Re: [tram] I-D Action: draft-petithuguenin-tram-turn-dtls-00.txt

Alan Johnston <alan.b.johnston@gmail.com> Fri, 31 January 2014 22:22 UTC

Return-Path: <alan.b.johnston@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 023C51A0574 for <tram@ietfa.amsl.com>; Fri, 31 Jan 2014 14:22:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sdApUW8SBrFN for <tram@ietfa.amsl.com>; Fri, 31 Jan 2014 14:22:16 -0800 (PST)
Received: from mail-pb0-x22f.google.com (mail-pb0-x22f.google.com [IPv6:2607:f8b0:400e:c01::22f]) by ietfa.amsl.com (Postfix) with ESMTP id D16CC1A04E8 for <tram@ietf.org>; Fri, 31 Jan 2014 14:22:16 -0800 (PST)
Received: by mail-pb0-f47.google.com with SMTP id rp16so4934508pbb.34 for <tram@ietf.org>; Fri, 31 Jan 2014 14:22:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=LTMlx6rGTYqKBkEYehNlzH1lkmTd4ANDYhUtrdhsCoo=; b=S6RaaVs2Zxx71Iykh6pMfrcxzQuiPfSW1Jj/6BmM9BUGoQxKuH/zeCSESKIZvaEaK2 XMuNHQDFtsgjBKFe+0eP6xyhQ0ACr40V7zY5IpzjO7bkYX7fJJYPg8PdPPsm8sv22jwS EliLBcG23jnlhvdUmu5Zbtm6uG887cdbyVH9kxPGPfWnu5gzWWyn5jyZ7umWkeJuZx6t rkJZM87HPxYRtsPViMR2vDvVzVkNKw68I2XzQ5a+/w1FBH4osV+C9zEdG4W25UYa2SWp qVbKX/2cL2G9ITZm0/JbVlxNHo65O/aSbaAEMpKfhucbH8fgMQ/L7xQE/6GNDWPYCiIS yUBg==
MIME-Version: 1.0
X-Received: by 10.66.156.137 with SMTP id we9mr23521917pab.30.1391206933249; Fri, 31 Jan 2014 14:22:13 -0800 (PST)
Received: by 10.68.168.132 with HTTP; Fri, 31 Jan 2014 14:22:13 -0800 (PST)
In-Reply-To: <3610CA6C-3EAB-4418-AA3C-53BB0F80ABD6@cisco.com>
References: <20140131150054.2907.33844.idtracker@ietfa.amsl.com> <3610CA6C-3EAB-4418-AA3C-53BB0F80ABD6@cisco.com>
Date: Fri, 31 Jan 2014 16:22:13 -0600
Message-ID: <CAKhHsXE7mOqxwR6j3ndzHBeL2NNL_bMUZ1o_5UCJuWH9kJ1xmg@mail.gmail.com>
From: Alan Johnston <alan.b.johnston@gmail.com>
To: "Gonzalo Salgueiro (gsalguei)" <gsalguei@cisco.com>
Content-Type: multipart/alternative; boundary="047d7b5d8cc710c15e04f14b9b93"
Cc: "tram@ietf.org" <tram@ietf.org>
Subject: Re: [tram] I-D Action: draft-petithuguenin-tram-turn-dtls-00.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Jan 2014 22:22:20 -0000

Marc & Gonzalo,

This draft looks good - no major issues.  Here's a few comments for things
to consider.

Section 1 explains why we don't want to use TURN over TLS.  Might be good
to say why we want to use TURN over DTLS.  Such as: confidentiality between
TURN client and server which can protect against the limitations of the
long term auth method, and privacy for TURN attributes.

Also, this draft talks exclusively about TURN over DTLS.  What about STUN
over DTLS?  I was thinking about DTLS for STUN for gathering reflexive
candidates for setting up a data channel-only Peer Connection.  Having DTLS
between the STUN client and server could  provide confidentiality for STUN
attributes.  Does this make sense?  if not, are we sure there are no other
STUN use cases?

In the last paragraph of Section 3 mentions the application name of "udp".
 I think this correct as it refers to the SRV RR syntax, but I wanted to be
sure this was correct and not a typo.

Section 7 could use some text describing the security benefits of TURN over
DTLS to help motivate why we all want this extension.

- Alan -


On Fri, Jan 31, 2014 at 9:32 AM, Gonzalo Salgueiro (gsalguei) <
gsalguei@cisco.com> wrote:

> Folks -
>
> As mentioned during the authoring of the charter, we have published a
> draft to satisfy the milestone for "DTLS transport for TURN".
>
> Feedback/comments much appreciated.  If time permits we will try and
> publish an -01 prior to the draft deadline.
>
> Thanks,
>
> Gonzalo
>
>
>
>
> On Jan 31, 2014, at 10:00 AM, internet-drafts@ietf.org wrote:
>
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> >
> >
> >        Title           : Datagram Transport Layer Security (DTLS) as
> Transport for Traversal Using Relays around NAT (TURN)
> >        Authors         : Marc Petit-Huguenin
> >                          Gonzalo Salgueiro
> >       Filename        : draft-petithuguenin-tram-turn-dtls-00.txt
> >       Pages           : 9
> >       Date            : 2014-01-31
> >
> > Abstract:
> >   This document specifies the usage of Datagram Transport Layer
> >   Security (DTLS) [RFC6347] as a transport protocol between a Traversal
> >   Using Relays around NAT (TURN) [RFC5766] client and a TURN server.
> >   It also specifies modifications to the TURN URIs [RFC7065] and to the
> >   TURN resolution mechanism [RFC5928] to facilitate the resolution of
> >   TURN URIs into the IP address and port of TURN servers supporting
> >   DTLS as a transport protocol.
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-petithuguenin-tram-turn-dtls/
> >
> > There's also a htmlized version available at:
> > http://tools.ietf.org/html/draft-petithuguenin-tram-turn-dtls-00
> >
> >
> > Please note that it may take a couple of minutes from the time of
> submission
> > until the htmlized version and diff are available at tools.ietf.org.
> >
> > Internet-Drafts are also available by anonymous FTP at:
> > ftp://ftp.ietf.org/internet-drafts/
> >
> > _______________________________________________
> > I-D-Announce mailing list
> > I-D-Announce@ietf.org
> > https://www.ietf.org/mailman/listinfo/i-d-announce
> > Internet-Draft directories: http://www.ietf.org/shadow.html
> > or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
>
> _______________________________________________
> tram mailing list
> tram@ietf.org
> https://www.ietf.org/mailman/listinfo/tram
>