proposed (and no one has > objected against) and I think we will have a draft that can be accepted > to become an RFC. > > > > [TR2] I reject your all your other proposed changes including anycast, > don’t see any merit in your arguments > > [Karl2] … and ignoring Brandon’s: > >> It is true that you have provided a justification for the change. > >> My point is that the small set of people… > > As responded to: > >>> [Karl Justification is in the (A), (B), (C) and (D) of > >>> https://www.ietf.org/mail-archive/web/tram/current/msg02254.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02254.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=6wGc9_uIIPqbsHUbmZTBpKSjwodRuQSnNsTmPnRd33Q&e=> > > >>> where saying Binding instead Allocate, is necessary to achieve (A) and (B), and improves (C) and (D). > > > > and will let the WG chairs decide how to proceed with the draft. > > > > [Karl2] Well, we need a specification that is defined and fulfill its > purpose and thus can be made an RFC. > > Can you specify what and explain why any of the red lined suggestions to > the version -12 text would go against this (or is there nothing)? > > (As a guidance to those you ask for “decide how to proceed with the draft.”) > > > > /Karl > > > > -Tiru > > > > Thanks, > > Karl > > > > -Tiru > > > > The read lined -12 version is cleared from these and other flaws or > mistakes. > > > > We should focus on whether the red lined version is anything but > improvements and adds no drawbacks over version -12 of the draft. > > > > /Karl > > > > PS: Regarding the non working anycast method, **since I highlighted in > August 8, 2016, all from the Author’s at the WG list is**: > > October 18, 2016 (from Prashanth to me and others during the discuss): > We intend to add the following to explain server behavior a little better: > > “A TURN anycast server performs checks 1 to 7 discussed in Section 6.2 > of RFC5766. If all checks pass, the TURN anycast server MUST respond > with a 300 (Try Alternate) error as described in [RFC5766];” > > November 15, 2016 (to something from Brandon): Agreed. -Tiru > > November 18, 2016 (to something from Brandon): +1, don't see a need for > alternate mechanism. -Tiru > > December 22, 2016 Hi Karl, I don’t understand why the mechanism where > TURN server has both anycast and unicast address for re-direction won’t > work ? Cheers, -Tiru > > Now February 7, 8, 2016 See below > > > > > > *Från:*Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com] > *Skickat:* den 8 februari 2017 09:51 > *Till:* Karl Stahl; 'Simon Perreault'; 'Spencer Dawkins at IETF' > *Kopia:* tram@ietf.org <mailto:tram@ietf.org> > *Ämne:* RE: [tram] Chime in on attched redlined version-12 WAS: I-D > Action: draft-ietf-tram-turn-server-discovery-12.txt > > > > Hi Karl, > > > > We have gone over the same points over and over again and I don’t see a > need to document the discussion b/w you and Simon, they are only > operational considerations and have no impact on the protocol. > > > > Secondly, there is no consensus on your proposed new anycast mechanism > and WG members have opposed your new anycast mechanism. > > > > Regarding (D)TLS, the draft is updated in 12 version to say that (D)TLS > is not mandatory to use if the network infrastructure can defend against > the attacks discussed in RFC5766. This update addresses comments > received from Brandon. > > > > -Tiru > > > > *From:*Karl Stahl [mailto:karl.stahl@ingate.com] > *Sent:* Wednesday, February 8, 2017 12:28 PM > *To:* Tirumaleswar Reddy (tireddy) <tireddy@cisco.com > <mailto:tireddy@cisco.com>>; 'Simon Perreault' <sperreault@jive.com > <mailto:sperreault@jive.com>>; 'Spencer Dawkins at IETF' > <spencerdawkins.ietf@gmail.com <mailto:spencerdawkins.ietf@gmail.com>> > *Cc:* tram@ietf.org <mailto:tram@ietf.org> > *Subject:* SV: [tram] Chime in on attched redlined version-12 WAS: I-D > Action: draft-ietf-tram-turn-server-discovery-12.txt > > > > 1) The A)+B) method (that Simon and I discussed) is not specified in the > draft -12 text and further referencing: > > [Tiru below]> "https://tools.ietf.org/html/rfc7094#section-3.4 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7094-23section-2D3.4&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=LEhCEnJWTs-58S-OzhGCxFlWFoO_AZ4jL2d87B7k3xQ&e=> > also discusses similar mechanism" does not help: > > - It rather states issues coming from not knowing whether a server > reached by anycast addressing, actually is at a unicast address or > really is deployed at a anycast address (which I believe is rare). > > > > 2) Further, there are no deployment considerations for the A)+B) method > in the –12 draft (compare the redlined version) > > It does not even discuss or list RFC7478 (Web Real-Time Communication > Use Cases and Requirements) that it is supposed to meet, but which the > A)+B) method is in conflict with. > > https://www.ietf.org/mail-archive/web/tram/current/msg02314.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02314.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=JUvi1vp2Im171VnwziFnhFyKRHdWeOyx5urNi9JOG9w&e=> > and https://www.ietf.org/mail-archive/web/tram/current/msg02254.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02254.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=6wGc9_uIIPqbsHUbmZTBpKSjwodRuQSnNsTmPnRd33Q&e=>. > > > > > > > 3) And if the (more complex) A)+B) method would be properly defined and > described in some future revision, then remains (from > https://www.ietf.org/mail-archive/web/tram/current/msg02254.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02254.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=6wGc9_uIIPqbsHUbmZTBpKSjwodRuQSnNsTmPnRd33Q&e=>): > > “(trying to) exemplify/clarify the high level (important) points why we > > need/want anycast discovery by saying Binding instead of Allocate. These > > points are: > > > > (A) We need an anycast discovery method for auto-discovering "a TURN server" > > (not some special TURN server or arrangement of TURN servers "invented" for > > being discoverable by a certain method) > > > > (B) We need an anycast discovery method for a TURN server that is > > setup/installed/configured for its USAGE (which is relaying traffic) - not > > requiring a special network configuration just for being discoverable. (And > > more widely, it must be the goal of this specification to provide at least > > one discovery method that works for ALL network types and configurations, > > where a network provided TURN server may be useful - I see only anycast > > using Binding for querying *the TURN server's* unicast address fulfilling > > this.) > > > > (C) Robust (tolerant) deployment is highly preferable. > > > > (D) Ease of deployment is highly preferable. > > > > Saying Binding instead Allocate, is necessary to achieve (A) and (B), and > > improves (C) and (D).” > > > > 4) The (D)TLS text in version -12 does not have consensus either. > > https://www.ietf.org/mail-archive/web/tram/current/msg02296.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02296.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=3U7eSkgvs4w6NXK3vLX4Dlc7ZAwSIBMZ3bMsJDzqlkc&e=> > and > > https://www.ietf.org/mail-archive/web/tram/current/msg02297.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02297.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=i7d7dLfsouxgahM92augLVbvLcurGOxKgbJ6qnzCIZw&e=> > > > Against my red lined (D)TLS changes, I have heard no objections (just as > with the red lined anycast method). > > > > /Karl > > > > > > -----Ursprungligt meddelande----- > Från: Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com] > Skickat: den 7 februari 2017 12:02 > Till: Karl Stahl; 'Simon Perreault'; 'Spencer Dawkins at IETF' > Kopia: tram@ietf.org <mailto:tram@ietf.org> > Ämne: RE: [tram] Chime in on attched redlined version-12 WAS: I-D > Action: draft-ietf-tram-turn-server-discovery-12.txt > > > >> -----Original Message----- > >> From: tram [mailto:tram-bounces@ietf.org] On Behalf Of Karl Stahl > >> Sent: Tuesday, February 7, 2017 4:02 PM > >> To: Tirumaleswar Reddy (tireddy) <tireddy@cisco.com <mailto:tireddy@cisco.com>>; 'Simon Perreault' > >> <sperreault@jive.com <mailto:sperreault@jive.com>>; 'Spencer Dawkins at IETF' > >> <spencerdawkins.ietf@gmail.com <mailto:spencerdawkins.ietf@gmail.com>> > >> Cc: tram@ietf.org <mailto:tram@ietf.org> > >> Subject: Re: [tram] Chime in on attched redlined version-12 WAS: I-D Action: > >> draft-ietf-tram-turn-server-discovery-12.txt > >> > >> Tiru, > >> > >> That does not make the version -12 text in the draft any clearer about what > >> the draft's anycast method actually is. I am asking you the same question as I > >> asked Simon before (and only he answered): > > > > I agree with the responses Simon has already provided to all the below > questions. Further, I also don't see the need to discuss the below > questions in the draft because they are only operational considerations > (and have no impact on the actual protocol). > > > > -Tiru > > > >> > >> Does the draft assume: > >> > >> (A) a TURN server listening to TWO IP addresses (that are at different > >> subnets) that can respond error 300 or make an allocation, distinguished by > >> whether the request was received on its anycast address or its unicast > >> address, OR > >> > >> (B) we really have TWO TURN servers to play with (the one at the anycast > >> address being configured to respond with the error 300, OR > >> > >> (C) the FIRST Allocate is responded to with error 300 and SUBSEQUENT > >> Allocates actually are making TURN allocations. > >> > >> > >> We cannot have an RFC, not even being clear about the method specified. > >> > >> /Karl > >> > >> > >> -----Ursprungligt meddelande----- > >> Från: Tirumaleswar Reddy (tireddy) [mailto:tireddy@cisco.com] > >> Skickat: den 7 februari 2017 07:18 > >> Till: Simon Perreault; Karl Stahl; 'Spencer Dawkins at IETF' > >> Kopia: tram@ietf.org <mailto:tram@ietf.org> > >> Ämne: RE: [tram] Chime in on attched redlined version-12 WAS: I-D Action: > >> draft-ietf-tram-turn-server-discovery-12.txt > >> > >> > -----Original Message----- > >> > From: Simon Perreault [mailto:sperreault@jive.com] > >> > Sent: Friday, February 3, 2017 7:13 PM > >> > To: Karl Stahl <karl.stahl@ingate.com <mailto:karl.stahl@ingate.com>>; 'Spencer Dawkins > at IETF' > >> > <spencerdawkins.ietf@gmail.com <mailto:spencerdawkins.ietf@gmail.com>> > >> > Cc: tram@ietf.org <mailto:tram@ietf.org>; Tirumaleswar Reddy (tireddy) > <tireddy@cisco.com <mailto:tireddy@cisco.com>> > >> > Subject: Re: [tram] Chime in on attched redlined version-12 WAS: I-D > >> Action: > >> > draft-ietf-tram-turn-server-discovery-12.txt > >> > > >> > Karl, > >> > > >> > There is no consensus in the working group behind this new anycast > >> > mechanism. Therefore it can not be added to the draft, and the > >> > mechanism defined in RFC 5766 remains. > >> > >> Yup, https://tools.ietf.org/html/rfc7094#section-3.4 > <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_rfc7094-23section-2D3.4&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=LEhCEnJWTs-58S-OzhGCxFlWFoO_AZ4jL2d87B7k3xQ&e=> > also discusses similar > >> mechanism. > >> I don't see the need for a new anycast mechanism. > >> > >> -Tiru > >> > >> > > >> > Thanks, > >> > Simon > >> > > >> > Le 2017-02-02 à 18:23, Karl Stahl a écrit : > >> > > The -12 version of the draft does not include major remedies of > >> > > flaws that were un-addressed long before the DISCUSS, nor the latest > >> > > regarding the possible use of (D)TLS for auto discovered turn > >> > > servers provided the local or access network administrator, see > >> > > > >> > > https://www.ietf.org/mail-archive/web/tram/current/msg02216.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02216.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=OR288fay15EdJ063J_GCuNOt-SScDC5CylZsleLjXbU&e=> > >> > > > >> > > > >> > > > >> > > For the latest discussed, see > >> > > > >> > > > >> > > > >> > > https://www.ietf.org/mail-archive/web/tram/current/msg02279.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02279.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=B9ST_TVehqEC-PVjUMsDQsxLBNgTStctSmVvmqi39zo&e=> > >> > > > >> > >>> However, I think we need agreement on the justification for such a > >> > > > >> > >> change. > >> > > > >> > >> [Karl] Justification is in the (A), (B), (C) and (D) of > >> > > > >> > >> https://www.ietf.org/mail-archive/web/tram/current/msg02254.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02254.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=6wGc9_uIIPqbsHUbmZTBpKSjwodRuQSnNsTmPnRd33Q&e=> > >> > > > >> > >> where saying Binding instead Allocate, is necessary to achieve (A) > >> > >> and > >> > > (B), and improves (C) and (D). > >> > > > >> > > > >> > > > >> > > Brandon> It is true that you have provided a justification for the > >> change. > >> > > > >> > > > >> > > > >> > > https://www.ietf.org/mail-archive/web/tram/current/msg02296.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02296.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=3U7eSkgvs4w6NXK3vLX4Dlc7ZAwSIBMZ3bMsJDzqlkc&e=> > >> > > > >> > > The (D)TLS mandating was Author's idea to throw into version -10 > >> > > during the discuss and remains in this version -11, breaking the > >> > > consensus text since version -7. > >> > > > >> > > > >> > > > >> > > https://www.ietf.org/mail-archive/web/tram/current/msg02297.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02297.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=i7d7dLfsouxgahM92augLVbvLcurGOxKgbJ6qnzCIZw&e=> > >> > > > >> > > STUN dummy authentication instead of (D)TLS as suggested by Oleg > >> > > Moskalenko > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > I have inserted my (now edited and adopted to the latest) redlining, > >> > > removal of blue options etc. into the -12 draft text as attached, > >> > > for the author to copy from and paste. > >> > > > >> > > > >> > > > >> > > Without my red lining, current version -12 is in conflict with > >> > > RFC7478 (Web Real-Time Communication Use Cases and Requirements) > >> > > and does > >> > not > >> > > meet the need of [I-D.ietf-rtcweb-return] (Recursively Encapsulated > >> > > TURN) (see under redlined 7.2) > >> > > > >> > > and it does not do what was set out in the Charter and "Milestone 3: > >> > > TURN server auto-discovery mechanism for enterprise and ISPs" > >> > > > >> > > > >> > > > >> > > Further, the authors have in version -12 (compared to from before > >> > > DISCUSS) changed the text " 6. Discovery using Anycast " to: > >> > > > >> > > https://tools.ietf.org/rfcdiff?url1=draft-ietf-tram-turn-server-disc > <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_rfcdiff-3Furl1-3Ddraft-2Dietf-2Dtram-2Dturn-2Dserver-2Ddisc&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=AMYCMt0k9_YCuab2JldMPgDJsb5neZZkNIlStXCjJGQ&e=> > >> > > ov ery-09.txt&url2=draft-ietf-tram-turn-server-discovery-12.txt > >> > > > >> > > "IP anycast can also be used for TURN service discovery. A packet > >> > > > >> > > sent to an anycast address is delivered to the "topologically > >> > > > >> > > nearest" network interface with the anycast address. Using the > >> > > TURN > >> > > > >> > > anycast address, the only two things that need to be deployed in > >> > > the > >> > > > >> > > network for discovery are the two things that actually use TURN. > >> > > > >> > > > >> > > > >> > > When a client requires TURN services, it sends a TURN allocate > >> > > > >> > > request to the assigned anycast address. A TURN anycast server > >> > > > >> > > performs checks 1 to 7 discussed in Section 6.2 of [RFC5766]. If > >> > > all > >> > > > >> > > checks pass, the TURN anycast server MUST respond with a 300 (Try > >> > > > >> > > Alternate) error as described in Section 2.9 of [RFC5766]; The > >> > > > >> > > response contains the TURN unicast address in the > >> > > ALTERNATE-SERVER > >> > > > >> > > attribute. For subsequent communication with the TURN server, > >> > > the > >> > > > >> > > client uses the responding server's unicast address. This has to > >> > > be > >> > > > >> > > done because two packets addressed to an anycast address may > >> > > reach > >> > > > >> > > two different anycast servers. The client, thus, also needs to > >> > > > >> > > ensure that the initial request fits in a single packet. An > >> > > > >> > > implementation may choose to send out every new TURN Allocation > >> > > > >> > > request to the anycast address to discover the closest and the > >> > > most > >> > > > >> > > optimal unicast address for the TURN server." > >> > > > >> > > > >> > > > >> > > The highlighted "A TURN anycast server" isnothing known nor > >> > > described (in fact there would have to be TWO TURN servers, one > >> > > deployed at the anycast address and another TURN server deployed at > >> > > the unicast address, reacting differently to the Allocation request) > >> > > for this to work as clarified in WG discussions with Simon). > >> > > > >> > > > >> > > > >> > > The last sentence "An implementation may choose to send out every > >> > > new TURN Allocation request to the anycast address to discover the > >> > > closest and the most optimal unicast address for the TURN server." > >> > > violates security and deployment considerations (see red lined > >> > > considerations in attached). > >> > > > >> > > > >> > > > >> > > Further, the authors have in version -12 (compared to from before > >> > > DISCUSS) changed the text "7.2. Recursively Encapsulated TURN " to: > >> > > > >> > > https://tools.ietf.org/rfcdiff?url1=draft-ietf-tram-turn-server-disc > <https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_rfcdiff-3Furl1-3Ddraft-2Dietf-2Dtram-2Dturn-2Dserver-2Ddisc&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=AMYCMt0k9_YCuab2JldMPgDJsb5neZZkNIlStXCjJGQ&e=> > >> > > ov ery-09.txt&url2=draft-ietf-tram-turn-server-discovery-12.txt > >> > > > >> > > "WebRTC endpoints SHOULD treat any TURN server discovered through > >> > the > >> > > > >> > > mechanisms described in this specification as an > >> > > enterprise/gateway > >> > > > >> > > or access network server, in accordance with Recursively > >> > > Encapsulated > >> > > > >> > > TURN [I-D.ietf-rtcweb-return]." > >> > > > >> > > > >> > > > >> > > The text is a contradiction, since the return draft deals with TURN > >> > > servers provided by the local or access network, not other TURN > >> > > servers discovered by this draft. > >> > > > >> > > > >> > > > >> > > *Current -12 draft cannot be considered to be an RFC!* > >> > > > >> > > > >> > > > >> > > I suggest the redline version of draft -12 attached is chimed into > >> > > now and quickly merged into a version -13, so we can avoid the > >> > > "Conflict Resolution and Appeals"process hinted about in > >> > > > >> > > https://www.ietf.org/mail-archive/web/tram/current/msg02202.html > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mail-2Darchive_web_tram_current_msg02202.html&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=d3MIEALshSLyuVc0Tp0U_RBYISTdX2sF-YW4oVWzUk4&e=>, > >> > > further delaying what is needed for Internet real-time communication > >> > > and especially for WebRTC. > >> > > > >> > > > >> > > > >> > > /Karl > >> > > > >> > > > >> > > > >> > > *Från:*tram [mailto:tram-bounces@ietf.org] *För *Spencer Dawkins at > >> > > IETF > >> > > *Skickat:* den 1 februari 2017 22:12 > >> > > *Till:* Simon Perreault > >> > > *Kopia:* tram@ietf.org <mailto:tram@ietf.org> <mailto:tram@ietf.org>; > Tirumaleswar Reddy > >> > > (tireddy) > >> > > *Ämne:* Re: [tram] I-D Action: > >> > > draft-ietf-tram-turn-server-discovery-12.txt > >> > > > >> > > > >> > > > >> > > Hi, Simon, > >> > > > >> > > > >> > > > >> > > On Thu, Feb 2, 2017 at 6:00 AM, Simon Perreault <sperreault@jive.com > >> > > <mailto:sperreault@jive.com>> wrote: > >> > > > >> > > Le 2017-02-01 à 15:37, Spencer Dawkins at IETF a écrit : > >> > >> Dear TRAMsters, > >> > >> > >> > >> On Fri, Jan 13, 2017 at 12:59 PM, Tirumaleswar Reddy (tireddy) > >> > >> <tireddy@cisco.com > >> > >> <mailto:tireddy@cisco.com><mailto:tireddy@cisco.com > >> > > <mailto:tireddy@cisco.com>>> wrote: > >> > >> > >> > >> This revision addresses comments from Brandon. > >> > >> > >> > >> -Tiru > >> > >> > >> > >> > >> > >> How close are we to asking Terry to clear the (last remaining) DISCUSS? > >> > > > >> > > Thanks for the reminder. > >> > > > >> > > If my co-chair and the authors have no objection, I think we're ready. > >> > > > >> > > > >> > > > >> > > I'll give this 24 hours for people to chime in, but I do want to > >> > > ping Terry. > >> > > > >> > > > >> > > > >> > > It's a little-appreciated thing, but AD ballot positions go away > >> > > when ADs go away; this document has 12 yes/no objections now, and > >> > > you need > >> > > 10 for approval, and three are from ADs who are stepping down in > >> > > March > >> > > ;-) > >> > > > >> > > > >> > > > >> > > Spencer > >> > > > >> > > > >> > > > >> > > _______________________________________________ > >> > > tram mailing list > >> > > tram@ietf.org <mailto:tram@ietf.org> > >> > > https://www.ietf.org/mailman/listinfo/tram > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tram&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=vmtm5H-2Ler_5PEKhheo-ob_Eiz6enqyiOnHkAKZjxQ&e=> > >> > > > >> > > >> > > >> > -- > >> > Simon Perreault > >> > Director of Engineering, Platform | Jive Communications, Inc. > >> > https://jive.com > <https://urldefense.proofpoint.com/v2/url?u=https-3A__jive.com&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=6xMRYWWn81v-P_m3BZY8GMOvpo0ygL0wYykEsxKd66Q&e=> > | +1 418 478 0989 ext. 1241 | sperreault@jive.com > <mailto:sperreault@jive.com> > >> > >> _______________________________________________ > >> tram mailing list > >> tram@ietf.org <mailto:tram@ietf.org> > >> https://www.ietf.org/mailman/listinfo/tram > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tram&d=DwMFAw&c=96ZbZZcaMF4w0F4jpN6LZg&r=bwZ-nnRGWmcGKRIuadq6-NSnsgwbBVUJa4mZfmEIBXg&m=sqEvIjW-bn_4s0Ne4f7nTfFUk9gw5o1Ut0vfDR2W-L4&s=vmtm5H-2Ler_5PEKhheo-ob_Eiz6enqyiOnHkAKZjxQ&e=> > > > > _______________________________________________ > tram mailing list > tram@ietf.org > https://www.ietf.org/mailman/listinfo/tram > -- Brandon Williams; Chief Architect Cloud Networking; Akamai Technologies Inc.
- [tram] I-D Action: draft-ietf-tram-turn-server-di… internet-drafts
- Re: [tram] I-D Action: draft-ietf-tram-turn-serve… Tirumaleswar Reddy (tireddy)
- Re: [tram] I-D Action: draft-ietf-tram-turn-serve… Spencer Dawkins at IETF
- Re: [tram] I-D Action: draft-ietf-tram-turn-serve… Simon Perreault
- Re: [tram] I-D Action: draft-ietf-tram-turn-serve… Spencer Dawkins at IETF
- Re: [tram] I-D Action: draft-ietf-tram-turn-serve… Tirumaleswar Reddy (tireddy)
- [tram] Chime in on attched redlined version-12 WA… Karl Stahl
- Re: [tram] Chime in on attched redlined version-1… Simon Perreault
- Re: [tram] Chime in on attched redlined version-1… Karl Stahl
- Re: [tram] Chime in on attched redlined version-1… Tirumaleswar Reddy (tireddy)
- Re: [tram] Chime in on attched redlined version-1… Karl Stahl
- Re: [tram] Chime in on attched redlined version-1… Tirumaleswar Reddy (tireddy)
- Re: [tram] Chime in on attched redlined version-1… Karl Stahl
- Re: [tram] Chime in on attched redlined version-1… Tirumaleswar Reddy (tireddy)
- Re: [tram] Chime in on attched redlined version-1… Karl Stahl
- Re: [tram] Chime in on attched redlined version-1… Tirumaleswar Reddy (tireddy)
- Re: [tram] Chime in on attched redlined version-1… Karl Stahl
- Re: [tram] Chime in on attched redlined version-1… Tirumaleswar Reddy (tireddy)
- Re: [tram] Chime in on attched redlined version-1… Karl Stahl
- Re: [tram] I-D Action: draft-ietf-tram-turn-serve… Brandon Williams
- Re: [tram] Chime in on attched redlined version-1… Brandon Williams
- Re: [tram] Chime in on attched redlined version-1… Brandon Williams
- Re: [tram] Chime in on attched redlined version-1… Brandon Williams
- Re: [tram] Chime in on attched redlined version-1… Brandon Williams
- Re: [tram] Chime in on attched redlined version-1… Brandon Williams
- Re: [tram] Chime in on attched redlined version-1… Karl Stahl
- Re: [tram] Chime in on attched redlined version-1… Karl Stahl
- Re: [tram] Chime in on attched redlined version-1… Karl Stahl