IETF Logo Mail Archive

Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS and COMMENT)

Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com> Thu, 23 April 2015 13:32 UTC

Return-Path: <spencerdawkins.ietf@gmail.com>
X-Original-To: tram@ietfa.amsl.com
Delivered-To: tram@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CAB41ACD44; Thu, 23 Apr 2015 06:32:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FpDSJAatsmCL; Thu, 23 Apr 2015 06:32:47 -0700 (PDT)
Received: from mail-la0-x233.google.com (mail-la0-x233.google.com [IPv6:2a00:1450:4010:c03::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 224641AC42C; Thu, 23 Apr 2015 06:32:47 -0700 (PDT)
Received: by layy10 with SMTP id y10so12752133lay.0; Thu, 23 Apr 2015 06:32:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=T2JAE4yDCmK9jjdh3fPyo7PuI+Tu+HOkXHXQkMwlS4g=; b=xQeAm3+s83fje4QcREcVqTzTN8r3csXXJ472H40BxR11viKE6tWf1kUyuzbi4VNqP/ /iP18n9HN7LOMNG96DnVtAgTgM4oU+kcSrvjHUQ3gE/T1zk/sAeR+cqPOydTJAvTl8Ig 0r7AljLhYdoKN2/Hbm9nVZ310wI96sSRJWghPxe+6qkRAuyEjSUsN3PKXX41uOixUpbt ABW/Yn9oGrOjKqF4OX+htVj4pD6n+C6kNey1m2HSNpgF3ERjpz7Klpw9JWlgJR7Jleqx 16SsLqbiik5F0MTzjmO7NGssJXBqxP+GCekpzGghgzv9sTBYz87ZJ1C8AxGLIfyB+9gY 4tdQ==
MIME-Version: 1.0
X-Received: by 10.152.184.72 with SMTP id es8mr2529471lac.77.1429795965668; Thu, 23 Apr 2015 06:32:45 -0700 (PDT)
Received: by 10.152.129.3 with HTTP; Thu, 23 Apr 2015 06:32:45 -0700 (PDT)
In-Reply-To: <20150421153635.27696.5302.idtracker@ietfa.amsl.com>
References: <20150421153635.27696.5302.idtracker@ietfa.amsl.com>
Date: Thu, 23 Apr 2015 08:32:45 -0500
Message-ID: <CAKKJt-cxC3hBi_TyQ2-Z3vL-fp1F5LsEio=iRhmx8R8WVP7xXQ@mail.gmail.com>
From: Spencer Dawkins at IETF <spencerdawkins.ietf@gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="001a1135e50ea293f2051464505a"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tram/byIHa7xRBkb4ClNbUItTPVM9xd4>
Cc: "tram-chairs@ietf.org" <tram-chairs@ietf.org>, "tram@ietf.org" <tram@ietf.org>, draft-ietf-tram-stun-origin.shepherd@ietf.org, draft-ietf-tram-stun-origin.ad@ietf.org, Simon Perreault <sperreault@jive.com>, The IESG <iesg@ietf.org>, draft-ietf-tram-stun-origin@ietf.org
Subject: Re: [tram] Stephen Farrell's Discuss on draft-ietf-tram-stun-origin-05: (with DISCUSS and COMMENT)
X-BeenThere: tram@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Discussing the creation of a Turn Revised And Modernized \(TRAM\) WG, which goal is to consolidate the various initiatives to update TURN and STUN." <tram.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tram>, <mailto:tram-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tram/>
List-Post: <mailto:tram@ietf.org>
List-Help: <mailto:tram-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tram>, <mailto:tram-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Apr 2015 13:32:50 -0000

Dear Tramsters,

On Tue, Apr 21, 2015 at 10:36 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie
> wrote:

> Stephen Farrell has entered the following ballot position for
> draft-ietf-tram-stun-origin-05: Discuss


I saw an excellent exchange with Barry on his Discuss for this draft, but
haven't seen a response to Stephen's yet. Did I miss it?

If the answer is "as Stephen said, it IS a high-level Discuss, and we need
to confer before responding", that's fine, or really any other answer could
be fine - I just didn't want the draft to get stalled ...

Thanks!

Spencer


> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> http://datatracker.ietf.org/doc/draft-ietf-tram-stun-origin/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
>
> "Analytics" here together with the MUST include
> statements could amount to a fancy way to
> describe monetizing people's WebRTC calls in ways
> that the end user will just not expect. I'd like
> to check that we're not doing that, as it'd
> arguably run counter to e.g. RFC7258 or to the
> general trend towards data minimisation. And
> making privacy worse, even by a little, seems
> worse than making it better. (Note: I am here
> asking about the STUN/TURN server being perhaps
> unnecessarily told the origin, not the risk that
> someone sees that in-transit, which is handled in
> the draft already.)
>
> I do agree that the TURN 401-like challenge
> use-case is perhaps needed, but I do not see that
> other use cases need to see the origin for them
> to work at all.  And I'm not sure that such a
> spoofable origin is so useful for that TURN case,
> esp. when there's parallel work on an
> authenticated equivalent. (I mean the tram 3rd
> party thing.) I also don't see that that is
> needed for network management reasons - surely
> everything needed for network managment is no
> more nor less visible to the STUN or TURN servers
> when this is used vs. when this is not used.
>
> So why are we pushing for this?  If it is really
> only for so-called "analytics" then is that ok?
> (And where can I find a definition of what that
> means?)
>
> Apologies if this discuss seems somewhat high
> level, but as well as the general concern, the
> last paragraph of the current tram charter seems
> to me to me to say that tram ought not make
> privacy worse. But maybe I'm missing the
> networking function that needs this - if so, I'm
> sure someone will point that out.
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
>
>
> - intro, para 2: STUN only defines two auth modes
> that I can see, and you only mention two here -
> what's the 3rd one you mean? (Is it DTLS?)
>
> - What if >1 TURN session with different origins
> is being setup from same client/browser? Does
> that work? (Say two parallel calls, not the case
> where the same resource is being accessed at the
> same time loaded from different referring web
> pages.)
>
> - I'd suggest to not allow >1 ORIGIN in a STUN
> request? But that discussion seems to be in-hand.
>
> - section 2: suggest providng similar examples
> for all schemes, http(s),sip & xmpp.
>
> - 2.1 & 2.2: MUST include web origin - couldn't
> there be "private browsing" scenarios where that
> MUST would be a problem? I'm not suggesting that
> the origin exposes very much but I think a SHOULD
> would be more appropriate.
>
> - 2.1 last para: source here means the webrtc
> server right? That's a bit ambiguous and would be
> better clarified.
>
> - What is the benefit of sending an empty origin
> as opposed to no origin attribute? I don't see
> any and the former just advertises that the
> client is "privacy sensitive" which seems
> incongruous.
>
>
>

v2.23.0 | Report a Bug | By Email