IETF Logo Mail Archive

Re: [tram] Chime in on attched redlined version-12 WAS: I-D Action: draft-ietf-tram-turn-server-discovery-12.txt

Karl Stahl <karl.stahl@ingate.com> Mon, 06 February 2017 10:10 UTC

Return-Path: <karl@ingate.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B023C129CD0 for <tram@ietfa.amsl.com>; Mon, 6 Feb 2017 02:10:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MSGID_MULTIPLE_AT=1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=-1, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ingate.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9tp6MyIxvVPv for <tram@ietfa.amsl.com>; Mon, 6 Feb 2017 02:10:29 -0800 (PST)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on0077.outbound.protection.outlook.com [104.47.1.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30A52129CCB for <tram@ietf.org>; Mon, 6 Feb 2017 02:10:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ingate.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=uU+qjSYddZuEOcCH1eWQxpqNnrucsUiXI2zYKV7C9AY=; b=EaKyNswV5IHziuJU0TRqh4qB1fA1LtEf1nyQmgZAIwbghoOkLEnF6TBvihn6Ymeg4o5eRE++DzNliQsp4/0VmDgKKctGKNYfpzUqo5J5xr1eBhg/DZ7Hh43rJCXEDgVdSIZ1GlrmuhPtdpi006W/PNMULcYe68gbUbutwMYs/IE=
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=karl@ingate.com;
Received: from Kallei7 (90.227.80.227) by AM4PR01MB1825.eurprd01.prod.exchangelabs.com (10.167.85.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.888.16; Mon, 6 Feb 2017 10:10:22 +0000
From: Karl Stahl <karl.stahl@ingate.com>
To: 'Simon Perreault' <sperreault@jive.com>, 'Spencer Dawkins at IETF' <spencerdawkins.ietf@gmail.com>, tram@ietf.org
References: <148427986357.3020.7793783112924549744.idtracker@ietfa.amsl.com> <a4aaffdefb794fb0a1b96f0252b862a9@XCH-RCD-017.cisco.com> <CAKKJt-fUzJJS9SXvbG2=T7PDz6nvHnhBqvHRtm-41BoGJsJC6Q@mail.gmail.com> <b139c913-a052-9397-c5df-7cd7c884cf71@jive.com> <CAKKJt-eh8ZZ=5J0KoY9zUpOhj=r9+ATSOk_hEF=G7qTt78_4-Q@mail.gmail.com> <5893bf99.0699370a.55c1f.0964SMTPIN_ADDED_BROKEN@mx.google.com> <bfd3ab0f-dbd5-2f95-1830-fc869a29d7c6@jive.com>
In-Reply-To: <bfd3ab0f-dbd5-2f95-1830-fc869a29d7c6@jive.com>
Date: Mon, 06 Feb 2017 11:10:19 +0100
Message-ID: <018401d28061$3a85dc80$af919580$@stahl>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0185_01D28069.9C4A4480"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AdJ+I2FjFNOJrt0iQ+uGtind2oQnuQBlT63Q
Content-Language: sv
X-Originating-IP: [90.227.80.227]
X-ClientProxiedBy: HE1PR02CA0069.eurprd02.prod.outlook.com (10.163.170.37) To AM4PR01MB1825.eurprd01.prod.exchangelabs.com (10.167.85.23)
X-MS-Office365-Filtering-Correlation-Id: 6c8d4837-9e48-4d25-ecda-08d44e785d49
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:AM4PR01MB1825;
X-Microsoft-Exchange-Diagnostics: 1; AM4PR01MB1825; 3:DZyqUqcr9YRd1MEnEJQUWQwSrmAfeA/0bcGgzDRMIFQ7zNv9PifPvyU8xmDWr7p5fT4x5YapHWQUDAL0MQgn1BI4prmcsr0LJQmLFfwVaIIJDdnq4WcT34sJIT6VZXnvtnC7CzobDNHW7qbpmA1kL+ciMxaAeGKFaF9zBfYBH+pDQ81s4WzK9In8i2TyEuMO3ta6G1EkbEIuzGfA5iHRTVYB1eoNDouOni8/ErMCDShYM9dnbE4t7xIdSBAdep53c7OxI8QTBN5ehQ45l9gS0Q==; 25:k4Y9uROeyNng983/riwPOuUKNAn6HVHYuqAwQt6COykzKrZ0cfBVHGMN+6Fy9n8H6s1TZ0ne8Ba4fmHL5nh8cXlArN/+tAoE+vMfZa5Ii5MxkyRieZwfEkfSUv0toefovs2NBUg8ysGa9Xi3kQbn1Y0tgRnG6Yr8og7E8ZFicCtp1GTczcrV7/jXRqUxiuTDEOTUBDIRzlWFghd4ltzSzguS9wyxDG/90uLTZN+cWhQeARFqeKPRaq685c0luRG2R/zI87XpDg2w1tuM/Wp2O+nsaSBlgMCI0bowEmhD/bhtki9nr8TiNd8Z9jTakUBU8gMxspu4IiLFnRoJnlAGdqhOYiWQvfmQsvTkYqBK95LcjMjDFL+ARKRF01v4hDr2mXrdFWzcIIMyHT7rqJfy5uuSn67Q75T2ft3GAaXzBJKgKObUhB6BrmGtyyybjaG+qHQdT85I4VPB/8qUWf9/Dw==
X-Microsoft-Exchange-Diagnostics: 1; AM4PR01MB1825; 31:m1nsjCRGu+9qx+9e7U9OJFikk68H7ts/GiWrnqsoPQrYfL8tKf5BkA3O8EiFGPP4FHrk9gHUX4KaipzpzIo3mEydVV/QXEoWnKLpnkp/Sw2lINoFC4lVrQuXM8dZFehWzkYCGLkTPkSC4hWI0wqf73myMyw6YT06hvZ5piYLrv6e/5HdWu6otdD+MILIItf2KwKeTuKiO30+qBN0QiyUPifLGJYJww/xvVlSYIoPjCp+bxp53+2F9G4Zg4m4XrtjGHKLYbgRHG3jZ8PUsmWQ2Xm77m5x7XSzvu+2vu/UUOMW7BoaPJktO9XEjpewKtCJ
X-Microsoft-Antispam-PRVS: <AM4PR01MB1825CDF66FDDA5C2677D51FDB1400@AM4PR01MB1825.eurprd01.prod.exchangelabs.com>
X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(120809045254105)(192374486261705)(100405760836317)(95692535739014)(21748063052155);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(20170203043)(3002001)(10201501046)(6041248)(20161123562025)(20161123564025)(20161123558025)(20161123555025)(20161123560025)(6072148); SRVR:AM4PR01MB1825; BCL:0; PCL:0; RULEID:; SRVR:AM4PR01MB1825;
X-Microsoft-Exchange-Diagnostics: 1; AM4PR01MB1825; 4:zdVlIe6b+8gWjo6gT06ucIH3zacBYAumbTH6+zF/BNX3aroFlEUI7FELYInA7MM9eFhSALuFlcaKHuQHS/hC/OFgIPcAUEU8GdKdjciE6Q0hAucteKW9NLTvWCVk601uXnTFUl3kceo0JI8XuvDhJduHLCj6chO6QjO13bz4wlSyWzwvADawtTdvZBhuEy9B3qwDx4d8cbDwrlLsNI6S42E2sMDjC2Yd/Sg8eND29mWGV21mu0/kId1O+YULD+GMzlToT7foOikTkJsKI4TIWrv1kXvY/nzCTUtAbwZxk4KXHZMiSFXBpsGvO1KHpbz4txv83o+ccqbO2WF1t9vPbAPLNaEia8dZbx2vnesWJ0NFlxe6N0lBVyyeXmJRHattjV0gwZR7bKvXENJMs32ZC5TfeESr+d8U2oiluvwrjFCko+pWdEsvKPVwBmHfFuBdKl3E0jR0QY/dlm9k6rt3g+VDvCosVyPJRiKK5JqVJwd9bC7Qqq2UDfxt/tQ+h0hPWUuTZJiYLYmxUwpOBs++kAZu+yqkSq/3igoAWgEsqPvtUw+yJ0kizR9B+iWvHJvYdWYr4REu5vUFGHlp9bxg20HqDVArpo6+Cx+KvoM+ZnjGkekM016sD75ZRJz6Vz3a0ZfhJ8jz04cQ/p8yyCDX+Ycg4Q7tRq7ive1MfieayirZYyH8ZSfGUJnVYCgRhWED3KcLoHU8Xf/TRMV3YPw/dWKVtr/2/9k6rLZ8+x8P06XGD4WQOqNio5CTaL5pyFVl+vVDvRAEFKqLJw3z5Di75V/PzyzcR7ESBynL5GjKS/wN04VxCduRaaQ8HzZ0AUsXkucSJxd7yrZbB8j7GXHT4iIx5RQZ52xKL5yTX/gUil0=
X-Forefront-PRVS: 0210479ED8
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(4630300001)(7916002)(39450400003)(38534002)(377424004)(189002)(377454003)(24454002)(51914003)(199003)(61296003)(105586002)(81156014)(50226002)(50986999)(44736005)(8676002)(81166006)(106356001)(2906002)(4326007)(5001770100001)(5660300001)(39060400001)(38730400001)(76176999)(84116002)(101416001)(84326002)(7906003)(7736002)(7826002)(14726001)(18717965001)(6486002)(68736007)(36756003)(33646002)(5890100001)(61793004)(236005)(25786008)(606005)(9686003)(512934002)(42186005)(66066001)(230783001)(93886004)(96836002)(790700001)(6666003)(53946003)(92566002)(189998001)(97736004)(2950100002)(6116002)(3846002)(54896002)(102836003)(6496005)(53936002)(1420700001)(6306002)(71636004)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR01MB1825; H:Kallei7; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: ingate.com does not designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 1; AM4PR01MB1825; 23:zMOeWtbAgWBRygOpdNs1p1fGxnRV3g+1Tfb8S/kFDnnC67lcKimC1CwlQrnMFga+/8QAeIvtY5exlACecafYhhTsbyXw9GX1vvv7wf1k0k6vbT0f+ses+vGoqvvStVpOKdU1Eos3dSN6rokZ+6Ql/lfTrLOEo4Xwv9d4bwFMuAO2pvpmZo3e9aSyU4rTlGTAYhF8ux68WZmeYkzsq4/N8XcqoiS+ftfRF8CZ6lT+rHCjmx07ma5vE+7uN3WhToEZCSXe0GR8cLi3eL814zmUYy74WHm+wi8LPd9ITGeq7cDI8UKNqOcfxHCtSC6+C+/KMR7KetaiLsgNiGXDmoadHpVrVovfuemBC2h3ExESe312d5gO76hYCGAbI2OnG6w62/N89oaffQvwmhR9vwvtkKffPjmWGZ2xSZVNOMOSVYYHyixlKDoqMION1gw/3lVCaAwKI8+tDBgd6lt0VUuT5FJd7WaqJHj0VXkt4xf0qcmI48uD/fdg8ZwqmAUtAkGLRBG4L5lI7Zi41txRF60xuf03pRrskB73rSI2nRtFwotggtkUDrxNixntSLSCgbpzJ3sVf5yQSleZgdWkI9NrOMIb2w9UGTlMiFlGFnEG4oJCqFvFgYwciwbp+cxhhLDAvMdelxP/MrF1ary+R31URdmtW2Co0oh79bR5sLrCkjMiT7YYYPr0KDp+YmylzrdyTa7FLSaRc78tXlPhilgnqEWTHxaN+ga5V3YNHop2p9PCUjYWac7anr2bBIVezwd6DVtyxDPFGiQbq6P+LUXkw1gZg9wmDmhpF+ugjtxWAgPs3XTkyAcr7t18iiEDbgHNNAC2yRaJ9f07IPz9HJ6uR7Mwdo6TK4fQAmaL1DTVsjOqXFT343S/NicKFKLCbrpNt6lUwPbbeGpyOT4yeEBdu7k5vc86eMFnqZVDAljdIOTuIWNfhw09a1mJUXxYONHxkTj6pU3jtrFxHwFxoJNq1h1t96YgJFGckejItt42WkSAJe5sBLHB52LvV/QQC2q/YmM+VFL8SGWPCYpHrHL15LEASQnZT9J/svVoMRditwWRvuzdfzL5rFCw9vX7Q3K9xLczPszrRAIREjs4EBpeJ0HMpsp/4tbbvT7FSP0gdHzWRlRJULHAkY/od4s3kEwrUdgaoEwBBXQmLnLCkPojipEH6XvRRSF2ZmMxllm5nb9Qrnbf/otriScB6GOTE2ewC+MTsDJR02veCLJVeZZjb4ODQwyCugyMVHbvtcUTn4QLP/wJKLwme10DXXRX2eU4exfoTTANgQvKQvpx+emA1hC7/LVbCZjhibtm67ld+8z8eXYyp+uft3FeMvtpEZoUTONGB44ZiO9uF7RltuC/k2ns3hyCl6yQLcJ02mDfFV7TlNAwTGJu0ke4Z2gtJgXafA0kau3N3XLJHyQ5O6CysNQ+Ghv0tw1Tc+LBiH7oyCzl4tgeXhjgUhXLus3cEXHIknW2uQ6+NE3Ow/qZ1De2x49Xh+qz5ysmMfRlCBER3I6tdXcute6RmygD14RzV/ZayuRpS2Ox9hqtGO8cSSN5u3MKMp7oOqnM0nUIgVgFOV4=
X-Microsoft-Exchange-Diagnostics: 1; AM4PR01MB1825; 6:TihM2may6UANDeCIzN57jEcEypWhb10tDxcDjm7Gzy9CJrpnVUWs8GgNzFSow/f6IRXMwUAxLQot+nlzGZwaZxISSPX3F/d5f9G6UJVMkpDj9tjOdl6a7wyqFXqAvtBKRXmvmNXgUWOh698kLT4v0YFPP27NTw3nfvpoGgWVsI2r2+RSU3KcbUWX/bY7n4AhE1ULF1mXBO69VArQOO6IV/DdDwIEqKj+RLcwVe7PKq60hOnJqxPJnWbSrveNi8Cd+sZgtUjzqO2SKhyfwoxCU9j1VWORst0uzLJUl058pV5AvsgHRl9vW2tLT3BVyVDDMnD5p16mmNQs+Sb4P2puvKw6J5LWWvSHCPlYi7Vrgna0E5NA/MwYu77D7eip/Otr5ZVeTqr6yVzRHktMnx6bGw==; 5:S6TT5X3YiHCxj+nrGeSgvt+zAG9Ze+eWQ9lHHpyK2W7MdSMCFvl5uA362fiN8T8gZISJLgRpm2oTPB+g0EQt2INTERUFuBUc6QOtjkTDXSFmoLetswAe/R5sQvaTWYwM5SRFdpQudPGxd/MIt5GNYsIFhk3lXryHM0oaxpPFJrs=; 24:aDC+VGVSPWI4TyU4SsFTinSYeOzU4yHOUlmWCjRufmOb+iZxg8y+W6pjKvOGU3IaeED3RxdRPzL7O65aAG+m+B9W91DxD09BEEtQS5ZPZ9g=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; AM4PR01MB1825; 7:VzC0biOpvxZwjvu0aQaX6v7aVFTlTgk5FRAiy45MMnCKm8yY2VBuT6VIwkeutmJvJHf/yx/71Lfo9m7cSKJ7AiNRGXhVuQgAmy76mFcNVliU4fkf9P0Jy8r+MgT0YwISiUrB0jUOTzdI/AsgI4mJ6QCSkBm5n9WmXB6jA9t6Chf7H/ZUTKlYN77EchJZZVg2ycs74QW6hw0aFjZuEk4Z6kZPtDr4riWd1cxR8+MOE7vSBBcPJx65pvYTZ9wpbU+IK6gCTYsaUNunCG6XTWfn0OD+iM1odg39fZrujWgLDc0Niv5bEYZWVgk6fuvCxJF7Lb08D01KIvUCL4p+0DoPQYKuuyjVAvNwCWfHRniu6P12lD8fdnFDhIQ7uHpRNx5tTVk3N7a7XJyrag8vGjvJUCchWEPwdjqg2kEI9loRfmS3osrn0TwQuPGyLRJwZ8L7Qpg6HGGX3NN/jwMDN70ycRgtmjoZGkGRnZnTeaRlhhh1ZBsCBvHo9uxn9Jlf04uAkDVshYaSRV9cR1WjYB0QjA==
X-OriginatorOrg: ingate.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Feb 2017 10:10:22.8275 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR01MB1825
Archived-At: <https://mailarchive.ietf.org/arch/msg/tram/aAyQBcpY5oOb8F8aKyotd2o9Syo>
Cc: "'Tirumaleswar Reddy (tireddy)'" <tireddy@cisco.com>
Subject: Re: [tram] Chime in on attched redlined version-12 WAS: I-D Action: draft-ietf-tram-turn-server-discovery-12.txt
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Feb 2017 10:10:33 -0000

Simon,

 

There is no consensus yet whatsoever regarding any anycast mechanism, but we
have a chance getting consensus of a working anycast mechanism, that works
for all cases, which no one has disputed as working and that is technically
superior. 

 

Further, it does not exist such "mechanism defined in RFC 5766" and what is
in current version -12 text is still undefined and interpreted radically
different by participating WG individuals.

 

Only Tiru, during the DISCUSS, after version -10 (
<https://www.ietf.org/mail-archive/web/tram/current/msg02219.html>
https://www.ietf.org/mail-archive/web/tram/current/msg02219.html) 

referenced  <https://tools.ietf.org/html/rfc5766#section-2.9>
https://tools.ietf.org/html/rfc5766#section-2.9, which says:

"This version of TURN has been designed to *permit the future specification
of a method* of doing anycast discovery of a TURN server over UDP.

 

Previous to my redlined "say Binding instead of Allocate to
discover"-method, I questioned version -08 of the draft (before the DISCUSS)
(in August,
<https://www.ietf.org/mail-archive/web/tram/current/msg02081.html>
https://www.ietf.org/mail-archive/web/tram/current/msg02081.html) but that
was not responded to by the authors (only Branded responded, but from an
authentication point of view, as if the method meant a mixture of discovery
and usage, which was confusing). 

 

During the DISCUSS, in response to my request to fix, Prashanth only said:
We intend to add the following to explain server behavior a little better:

“A TURN anycast server performs checks 1 to 7 discussed in Section 6.2 of
RFC5766. If all checks pass, the TURN anycast server MUST respond with a 300
(Try Alternate) error as described in [RFC5766]”

[Karl] That must be an update of RFC5766. Or does “TURN anycast server”
imply that there ALSO is a “TURN unicast server” at the same interface
accepting the Allocate request?  

 

That was never responded to and in your discussion with me:

https://www.ietf.org/mail-archive/web/tram/current/msg02239.html 

[Karl]> (I think Brandon assumes a TURN server listening to TWO IP addresses
that

> can respond error 300 or make an allocation, distinguished by whether the

> request was received on its anycast address or its unicast address,

 

[Simon] Correct.

 

[Karl]> and I

> think Prashanth using the term "TURN anycast server" means we really have

> TWO TURN servers to play with,

 

[Simon] That would be an equally valid deployment scenario.

 

[Karl]> and I think others interpret the draft -10

> text as if the FIRST Allocate is responded to with error 300 and
SUBSEQUENT

> Allocates actually are making allocations.

 

[Simon] No, that would be wrong.

 

NOW, reverse engineering the current -12 text to understand what may be in
the author’s mind (which they strangely enough never have spelled out), it
is NOT the “TWO LAN IP TURN servers” but the “No, that would be
wrong.”-method that is intended, see these highlights in the -12 text!

IP anycast can also be used for TURN service discovery. A packet sent to an
anycast address is delivered to the "topologically nearest" network
interface [Karl: Nearest cannot be two] with the anycast address. Using the
TURN anycast address, the only two things that need to be deployed in the
network for discovery are the two things that actually use TURN.

When a client requires TURN services, it sends a TURN allocate request to
the assigned anycast address. A TURN anycast server performs checks 1 to 7
discussed in Section 6.2 of [RFC5766]
<https://tools.ietf.org/id/draft-ietf-tram-turn-server-discovery-12.html#RFC
5766> . If all checks pass, the TURN anycast server MUST respond with a 300
(Try Alternate) error as described in Section 2.9 of [RFC5766]
<https://tools.ietf.org/id/draft-ietf-tram-turn-server-discovery-12.html#RFC
5766> ; The response contains the TURN unicast address in the
ALTERNATE-SERVER attribute. For subsequent communication with the TURN
server, the client uses the responding server's unicast address. This has to
be done because two packets addressed to an anycast address may reach two
different anycast servers. The client, thus, also needs to ensure that the
initial request fits in a single packet. An implementation may choose to
send out every new TURN Allocation request to the anycast address to
discover the closest and the most optimal unicast address for the TURN
server.

I think other participants in the discussion, also interpret the -12 text as
the “that would be wrong”-variant, or even worse, a mixture of discovery and
usage authentication (where (D)TLS might come in
(https://www.ietf.org/mail-archive/web/tram/current/msg02297.html )). 

 

So, current version -12 meaning of text is probably not only “wrong”, but
does not work (in addition to being undefined). Version -12 can have no
consensus, nor can that be brought into an RFC.

 

 

In order to NOW ease to get consensus for a defined and working anycast
mechanism (my redlining of the -12 text), that works for all cases (which no
one has disputed), I have just made an IPR declaration “in Alan Johnston /
Avaya style (compare https://datatracker.ietf.org/ipr/2555)” where any party
can use the proposed anycast method (for which patent was provisionally
applied for October 21, 2013) free of royalty as long as not asserting a
patent right of its owns against us. My IPR Declaration related to this I-D
should appear in day (said when submitting).

 

/Karl

 

-----Ursprungligt meddelande-----
Från: Simon Perreault [mailto:sperreault@jive.com] 
Skickat: den 3 februari 2017 14:43
Till: Karl Stahl; 'Spencer Dawkins at IETF'
Kopia: tram@ietf.org; 'Tirumaleswar Reddy (tireddy)'
Ämne: Re: [tram] Chime in on attched redlined version-12 WAS: I-D Action:
draft-ietf-tram-turn-server-discovery-12.txt

 

Karl,

 

There is no consensus in the working group behind this new anycast

mechanism. Therefore it can not be added to the draft, and the mechanism

defined in RFC 5766 remains.

 

Thanks,

Simon

 

Le 2017-02-02 à 18:23, Karl Stahl a écrit :

> The -12 version of the draft does not include major remedies of flaws

> that were un-addressed long before the DISCUSS, nor the latest regarding

> the possible use of (D)TLS for auto discovered turn servers provided the

> local or access network administrator, see

> 

>  <https://www.ietf.org/mail-archive/web/tram/current/msg02216.html>
https://www.ietf.org/mail-archive/web/tram/current/msg02216.html

> 

>  

> 

> For the latest discussed, see

> 

>  

> 

>  <https://www.ietf.org/mail-archive/web/tram/current/msg02279.html>
https://www.ietf.org/mail-archive/web/tram/current/msg02279.html

> 

>>> However, I think we need agreement on the justification for such a

> 

>> change.

> 

>> [Karl] Justification is in the (A), (B), (C) and (D) of

> 

>>  <https://www.ietf.org/mail-archive/web/tram/current/msg02254.html>
https://www.ietf.org/mail-archive/web/tram/current/msg02254.html

> 

>> where saying Binding instead Allocate, is necessary to achieve (A) and

> (B), and improves (C) and (D).

> 

>  

> 

> Brandon> It is true that you have provided a justification for the change.

> 

>  

> 

>  <https://www.ietf.org/mail-archive/web/tram/current/msg02296.html>
https://www.ietf.org/mail-archive/web/tram/current/msg02296.html

> 

> The (D)TLS mandating was Author's idea to throw into version -10 during

> the discuss and remains in this version -11, breaking the consensus text

> since version -7.

> 

>  

> 

>  <https://www.ietf.org/mail-archive/web/tram/current/msg02297.html>
https://www.ietf.org/mail-archive/web/tram/current/msg02297.html

> 

> STUN dummy authentication instead of (D)TLS as suggested by Oleg
Moskalenko

> 

>  

> 

>  

> 

> I have inserted my (now edited and adopted to the latest) redlining,

> removal of blue options etc. into the -12 draft text as attached, for

> the author to copy from and paste.

> 

>  

> 

> Without my red lining, current version -12 is in conflict with RFC7478

> (Web Real-Time Communication Use Cases and Requirements)  and does not

> meet the need of [I-D.ietf-rtcweb-return] (Recursively Encapsulated

> TURN) (see under redlined 7.2)

> 

> and it does not do what was set out in the Charter and “Milestone 3:

> TURN server auto-discovery mechanism for enterprise and ISPs”

> 

>  

> 

> Further, the authors have in version -12 (compared to from before

> DISCUSS)  changed the text “  6.  Discovery using Anycast “ to:

> 

>
<https://tools.ietf.org/rfcdiff?url1=draft-ietf-tram-turn-server-discovery-0
9.txt&url2=draft-ietf-tram-turn-server-discovery-12.txt>
https://tools.ietf.org/rfcdiff?url1=draft-ietf-tram-turn-server-discovery-09
.txt&url2=draft-ietf-tram-turn-server-discovery-12.txt

> 

> “IP anycast can also be used for TURN service discovery.  A packet

> 

>    sent to an anycast address is delivered to the "topologically

> 

>    nearest" network interface with the anycast address.  Using the TURN

> 

>    anycast address, the only two things that need to be deployed in the

> 

>    network for discovery are the two things that actually use TURN.

> 

>  

> 

>    When a client requires TURN services, it sends a TURN allocate

> 

>    request to the assigned anycast address.  A TURN anycast server

> 

>    performs checks 1 to 7 discussed in Section 6.2 of [RFC5766].  If all

> 

>    checks pass, the TURN anycast server MUST respond with a 300 (Try

> 

>    Alternate) error as described in Section 2.9 of [RFC5766]; The

> 

>    response contains the TURN unicast address in the ALTERNATE-SERVER

> 

>    attribute.  For subsequent communication with the TURN server, the

> 

>    client uses the responding server's unicast address.  This has to be

> 

>    done because two packets addressed to an anycast address may reach

> 

>    two different anycast servers.  The client, thus, also needs to

> 

>    ensure that the initial request fits in a single packet.  An

> 

>    implementation may choose to send out every new TURN Allocation

> 

>    request to the anycast address to discover the closest and the most

> 

>    optimal unicast address for the TURN server.”

> 

>  

> 

> The highlighted “A TURN anycast server”  isnothing known nor described

> (in fact there would have to be TWO TURN servers, one deployed at the

> anycast address and another TURN server deployed at the unicast address,

> reacting differently to the Allocation request) for this to work as

> clarified in WG discussions with Simon).

> 

>  

> 

> The last sentence “An  implementation may choose to send out every new

> TURN Allocation request to the anycast address to discover the closest

> and the most optimal unicast address for the TURN server.” violates

> security and deployment considerations (see red lined considerations in

> attached).

> 

>  

> 

> Further, the authors have in version -12 (compared to from before

> DISCUSS)  changed the text “7.2.  Recursively Encapsulated TURN “ to:

> 

>
<https://tools.ietf.org/rfcdiff?url1=draft-ietf-tram-turn-server-discovery-0
9.txt&url2=draft-ietf-tram-turn-server-discovery-12.txt>
https://tools.ietf.org/rfcdiff?url1=draft-ietf-tram-turn-server-discovery-09
.txt&url2=draft-ietf-tram-turn-server-discovery-12.txt

> 

> “WebRTC endpoints SHOULD treat any TURN server discovered through the

> 

>    mechanisms described in this specification as an enterprise/gateway

> 

>    or access network server, in accordance with Recursively Encapsulated

> 

>    TURN [I-D.ietf-rtcweb-return].”

> 

>  

> 

> The text is a contradiction, since the return draft deals with TURN

> servers provided by the local or access network, not other TURN servers

> discovered by this draft.

> 

>  

> 

> *Current -12 draft cannot be considered to be an RFC!*

> 

>  

> 

> I suggest the redline version of draft -12 attached is chimed into now

> and quickly merged into a version -13, so we can avoid the "Conflict

> Resolution and Appeals"process hinted about in

> 

>  <https://www.ietf.org/mail-archive/web/tram/current/msg02202.html>
https://www.ietf.org/mail-archive/web/tram/current/msg02202.html,

> further delaying what is needed for Internet real-time communication and

> especially for WebRTC.

> 

>  

> 

> /Karl

> 

>  

> 

> *Från:*tram [ <mailto:tram-bounces@ietf.org> mailto:tram-bounces@ietf.org]
*För *Spencer Dawkins at IETF

> *Skickat:* den 1 februari 2017 22:12

> *Till:* Simon Perreault

> *Kopia:*  <mailto:tram@ietf.org> tram@ietf.org < <mailto:tram@ietf.org>
mailto:tram@ietf.org>; Tirumaleswar Reddy (tireddy)

> *Ämne:* Re: [tram] I-D Action:
draft-ietf-tram-turn-server-discovery-12.txt

> 

>  

> 

> Hi, Simon,

> 

>  

> 

> On Thu, Feb 2, 2017 at 6:00 AM, Simon Perreault <sperreault@jive.com

> < <mailto:sperreault@jive.com> mailto:sperreault@jive.com>> wrote:

> 

> Le 2017-02-01 à 15:37, Spencer Dawkins at IETF a écrit :

>> Dear TRAMsters,

>> 

>> On Fri, Jan 13, 2017 at 12:59 PM, Tirumaleswar Reddy (tireddy)

>> < <mailto:tireddy@cisco.com%20%3cmailto:tireddy@cisco.com>
tireddy@cisco.com <mailto:tireddy@cisco.com><mailto:tireddy@cisco.com

> < <mailto:tireddy@cisco.com> mailto:tireddy@cisco.com>>> wrote:

>> 

>>     This revision addresses comments from Brandon.

>> 

>>     -Tiru

>> 

>> 

>> How close are we to asking Terry to clear the (last remaining) DISCUSS?

> 

> Thanks for the reminder.

> 

> If my co-chair and the authors have no objection, I think we're ready.

> 

>  

> 

> I'll give this 24 hours for people to chime in, but I do want to ping

> Terry. 

> 

>  

> 

> It's a little-appreciated thing, but AD ballot positions go away when

> ADs go away; this document has 12 yes/no objections now, and you need 10

> for approval, and three are from ADs who are stepping down in March ;-)

> 

>  

> 

> Spencer 

> 

> 

> 

> _______________________________________________

> tram mailing list

>  <mailto:tram@ietf.org> tram@ietf.org

>  <https://www.ietf.org/mailman/listinfo/tram>
https://www.ietf.org/mailman/listinfo/tram

> 

 

 

-- 

Simon Perreault

Director of Engineering, Platform | Jive Communications, Inc.

 <https://jive.com> https://jive.com | +1 418 478 0989 ext. 1241 |
<mailto:sperreault@jive.com> sperreault@jive.com

v2.23.0 | Report a Bug | By Email