Re: [tram] signature based 3rd party scheme
Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 30 April 2015 13:21 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 011B11A8F3C for <tram@ietfa.amsl.com>; Thu, 30 Apr 2015 06:21:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Level:
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n9F14EW5juTf for <tram@ietfa.amsl.com>; Thu, 30 Apr 2015 06:21:48 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E37E11A8930 for <tram@ietf.org>; Thu, 30 Apr 2015 06:21:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 6DF38BE53; Thu, 30 Apr 2015 14:21:46 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d2R5KO7tgvXL; Thu, 30 Apr 2015 14:21:45 +0100 (IST)
Received: from [10.87.48.73] (unknown [86.46.18.22]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 16872BE51; Thu, 30 Apr 2015 14:21:45 +0100 (IST)
Message-ID: <55422C68.8010505@cs.tcd.ie>
Date: Thu, 30 Apr 2015 14:21:44 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>, "tram@ietf.org" <tram@ietf.org>
References: <913383AAA69FF945B8F946018B75898A47821E90@xmb-rcd-x10.cisco.com> <55409F56.3090003@cs.tcd.ie> <913383AAA69FF945B8F946018B75898A47822B94@xmb-rcd-x10.cisco.com>
In-Reply-To: <913383AAA69FF945B8F946018B75898A47822B94@xmb-rcd-x10.cisco.com>
OpenPGP: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/Uw5jEOQYjRh41E1U-mAVTN4xOfk>
Subject: Re: [tram] signature based 3rd party scheme
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Apr 2015 13:21:51 -0000
On 30/04/15 14:14, Tirumaleswar Reddy (tireddy) wrote: > TURN server and AS could be in the same administrative domain and > pre-arrangement is simple in this case. The other deployment scenario > is WebRTC service provider has tie-up with TURN service provider to > use its service; pre-arrangement helps accounting I don't see that that is necessarily true. It depends on who is accounting for what to whom. > and in future > support for token introspection > https://tools.ietf.org/html/draft-ietf-oauth-introspection-08. (There > is no WG consensus yet if token introspection is required) > >>> >>> So what you consider a downside may actually be another advantage >>> of a signature based scheme - if you need to worry about attacks >>> on the STUN protocol, then you can choose how you handle that >>> "locally" (between the browser and TURN server, e.g. using DTLS >>> as you suggest) and not have to depend on the establishment of >>> yet another Web PKI equivalent. > Yes and in this scenario WebRTC server must force the client to pick > DTLS. Again, that depends. If the TURN server is run by an enterprise then it might just be fine with allowing calls setup by any WebRTC server that can be held accountable or could use a white or block list of WebRTC servers. S.
- [tram] signature based 3rd party scheme Stephen Farrell
- Re: [tram] signature based 3rd party scheme Tirumaleswar Reddy (tireddy)
- Re: [tram] signature based 3rd party scheme Stephen Farrell
- Re: [tram] signature based 3rd party scheme Tirumaleswar Reddy (tireddy)
- Re: [tram] signature based 3rd party scheme Stephen Farrell
- Re: [tram] signature based 3rd party scheme Tirumaleswar Reddy (tireddy)
- Re: [tram] signature based 3rd party scheme Stephen Farrell
- Re: [tram] signature based 3rd party scheme Tirumaleswar Reddy (tireddy)
- Re: [tram] signature based 3rd party scheme Stephen Farrell
- Re: [tram] signature based 3rd party scheme Tirumaleswar Reddy (tireddy)
- Re: [tram] signature based 3rd party scheme Brandon Williams