Re: [tram] Path Forward for STUN ORIGIN - how to match
Alan Johnston <alan.b.johnston@gmail.com> Thu, 27 August 2015 19:06 UTC
Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC66B1B302A for <tram@ietfa.amsl.com>; Thu, 27 Aug 2015 12:06:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aReNxW40rhJC for <tram@ietfa.amsl.com>; Thu, 27 Aug 2015 12:06:08 -0700 (PDT)
Received: from mail-io0-x22e.google.com (mail-io0-x22e.google.com [IPv6:2607:f8b0:4001:c06::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48E061B301F for <tram@ietf.org>; Thu, 27 Aug 2015 12:06:08 -0700 (PDT)
Received: by iodt126 with SMTP id t126so68743162iod.2 for <tram@ietf.org>; Thu, 27 Aug 2015 12:06:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=gWMB3Y+pEAkLJL67afW/93O3fKLpNbpyADu3WOpkbCE=; b=BImvO3rABN0kri5i/tLiGlkGLEwBlrMkM4aG3fdnXhf/ZQVoo0E7t7DmI9MPXsPoY3 okAqegGZwE9y7FiAJAFKw3Z8oyikMdyYT41Yt9W7FwXefKBck7urkCpsMKKsWCf2Qu4I UfMBetuNtudbJPbxec1+oliAEaEIsaGXljDchOO89eIcZSdRryibU8vjSrjSHVAU2jyR Cij6C/d+T+7Vs+c5VO4R+Jl8rB6f8Qrf+HfERDumgW3bHCjswGHJ+RPD5i0VRv0ez+w7 6NeKswzv4IkAIJcLNbnBFCZC6qIIvPXadfP8I3zWOQMleqlW+PgDsT23w6b0qo0gBdM2 8ong==
MIME-Version: 1.0
X-Received: by 10.107.128.83 with SMTP id b80mr11165576iod.84.1440702367680; Thu, 27 Aug 2015 12:06:07 -0700 (PDT)
Received: by 10.79.32.86 with HTTP; Thu, 27 Aug 2015 12:06:07 -0700 (PDT)
In-Reply-To: <CABkgnnXEadJATa5ciwev+WUCz=AZtniMLG41F_MP+xivzmODzw@mail.gmail.com>
References: <CAKhHsXGwB1vovKQYaGnoZ1MuzREbDA8cTp4sCePNc6=saKN5BA@mail.gmail.com> <042FB94E-E3B7-431C-9EC7-D9DF7406756E@iii.ca> <CABkgnnXEadJATa5ciwev+WUCz=AZtniMLG41F_MP+xivzmODzw@mail.gmail.com>
Date: Thu, 27 Aug 2015 14:06:07 -0500
Message-ID: <CAKhHsXHhkA5FFv1cWRtK3QL8k76tsfskvcC_kh9+BvvvC54QMA@mail.gmail.com>
From: Alan Johnston <alan.b.johnston@gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="001a113de4a8da4f89051e4fa88d"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/UdCyDRDIDPPowBCTCuK0KggymPY>
Cc: "tram@ietf.org" <tram@ietf.org>, Cullen Jennings <fluffy@iii.ca>
Subject: Re: [tram] Path Forward for STUN ORIGIN - how to match
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Aug 2015 19:06:09 -0000
Cullen, You are completely right - we need to match on hostname, ignoring port and scheme. So C is the right approach for this proposal. - Alan - On Thu, Aug 27, 2015 at 1:54 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 27 August 2015 at 06:49, Cullen Jennings <fluffy@iii.ca> wrote: > > I could live with A,B, or C, but I think that C provides the best > privacy, is the easiest to understand, and meets the requirements so I > favor a match rule where we match the whole host found in the TURN or STUN > URI to the host part of the HTTP ORIGIN. I don't care about matching if the > origin is secure or not or ports. > > > If this is the path chosen, I agree that C is best. (We don't match > certificates on port numbers, so I see no point in greater granularity > here either). >
- [tram] Path Forward for STUN ORIGIN Alan Johnston
- Re: [tram] Path Forward for STUN ORIGIN Martin Thomson
- Re: [tram] Path Forward for STUN ORIGIN Alan Johnston
- Re: [tram] Path Forward for STUN ORIGIN Alan Johnston
- Re: [tram] Path Forward for STUN ORIGIN Martin Thomson
- Re: [tram] Path Forward for STUN ORIGIN Tirumaleswar Reddy (tireddy)
- Re: [tram] Path Forward for STUN ORIGIN - refer p… Cullen Jennings
- Re: [tram] Path Forward for STUN ORIGIN - analysis Cullen Jennings
- Re: [tram] Path Forward for STUN ORIGIN - how to … Cullen Jennings
- Re: [tram] Path Forward for STUN ORIGIN - refer p… Martin Thomson
- Re: [tram] Path Forward for STUN ORIGIN - how to … Martin Thomson
- Re: [tram] Path Forward for STUN ORIGIN - how to … Alan Johnston
- Re: [tram] Path Forward for STUN ORIGIN Justin Uberti
- [tram] Oauth vs Origin [Was: Path Forward for STU… Justin Uberti
- Re: [tram] Oauth vs Origin [Was: Path Forward for… Brandon Williams
- Re: [tram] Oauth vs Origin [Was: Path Forward for… Oleg Moskalenko
- Re: [tram] Oauth vs Origin [Was: Path Forward for… Tirumaleswar Reddy (tireddy)
- Re: [tram] Oauth vs Origin [Was: Path Forward for… Brandon Williams